At the 2017 RSA event in San Francisco — the global cybersecurity and privacy conference — we spent much time addressing significant concerns about cybersecurity with CEOs and other C-suite executives. Cyber threats have rapidly become a top concern for US CEOs, according to the findings of PwC’s 20th CEO Survey, released at the World Economic Forum at Davos, Switzerland, on Jan. 16. The silver lining for industry, however, is that companies making a concerted effort to better manage such risks could be rewarded with a competitive edge in the marketplace.
Cyber threats ranked No. 2 among US CEOs’ top worries in PwC’s survey, second only to the prospect of over-regulation. This dovetails with other recent research highlighting the gravity of cybersecurity challenges facing industry. The 2017 edition of the World Economic Forum Global Risks Report ranked cyber attacks as the top risk to doing business in North America, with data fraud or theft listed as the No. 4 risk.
PwC’s survey found the fastest-rising worries for US CEOs this year are cybersecurity, the speed of technological change and the lack of trust in business. Notably, 50% of U.S. CEOs said they were extremely concerned about cyber threats (up from 44% in 2016).
In addition, most of the CEOs surveyed told PwC that it is growing harder for businesses to gain and keep trust in a more digital world. The top challenges in this area cited by CEOs were breaches of data privacy and ethics; cybersecurity breaches affecting business information and critical systems; and information technology outages and disruptions.
Industry’s cybersecurity challenges have not gone unnoticed by the American public. A recent Pew Research Center survey found a clear majority of Americans expect major cyberattacks against U.S. public infrastructure and financial systems within five years. More than a third of Americans surveyed said industry is either partly or completely unprepared.
Areas where competitive threats are accelerating, however, also offer opportunities for leading companies to stand out. With concerted effort to bolster cybersecurity, to develop expertise in emerging technologies and to build trust with stakeholders, PwC believes that companies could create differentiation in the marketplace.
One way for companies to achieve a competitive edge while improving cybersecurity is to focus on developing resilience — the capability to bounce back from shocking events such as cyber attacks. Resilience will be increasingly important for sustaining the operations of critical infrastructure in the future, the U.S. National Intelligence Council concluded in a global trends report issued last month.
Fortunately for industry, investing in resilience could also help companies reap significant economic rewards — a point underscored in a PwC study published last year. With a focus on long-term success, resilient companies develop strategies for business continuity, succession planning, strategic alignment and data analytics. They also align risk management with strategic planning. In addition, they have well defined and automated security processes for information technology. Further, they apply analytics to predict attacks and respond more quickly.
Beyond improving the security and economic prospects of individual companies, building resilience could allow leading businesses — particularly those in critical infrastructure sectors — to significantly strengthen the security, economic well being and stability of society as a whole. “Tomorrow’s successful states,” the National Intelligence Council writes, “will probably be those that invest in infrastructure, knowledge, and relationships resilient to shock—whether economic, environmental, societal, or cyber.”
US Principal, Cybersecurity and Privacy, PwC US
Cyber & Privacy Innovation Institute Leader, PwC US