Why can’t CEOs sleep at night? Cybercrime.Follow @PwC
Our 19th Annual Global CEO Survey, launched at the World Economic Forum in Davos, portrayed a gloomy outlook for business, with CEOs voicing concern about geopolitical uncertainty and slowing economic growth. Yet in speaking one-on-one with business leaders, it's the third key concern – cybercrime – they view as the most immediate threat to their business.
The reality in 2016 is that most economic crimes, to some extent, have gone digital. The paradox being, of course, that so have many business opportunities. New digital connections, tools and platforms, enable companies to interact with customers, suppliers and their people in real time – more quickly than ever before. Yet CEOs worry that each digital opportunity is vulnerable to a deceitful action that can severely limit – or even destroy – that potential.
To be frank, they should be. Our Global Economic Crime Survey released last week revealed that the incidence of reported cybercrime among our respondents has risen sharply this year, jumping from 4th to 2nd place among the most-reported types of economic crime. Note: the word ‘reported.’ While over a quarter of respondents said they had been affected by cybercrime, 18% told us they didn’t know if they had. And due to the stealthy nature of these crimes, many of the 56% who said they weren’t affected may well have been compromised without ever knowing it.
In another recently released PwC study, the Global State of Information Security Survey 2016, the number of 2015 corporate cybercrime incidents stands at 59 million – most likely a fraction of the true figure. Corporate cybercrime has seen double-digit growth over the last 5 years. Breaches originating from cloud-connected devices jumped by 152% in 2015 compared to a year earlier. With the continuing rise of the Internet of Things, we can expect the number of breaches to accelerate. And cybercrime losses can be heavy: 7% are greater than $1 million.
At PwC, we believe responsibility for addressing cyber threats begins at the top. Yet, our Global Economic Crime Survey reports that less than half of board members request information about their organisation’s cyber-preparedness. That may be part of the reason why only 37% of the surveyed organisations have a cyber incident response plan. And when an attack does occur, too often organisations seem to be leaving the first response to their IT departments, without adequate intervention or support from senior management.
Let me share two tips from our global cyber security team:
- Adopt a data-driven approach to cybercrime. This can shift cybersecurity away from perimeter-based defences and enable your organisation to put real-time information to use in ways that can help predict cybersecurity incidents.
- Work with others. Many organisations tell us external collaboration allows them to share and receive more actionable information from industry peers and improved their threat awareness.
To conclude, business leaders need to treat cyber-readiness as an organisational and a leadership stress test. Better understanding and focusing on cybersecurity will help the business confidently leverage digital opportunities while substantially reducing – but never completely eliminating – the digital threats.
Dennis Nally leads the global network of PwC firms. He has extensive experience serving large multinational clients in a variety of industries, principally focusing on technology and life sciences. Dennis is also a frequent speaker and guest lecturer on issues affecting the professional services profession and the global capital markets. Read Dennis Nally's full biography.