Cyber-ready — today and for tomorrow

Why cyber-ready now is not enough

A sense of cyber-urgency has seized the public and private sectors. Cyber threats jumped to CEOs’ number one concern in the US, and number two globally, according to our 24th Annual CEO Survey. These CEOs are putting their money where their worries are.

Companies are spending more on cybersecurity and privacy than ever before, as our US Digital Trust Insights (DTI) snapshot survey confirms. Our respondents — 322 CISOs and CIOs — told us in April that their organizations’ cyber investments have gone up this year by significant amounts. And they expect cyber and privacy spending to rise even higher in 2022.

Right after the survey closed, cybercriminals hacked into the IT systems of the biggest US gasoline pipeline company and the world's largest beef and poultry producer. The six-day precautionary pipeline shutdown triggered panic buying, gas price spikes and shortages in several states. The three-day halt in production at meatpacking plants is expected to lead to hikes in wholesale beef prices. Ransomware became a household term.

Businesses and other organizations are allocating resources in people, processes (governance) and technology — the three legs of the cyber-transformation stool. But are they putting their money in the right place?

Cybersecurity is getting its due: significant investments in tech, people, and governance and process
Invest in progress, not maintenance

Cybersecurity transformations are either lagging behind digitization or merely keeping pace at most (63%) of companies. Neither is good enough, not at a time when the hits are coming fast and hard and show no sign of stopping.

Given the unpredictable events of the last six months, your organization should stop fighting past battles. Instead, it needs to get the basics right to establish a foundation and position itself for agility to react to new and unexpected threats.

This is what it means to be cyber-ready

You can’t promise that your organization will not be breached, not when intrusions are happening by the thousands or millions every hour. But you should be able to say that, one, you’ve secured the infrastructure your organization’s sustainable growth depends on and that, two, when the inevitable breach happens, your stakeholders can trust your organization to respond quickly and protect their interests.

To be able to realize that commitment, working on pace with other business transformations isn’t good enough. Ask yourself: Where is the industry headed? Where would your business need to compete in the future? Where might new technologies lead? Ensure that you have an answer to these questions that your security organization is prepared for those future scenarios.

The good news is that we’re seeing more enterprises taking critical steps than ever before. How will yours use its resources to be cyber-ready for what comes next?

Key findings and takeaways

About the survey

This US Digital Trust Insights Snapshot is a poll of 322 security and technology executives (CISOs, CIOs and similar titles) of US-based companies in April 2021. Sixty-nine percent of respondents are executives in companies with $1 billion and above in revenues, and 9% are in companies with $10 billion or more in revenues. Respondents come from a range of industries: Industrial manufacturing and automotive (23%), tech, media, telecom (19%), financial services (15%), consumer markets (15%), health (14%) and energy, utilities and mining (13%). PwC Research, PwC’s global Centre of Excellence for market research and insight, conducted this survey.

Contact us

Sean Joyce

Sean Joyce

Global Cybersecurity & Privacy Leader, PwC US; Cyber, Risk & Regulatory Leader, PwC US

Joseph Nocera

Joseph Nocera

Cyber, Risk and Regulatory Marketing Lead Partner, PwC US

Follow us