From awareness to action
The challenge for CEOs is going beyond awareness to action
Senior executives recognize the rising stakes of cyber insecurity. In our 21st Global CEO Survey, 87% of global CEOs say they are investing in cybersecurity to build trust with customers. Nearly as many (81%) say they are creating transparency in the usage and storage of data.
Will it be enough? Unfortunately, less than half of CEOs say they are taking these actions “to a large extent.”
Committed risk management
Committing to risk management in digital transformation is existential
Our 2018 GSISS results show that many companies are still beginners in data-use governance. In addition, as many as 44% of 2018 GSISS respondents say they lack an overall information security strategy.
In today’s world, the old habit of moving to technology innovation before thinking through the issues and risks can have unprecedented consequences for businesses.
Beyond confidentiality, privacy expectations focus on data use
Consumers, however, have relatively low confidence that companies will use personal data in a responsible way. The European Union’s General Data Protection Regulation (GDPR) calls for privacy by design, including data minimization, and says companies may need to pseudonymize or encrypt personal data. This all underscores the need for corporate governance over the management, protection and use of data.
Advanced authentication technology will be a trust builder
Emerging improvements in authentication technology could help business leaders build trusted networks.
In the 2018 GSISS, half of respondents say the use of advanced authentication has improved customer and business partner confidence in the organization’s information security and privacy capabilities. In addition, 48% say advanced authentication has helped reduce fraud and 41% say it has improved the customer experience.
Even industry titans must boost board involvement
Organizations of all sizes should boost the engagement of corporate boards in the oversight of cyber and privacy risk management. Less than a third of 2018 GSISS respondents say their corporate board directly participates in a review of current security and privacy risks.
For organizations worth more than $25 billion the figure is only a bit higher. Without a solid understanding of the risks, boards are not well positioned to exercise their oversight responsibilities for data protection and privacy matters.
Chief privacy officers
More companies should consider hiring a chief privacy officer
About two-thirds of respondents worldwide say their organization has put a chief privacy officer (CPO) or similar executive in charge of privacy.
This is even more common among the largest organizations. For institutions worth $10 billion or more, at least 79% of respondents say their organization has such an executive in place. For organizations worth between $15 billion and $25 billion, it is 81%.
Lagging businesses in Europe and the Middle East have more work to do
Businesses in Europe and the Middle East generally lag behind those in Asia, North America, and South America in developing an overall information security strategy and implementing data-use governance practices, according to 2018 GSISS findings.
Companies are facing new data security and privacy rules, including the EU’s General Data Protection Regulation (GDPR), which applies to any organization that does business in the EU and goes into effect in May 2018.
The balkanization of the internet will change how companies do business
Country-specific requirements for companies to maintain data and application software within geographical boundaries where the businesses operating are expected to change how companies do business.
Emerging approaches to cross-border data flows, nascent privacy rules and expanding regulation on data use worldwide all add up to an increasingly challenging path for companies to navigate toward success in the global digital economy.
Consumers will vote for responsible innovation and data use with their wallets
Consumers do put a monetary value on privacy—but context matters.
We also believe consumers will pay more for technology products that are designed with security and privacy in mind. Consumers often do not have that option, however, because many IoT devices are cheaply produced with essentially no security or privacy protections. That needs to change.