Security, tech, privacy and risk execs reveal current state of trust in third-party and data management
The results clearly indicate that change is afoot. More than half (53%) strongly agree that innovation by corporations, rather than regulation, will be more effective in strengthening stakeholder trust, and that higher customer trust is demonstrably associated with higher revenues and profitability (52%). Nearly half (48%) strongly agree that in their industry a leader is emerging in innovations that strengthen customer trust, and 49% told us they’ve made significant shifts in the last 12 months in the way they operate to improve stakeholder trust.
With a significant majority of the executives actively focused on stakeholder trust, many are investing in multiple measures (at least four of them, on average). The top two focus areas for trust building are related to cybersecurity—cloud security (64%) and data protection and privacy (63%)—followed by corporate responsibility to society and environment (58%) and responsible development and use of technology (55%).
These executives face hard, even profound, strategic decisions touching on core issues such as balancing customer privacy with monetization of their data, moving with speed and agility while embedding security and privacy, flexibility in supply chains while managing third-party risks. Between 53% and 60% of executives say that their organizations have fully addressed these tensions—that is, they have crafted strategies and processes to address them. But with technology ever advancing and the business environment ever changing, leaders may have to revisit these time and again.
They may even create new solutions that achieve the balance between apparently conflicting choices. A company that chooses privacy as its primary value can build thriving business models around it. A company that honors consumers’ right to opt into sharing their data might be more successful in reaching more consumers and earning their loyalty. An organization that takes the time to invest in supply chain security by design may encounter fewer operational disruptions down the road.
The business of building trust is all-encompassing: It is equally a leadership challenge and a design problem. It thus requires a two-pronged approach—both cultural and operational—and it requires buy-in from everyone.
The role of the CEO is to frame the choices among apparent trade-offs, to set a strategy that reflects the company’s values and to imbue the culture with the spirit that animates their chosen direction—all with board confidence and oversight. They ask the question: which are genuine paradoxes that invite healthy tensions, and which are false tradeoffs? They lead imaginative thinking on new ways of doing business that can open deeper connections between trust and profitability—poised for a growth trajectory in a changing world. They speak up on their organization’s efforts to win enduring trust.
The role of operational leaders like the CIO, CISO, chief privacy officer, chief data officer is to design and weave trust into the flesh and bones of the organization through detailed policies, controls and playbooks. Take the example of a new mobile app or a new IoT device: vetting users, verifying their identities, protecting the data they provide and generate on the app or device, using data for business intelligence or revenue generation, sharing data with business partners—all these should be set by policies, guarded through controls, and governed through playbooks.
Operational leaders should also serve as key advocates, offering counsel on the real-world consequences of the trade-off decisions leaders must make.
Just as companies are going beyond digitizing and reconceiving how they recreate value, so will they be innovating in the ways they can win stakeholder trust. Some are already re-shaping their organizations into security-first, privacy-first businesses, without waiting for regulations to set the new rules. Along the way, they’re helping build the scaffolding for 21st century digital trust that can also facilitate more ambitious social, political, and economic goals.
At least one-third of our survey respondents said in the past year alone, they’d experienced significant disruptions due to third parties: software supply chain disruptions (47%), cloud breaches (45%), third-party platform exposures and outages and downtime (41%), data exfiltration (39%). And yet the trend of new third-party dependencies seen last year continues to gather steam.
CEOs and corporate directors are increasingly asking CISOs, CIOs and CROs about their organizations’ exposure to third parties. Our survey reveals why.
By virtually every metric, organizations with more mature information governance practices are better positioned to achieve growth in revenues or profits—and gain stakeholder trust. Four in ten respondents report realizing benefits from data monetization. And half report mature information governance practices. But considering the rush to monetize data and the explosion in concerns about data protection and privacy, there are plenty of risks, seen and unseen, that lie in wait for even the most mature company.Learn more
PwC Research, PwC’s Global Centre of Excellence for market research and insight, conducted the survey. This special edition of the US Digital Trust Insights Snapshot Survey is a poll of 311 security and technology executives of US-based companies who are familiar with or involved in increasing trust among B2B customers and business partners. The survey was conducted from February 22 to March 5, 2021. Thirty-five percent of respondents are executives in very large companies ($5 billion or more in revenues); 38% are in large companies ($1 billion but less than $5 billion). Respondents come from a range of industries: consumer markets (21%), industrial manufacturing and automotive (20%), tech, media, telecom (19%), financial services (18%), health (15%), and energy, utilities and mining (7%). Another US Digital Trust Insights Snapshot of 300 executives will be conducted in April-May focused on threat outlook and cyber investments in the next 12 months. The Global Digital Trust Insights, a survey of more than 3,000 business, security, risk, and tech executives around the world, will be conducted in July 2021.
Principal, Cybersecurity, Privacy & Forensics, PwC US
Principal, Cyber, Risk & Regulatory, PwC US
Cyber & Privacy Innovation Institute Leader, PwC US