Revitalizing privacy and trust in a data-driven world

Start adding items to your reading lists:
Save this item to:
This item has been saved to your reading list.

How businesses can better manage rising risks to data privacy and security

Massive data breaches, constant collection of personal data—it may seem like privacy is dead in the digital age. But privacy, security and trust are increasingly vital and intertwined in our data-driven society. According to our 2018 Global State of Information Security® Survey (GSISS), many organizations worldwide need stronger privacy risk management that is better integrated with cybersecurity.

For CEOs and boards, the existential question is less about the future of privacy and more about the future of their own organization: will the company muster the will and imagination needed to jolt stalled privacy risk management into action? Will it leverage that momentum and integrate cybersecurity, striving to become a trusted brand for responsible innovation and data usage? Or will it cede its place in the market to more committed competitors?

Drawing on key findings from the 2018 GSISS and beyond, we offer nine insights on revitalizing privacy and trust in a data-driven world, concluding with next steps for global business leaders.

"People want privacy and security, not privacy or security. Companies will need to deliver on that expectation."

Sean Joyce, Former US Cybersecurity and Privacy Leader, PwC

Nine insights on revitalizing privacy and trust in a data-driven world

1. From awareness to action

The challenge for CEOs is going beyond awareness to action

Senior executives recognize the rising stakes of cyber insecurity. In our 21st Global CEO Survey, 87% of global CEOs say they are investing in cybersecurity to build trust with customers. Nearly as many (81%) say they are creating transparency in the usage and storage of data.

Will it be enough? Unfortunately, less than half of CEOs say they are taking these actions “to a large extent.”

Learn more

View more

2. Committed risk management

Committing to risk management in digital transformation is existential

Our 2018 GSISS results show that many companies are still beginners in data-use governance. In addition, as many as 44% of 2018 GSISS respondents say they lack an overall information security strategy.

In today’s world, the old habit of moving to technology innovation before thinking through the issues and risks can have unprecedented consequences for businesses.

Learn more

View more

3. Data use

Beyond confidentiality, privacy expectations focus on data use

Consumers, however, have relatively low confidence that companies will use personal data in a responsible way. The European Union’s General Data Protection Regulation (GDPR) calls for privacy by design, including data minimization, and says companies may need to pseudonymize or encrypt personal data. This all underscores the need for corporate governance over the management, protection and use of data.

Learn more

View more

4. Advanced authentication

Advanced authentication technology will be a trust builder

Emerging improvements in authentication technology could help business leaders build trusted networks.

In the 2018 GSISS, half of respondents say the use of advanced authentication has improved customer and business partner confidence in the organization’s information security and privacy capabilities. In addition, 48% say advanced authentication has helped reduce fraud and 41% say it has improved the customer experience.

Learn more

View more

5. Board involvement

Even industry titans must boost board involvement

Organizations of all sizes should boost the engagement of corporate boards in the oversight of cyber and privacy risk management. Less than a third of 2018 GSISS respondents say their corporate board directly participates in a review of current security and privacy risks.

For organizations worth more than $25 billion the figure is only a bit higher. Without a solid understanding of the risks, boards are not well positioned to exercise their oversight responsibilities for data protection and privacy matters.

Learn more

View more

6. Chief privacy officers

More companies should consider hiring a chief privacy officer

About two-thirds of respondents worldwide say their organization has put a chief privacy officer (CPO) or similar executive in charge of privacy.

This is even more common among the largest organizations. For institutions worth $10 billion or more, at least 79% of respondents say their organization has such an executive in place. For organizations worth between $15 billion and $25 billion, it is 81%.

Learn more

View more

7. Regional challenges

Lagging businesses in Europe and the Middle East have more work to do

Businesses in Europe and the Middle East generally lag behind those in Asia, North America and South America in developing an overall information security strategy and implementing data-use governance practices, according to 2018 GSISS findings.

Companies are facing new data security and privacy rules, including the EU’s General Data Protection Regulation (GDPR), which applies to any organization that does business in the EU and came into effect in May 2018.

Learn more

View more

8. Internet balkanization

The balkanization of the internet will change how companies do business

Country-specific requirements for companies to maintain data and application software within the geographical boundaries in which the businesses operate are expected to change how companies do business.

Emerging approaches to cross-border data flows, nascent privacy rules and expanding regulation on data use worldwide all add up to an increasingly challenging path for companies to navigate toward success in the global digital economy.

Learn more

View more

9. Consumer expectations

Consumers will vote for responsible innovation and data use with their wallets

Consumers do put a monetary value on privacy—but context matters.

We believe consumers will pay more for technology products that are designed with security and privacy in mind. Consumers often do not have that option, however, because many IoT devices are cheaply produced with essentially no security or privacy protections. That needs to change.

Learn more

View more

Contact us

Jay Cline

US Privacy Leader, Principal, PwC US

Carolyn Holcomb

Partner, Cybersecurity and Privacy, PwC US

Joseph Nocera

Principal, Cybersecurity and Privacy, PwC US

Follow us