The journey to digital trust
include proactive management of cyber and privacy risks by design
are “very comfortable” that the board gets adequate reporting
are “very comfortable” that they’re building sufficient digital controls into IoT adoption
If the lifeblood of the digital economy is data, its heart is digital trust - the level of confidence in people, processes, and technology to build a secure digital world.
Our new Digital Trust Insights platform moves our traditional Global State of Information Security® Survey (GSISS), that ran for 20 years, forward to cater to the evolving information security landscape, by exploring how to build confidence in the readiness of people, processes and technologies to meet tomorrow’s challenges.
PwC Digital Trust Insights survey asked 3,000 business leaders in 81 countries about the readiness of their organisations to address digital business, risk management and compliance challenges. Based on the results, we identified 10 major opportunities for improvement around people, processes and technology, and provide actionable advice to help you build confidence.
1. Engage security experts at the start of digital transformations - just 53% include proactive management of cyber and privacy risks by design in the project plan and budget “fully from the start.”
2. Upgrade your talent and leadership team - less than half of respondents are very comfortable that their company has adequately identified the executives responsible for cybersecurity (39%) and privacy (40%).
3. Raise workforce awareness and accountability - only 34% say their company has an employee security awareness training programme.
4. Improve communications and engagement with the board of directors - only 27% say they’re very comfortable that the board receives adequate reporting on metrics for cyber and privacy risk management.
5. Tie security to business goals - just 23% say they plan to invest over the next year in aligning business objectives with their information security strategy.
6. Build lasting trust around data - many medium and large businesses aren’t “very comfortable” they’ve identified their most valuable and sensitive digital assets.
7. Boost cyber resilience - fewer than half of medium and large businesses say they’re very comfortable that their company’s adequately tested its resistance to cyberattacks.
8. Know thy enemies - only 31% of respondents say they’re very comfortable that their company’s identified parties who might attack its digital assets.
9. Be proactive in compliance - fewer than half of companies worth $100 million or more say they are fully ready to comply with s the European Union’s General Data Protection Regulation (GDPR).
10. Keep pace with innovation - only 30% list IoT security among the safeguards they plan to invest in this year.
"That only half of companies are really tackling security from the start of a major project is worrying," says Ingvar Van Droogenbroeck, a PwC Partner who heads up our Cyber & Privacy unit. "Fixing security afterwards is a lot more difficult and expensive," he adds. And, he goes on, "privacy by design is a principle of the GDPR. These results indicate that companies are far from ready to fully comply with the regulation."
Ingvar notes that the global findings are all applicable to organisations in Belgium and that they can, and should, heed the actionable points, especially with regards to ensuring there’s clear leadership and the required talent, and raising awareness and accountability, but also "reporting to the board on the topic of cyber is far from where it should be in most companies. Often, boards understand it’s important, but have no clear view on their risk posture and don’t track their organisation’s progress (or lack thereof) on its cyber journey," he says."We can offer help there as well: How your board can better oversee cyber risk”