Strengthening digital society against cyber shocks

Start adding items to your reading lists:
Save this item to:
This item has been saved to your reading list.

How businesses can build the resilience needed to withstand disruptive cyberattacks

Massive cybersecurity breaches have become almost commonplace, regularly grabbing headlines that alarm consumers and leaders. But for all of the attention such incidents have attracted in recent years, many organizations worldwide still struggle to comprehend and manage emerging cyber risks in an increasingly complex digital society. As our reliance on data and interconnectivity swells, developing resilience to withstand cyber shocks—that is, large-scale events with cascading disruptive consequences—has never been more important.

In the 2018 Global State of Information Security® Survey (GSISS), 40% of survey respondents from organizations using robotics or automation say the disruption of operations would be the most critical consequence of a cyberattack on those systems. Despite an awareness of disruptive cyber risks, companies often remain unprepared to deal with them.

Less than half of survey respondents have adopted many of the key processes for uncovering cyber risk in business.

Uncovering hidden risks

Achieving greater cyber resilience as a society and within organizations will require a more concerted effort to uncover and manage new risks inherent in emerging technologies. Organizations must have the right leadership and processes in place to drive the security measures required by digital advancements.

Many businesses are just beginning this journey: relatively few respondents (34%) say their organizations plan to assess Internet of things (IoT) security risks across the business ecosystem.

Twenty-nine percent of respondents say CISOs bear responsibility for the Internet of things (IoT) security.

“Many organizations need to evaluate their digital risk and focus on building resilience for the inevitable.”

Sean Joyce, PwC's US Cybersecurity and Privacy Leader

Leadership is vital

Most corporate boards are not proactively shaping their companies’ security strategies or investment plans. Only 44% of respondents say their corporate boards actively participate in their companies’ overall security strategy. Senior leaders driving the business must take ownership of building cyber resilience. Establishing a top-down strategy to manage cyber and privacy risks across the enterprise is essential. Resilience must be integrated into business operations.

A company’s risk management strategy should be informed by a solid understanding of the cyber threats facing the organization and an awareness of which key assets require the greatest protection. There should be a coherent risk appetite framework. Leadership must drive the development of a cyber risk-management culture at all levels of the organization.

Board confidence in security measures is tied to their participation in security strategy.

Contact us

Sean  Joyce

Sean Joyce

Global and US Cybersecurity, Privacy & Forensics Leader, PwC US

Joe Greene

Joe Greene

US Principal, Cybersecurity and Privacy, PwC US

Joseph Nocera

Joseph Nocera

Cyber & Privacy Innovation Institute Leader, PwC US

Follow us