Cyber-risk: Today’s challenge

A look at the cyber-risk maturity curve

The new reality: Addressing cyber-risks

As digital platforms have become stalking grounds for ever more cunning cyber criminals, awareness of cyber risk has reached critical mass. Cybercrime and data privacy risks now have the potential to affect every aspect of a company’s operations, and that threat only becomes greater as industries expand their interface with the Internet of Things and other emergent technologies. In response, leading companies have begun to think more proactively and strategically about cyber risk. They understand that cybersecurity solutions can not only protect but also enable the enterprise: facilitating business growth, creating market advantages, and building brand trust.

To study organizations that excel at managing cyber risk and to determine how well our survey respondents are positioned for the new cybersecurity reality, we created a cyber risk management maturity curve. Our analysis shows that advanced cyber risk management maturity is an indicator of advanced risk management capabilities in other areas, with high-scoring companies reporting greater ability to manage strategic, operational, brand, regulatory, financial, and other key risks.

Across sectors, all of our survey respondents expect cyber risk to cause significantly more corporate disruption in the years ahead.

The data is clear: Companies with high cyber risk maturity have better risk cultures.

Cyber and privacy as top-growing risks

“While companies are feeling more confident in their capabilities, they remain on a purely defensive footing against cyber risk and have not adopted leading practices that can help grow their competitive edge vis-à-vis cybersecurity and the market.”

Grant WaterfallGlobal Cybersecurity and Privacy Assurance Leader, PwC
Where do you fall...

Four mature cyber risk management practices

Across sectors, all of our survey respondents expect cyber risk to cause significantly more corporate disruption in the years ahead. In the face of this new normal, companies with highly developed cyber risk management practices will enjoy a clear competitive advantage.

The highest-maturity respondents reported all four of the following practices:

  • The chief risk officer and chief information officer (CIO)/chief technology officer (CTO) are jointly responsible for overseeing cybersecurity and privacy risk.
  • Cybersecurity and privacy risk are managed by the CIO/CTO.
  • The CIO/CTO works with each individual business unit and function to safeguard data.
  • The company has a cross-functional cybersecurity/information risk committee.

Only 3% of our 1,581 respondents scored very high on the curve, while 6% scored high and 17% scored at the mid-level. Remarkably, two-thirds of respondents (66%) scored in the low maturity bracket (e.g., employing only one of these four maturity criteria) and 8% scored as having no cyber risk management maturity.

Higher cyber risk maturity. Stronger risk cultures

Improving a company’s cyber risk management maturity appears to have benefits beyond the obvious. Our analysis shows that such maturity is an indicator of advanced risk management capabilities in other areas, with high-scoring companies reporting greater ability to manage strategic, operational, brand, regulatory, financial, and other key risks. On every measure of risk culture, high-scoring companies dramatically outpace respondents overall.

Mirroring our Front Liners’ higher growth expectations, respondents that use all four mature cyber risk management practices show a 63% expectation of profit margin growth during the next two years versus 50% of other respondents. Companies scoring highest on the curve are also somewhat more likely to anticipate revenue growth (75% vs. 71%).

Contact us

Dean Simone
US, Asia-Pacific, and Americas Cluster Risk Assurance Leader
Tel: +1 (267) 330 2070
Email

Brian Schwartz
GRC Technology Enablement Leader, Financial Services Internal Audit, Compliance and Risk Management Solutions Leader
Tel: +1 (202) 729 1627
Email

Jason Pett
Internal Audit, Compliance & Risk Management Solutions Leader
Tel: +1 (410) 659 3380
Email

Todd Bialick
Trust and Transparency Solutions Leader
Tel: +1 (973) 236 4902
Email

Grant Waterfall
Global Cybersecurity and Privacy Assurance Leader
Tel: +1 (646) 471 7779
Email

Scott Greenfield
Advanced Risk and Compliance Analytics Solutions Leader
Tel: +1 (646) 471 5383
Email

Jim Woods
Global Risk Assurance Leader
Tel: (+852) 2289 2316
Email

Follow us