By
Bob Moritz*
The year 2018 has seen a steady shift in cybersecurity and privacy matters: from the back office to the front office, from the tech section to the front page, and from the IT department to the boardroom.
Cyber risk management was already high on the business agenda at the beginning of the year, when I took part in a related panel discussion at the World Economic Forum’s annual meeting and shared some reflections on that discussion in a post on the Centrality of Cybersecurity.
A survey by PwC showed that business leaders around the world named cyber threats as a top concern. The Forum's Global Risks Report for 2018 also reported that large-scale cyberattacks and data breaches would be increasingly likely amid rising cyber-dependency.
Looking back, it is amazing just how prevalent cyber concerns have become in the months that followed. We have also seen a significant re-positioning: while cyber threats continue to be a major business concern, developments during 2018 have brought cyber concerns front of mind for broader groups of stakeholders across society as a whole.
A shift has taken place in the attitudes of digital consumers – with much more attention on how our data is accessed, protected and used, as well as the impacts of that data handling.
This presents an opportunity for businesses to establish themselves as digital leaders in helping to address the broader cyber challenges we face. To do so, they need to shift from a protective focus on information security to a more proactive focus on building digital trust.
Digital trust insights
Our recently released Digital Trust Insights survey distills views on this topic from 3,000 business leaders across 81 countries and all major industries. The survey shows that while most businesses are currently not doing enough to build digital trust, there are clear opportunities to do so.
At a basic level, these opportunities boil down to improvements in three main areas that will make or break digital trust in any organization: people, processes and technology. Confidence in all three of these is critical to building a secure digital world.
This raises three important questions that leaders need to ask of themselves and their organizations to help determine whether they are positioned to become leaders in the digital future.
1. How well are you enabling people in your organization to help build digital trust?
Organizations around the world are rightly seeking to improve their performance through digital transformation. The main factor deciding the success of these projects are people, including when it comes to managing cyber risk.
Over 90% of our survey respondents at companies undergoing digital transformation say they include security and privacy personnel as stakeholders in the projects, but only 53% say that they practice proactive risk management “fully from the start” of their digital transformations.
Organizations would do well to make sure they have the right leaders in place, and to step up their efforts to raise employee awareness and accountability around cybersecurity and privacy. Currently, less than half of respondents are very comfortable their company has adequately identified the executives responsible for cybersecurity (39%) and privacy (40%) – and only 34% of respondents say their company has an employee security awareness training programme.
Smart organizations are providing digital skills training to prepare their people for the future. They are also raising awareness in their workforce about cybersecurity and privacy using straightforward messaging, which is memorable enough to influence behavior, and avoids invoking so-called security fatigue – the weariness or reluctance to deal with computer security.
2. How well are you engaging business processes to build digital trust?
Cybersecurity and privacy matters are increasingly mission critical for any organization, and yet far too few have taken the steps to ensure their business processes help build digital trust. Only a small minority of companies (23%) say they plan new investments this year to align security precautions to business objectives.
When it comes to the boardroom, most cyber and privacy risk specialists told us that their company has provided the board with the necessary strategies, but admit to doubts about internal reporting on cybersecurity and privacy metrics. Less than 30% of respondents say they are very comfortable that the board is receiving adequate reporting on metrics for cyber and privacy risk management.
3. How well are your controls keeping pace with emerging technology?
Businesses are reinventing themselves through digital transformations and the application of emerging tech. But are they opening themselves up to new risks even as they pursue new opportunities?
Our survey finds that most business leaders say that emerging technologies are critical for business, but fewer are very confident they have sufficient ‘digital trust’ controls in place for their adoption. For example, 81% of executives consider the Internet of Things critical to their business, but only 39% are very confident that they have all the right controls in place to adopt it safely. The same goes for AI, with 70% of respondents saying it is critical to at least some of their business, but only 31% very comfortable they are building sufficient digital trust controls for its adoption.
At the start of the year in Davos, I talked about some overarching principles for combating cyber risks – including the need for collaboration among stakeholders and the imperative for leaders to ask for help when needed. I hope that our Digital Trust Survey will provide further basis for informed collaboration and a useful guide for leaders to determine where they need help in dealing with this crucial matter.
*Global Chairman, PwC
** First published in weforum.org
By: N. Peter Kramer
