For CEOs, cybersecurity is both rising concern and significant opportunity
23 March 2017
By Dave Burg, US and Global Cybersecurity & Privacy Co-Leader, PwC; Grant Waterfall, US & Global Cybersecurity & Privacy Co-Leader, PwC; and Christopher Castelli, Director, PwC
At last month’s RSA event in San Francisco—the global cybersecurity and privacy conference—we heard time and time again from CEOs and other C-suite executives about their concerns around tackling mounting cybersecurity threats.
This correlates with the results of PwC’s 20th Global CEO Survey, which showed that cyber threats are among the top concerns for CEOs today. Nearly two-thirds (62%) of the global CEOs surveyed said that cyber threats are a going concern for their organisation’s growth prospects. This places cyber threats among the top five threats on CEOs’ minds, only behind availability of key skills, volatile energy costs and changing consumer behaviour.
This also aligns to other recent research highlighting the gravity of cybersecurity challenges facing industry. In the World Economic Forum Global Risks Report 2017, a “massive incident of data fraud/theft” ranked among the top five global risks in terms of likelihood for the first time.
This year’s Global CEO Survey found the speed of technological change was the fastest rising concern for global CEOs, up from 58% in 2016 to 70%, highlighting worries over digital risk and technological readiness. In addition, most of the CEOs surveyed told us that it is becoming harder for businesses to gain and keep trust in a more digital world. While trust was of only marginal importance to CEOs in 2013, CEOs now recognise that this metric has significant influence on business success. Back in 2013, for example, only 37% of respondents worried that lack of trust in business would harm their company’s growth, while today the number has jumped to 58%. The top threats in this area cited by CEOs were cybersecurity breaches affecting business information, breaches of data privacy and ethics, and information technology outages and disruptions.
Indeed, industry’s cybersecurity challenges have not gone unnoticed by the public. For example, a recent Pew Research Center survey in the U.S. found a clear majority of Americans expect major cyberattacks against public infrastructure and financial systems within five years. More than a third said industry is either partly or completely unprepared, however nine in ten CEOs indicated that their organisations are addressing— to some or to a large extent—cybersecurity breaches, IT outages/disruptions, social media risks, and data privacy and ethics breaches.
Despite these real – and perceived - challenges, there is a silver lining. With concerted effort in better preparing for and managing risks, bolstering cybersecurity, developing expertise in emerging technologies and building trust with stakeholders, companies could be rewarded with a competitive edge in the marketplace.
One way for companies to achieve a competitive edge while improving cybersecurity is to focus on developing resilience—the capability to bounce back from shocking events such as cyber attacks. Resilience will be increasingly important for sustaining the operations of critical infrastructure in the future, the U.S. National Intelligence Council concluded in its Global Trends report issued in January.
Fortunately for industry, investing in resilience could also help companies reap significant economic rewards—a point underscored by the cybersecurity and privacy findings in PwC’s 2016 Risk in Review study. With a focus on long-term success, resilient companies develop strategies for business continuity, succession planning, strategic alignment and data analytics. Resilient companies also align risk management with strategic planning. In addition, they have well defined and automated security processes for information technology and apply analytics to predict attacks and respond more quickly.
Beyond improving the security and economic prospects of individual companies, building resilience could allow leading businesses — particularly those in critical infrastructure sectors — to significantly strengthen the security, economic well being and stability of society as a whole. “Tomorrow’s successful states,” the Global Trends report notes, “will probably be those that invest in infrastructure, knowledge, and relationships resilient to shock—whether economic, environmental, societal, or cyber.”
This blog originally appeared in the Wall Street Journal on February 9, 2017