Massive cybersecurity breaches have become almost commonplace, regularly grabbing headlines that alarm consumers and leaders. But for all of the attention such incidents have attracted in recent years, many organizations worldwide still struggle to comprehend and manage emerging cyber risks in an increasingly complex digital society. As our reliance on data and interconnectivity swells, developing resilience to withstand cyber shocks—that is, large-scale events with cascading disruptive consequences—has never been more important.
In the 2018 Global State of Information Security® Survey (GSISS), 40% of survey respondents from organizations using robotics or automation say the disruption of operations would be the most critical consequence of a cyberattack on those systems. Despite an awareness of disruptive cyber risks, companies often remain unprepared to deal with them.
Achieving greater cyber resilience as a society and within organizations will require a more concerted effort to uncover and manage new risks inherent in emerging technologies. Organizations must have the right leadership and processes in place to drive the security measures required by digital advancements.
Many businesses are just beginning this journey: relatively few respondents (34%) say their organizations plan to assess Internet of things (IoT) security risks across the business ecosystem.
“Many organizations need to evaluate their digital risk and focus on building resilience for the inevitable.”
Most corporate boards are not proactively shaping their companies’ security strategies or investment plans. Only 44% of respondents say their corporate boards actively participate in their companies’ overall security strategy. Senior leaders driving the business must take ownership of building cyber resilience. Establishing a top-down strategy to manage cyber and privacy risks across the enterprise is essential. Resilience must be integrated into business operations.
A company’s risk management strategy should be informed by a solid understanding of the cyber threats facing the organization and an awareness of which key assets require the greatest protection. There should be a coherent risk appetite framework. Leadership must drive the development of a cyber risk-management culture at all levels of the organization.
US Principal, Cybersecurity and Privacy, PwC US
Cyber & Privacy Innovation Institute Leader, PwC US