- Donald E. Hester
Managing Cyber Risks in Today's Digital Age: Insights from PwC Pulse Survey
In today's digital age, businesses face a myriad of risks that can disrupt operations and damage reputation. With the rapid pace of change and uncertainty, it's important for local governments to stay ahead of these risks and implement effective risk management strategies. In a recent PwC Pulse Survey on managing business risks, cyber threats emerged as the number one concern for organizations, with 40% of respondents listing it as a serious risk and another 38% considering it a moderate risk. Moreover, the survey shows that cyber threats are no longer just the responsibility of the Chief Information Security Officer (CISO) but rather require a coordinated effort from all levels of the organization, especially the c-suite. In this blog post, we'll explore the key findings of the PwC Pulse Survey and discuss how organizations can improve their cyber risk management strategies to mitigate these evolving threats.
PwC Pulse Survey: Managing business risks
"Cyber is the No. 1 business risk."
Despite the risks that businesses face, executives remain cautiously optimistic about enterprise risk in general. According to the PwC Pulse Survey, many executives are exploring growth opportunities through both acquisitions and internal investments. Seventy percent of executives are considering an acquisition as a result of the current business environment, while internally, they're increasing investments in digital transformation, IT, cybersecurity and privacy, and customer experience. By investing in these areas, businesses are looking to improve efficiency and scalability, introduce new technology to boost productivity, and mitigate talent shortages. As executives navigate the risks and uncertainties of the current environment, they're also looking for ways to capitalize on growth opportunities and position their businesses for long-term success.
The PwC Pulse Survey findings reveal that cybersecurity is becoming an enterprise-wide issue, extending far beyond the CISO's office. In fact, cyber-attacks top the list of business risks, with 40% of all respondents listing it as a serious risk, and another 38% considering it a moderate risk. This trend is consistent across all roles, with tax leaders, CFOs, and CMOs ranking cyber-attacks high on their list of risks, with 47%, 44%, and 41%, respectively, considering it a serious risk. This highlights the need for businesses to adopt a more holistic approach to cyber risk management, with all functions working together to mitigate this growing threat. The survey underscores the urgency of cyber threats and the need for businesses to make cybersecurity a top priority, not just for the IT department but for the entire organization.
The PwC Pulse Survey findings reveal an even bigger signal of the growing concern around cyber: 51% of board members cited it as a serious risk, with an additional 35% considering it a moderate risk, surpassing any other category of business leader. This highlights board members' increasing awareness of their responsibility in overseeing cybersecurity risk management. In fact, in March 2022, the SEC proposed to enhance and standardize cybersecurity disclosures, requiring that the registrant's board of directors oversee cybersecurity risk. The proposal would also mandate annual reporting or certain proxy disclosure about the board of directors cybersecurity expertise. This increased scrutiny from regulators further underscores the importance of cyber risk management and the need for businesses to have a comprehensive strategy in place to mitigate cyber threats. With board members taking a more active role in overseeing cybersecurity risk, businesses will need to ensure that they have the necessary expertise and resources to meet the new reporting requirements and protect their organization from cyber risks.
"Growing cyber threats and a greater reliance on data in business models mean that cybersecurity is now a central responsibility for the entire C-suite and board."
The growing concern over cyber risks is not limited to private-sector corporations. Local government boards and councils should also be equally concerned about cyber risks, especially since cyber-attacks against local governments continue to increase yearly. In fact, in many ways, local government officials are equivalent to the board of directors for a corporation, as they oversee the operations of their jurisdiction and are responsible for protecting the interests of their constituents. Given that local governments issue bonds to investors, I think that we may see the SEC also require local governments to follow the same guidelines as publicly traded companies. Ultimately, the rules that the SEC is looking to put in place are designed to protect investors and ensure that organizations are taking the necessary steps to mitigate cyber risks. Therefore, it is crucial that local governments prioritize cybersecurity and implement the necessary measures to safeguard against cyber threats.
The growing policy concern of business leaders over cybersecurity, privacy, and data protection is not limited to their own organizations. In fact, 84% of business leaders are closely monitoring or taking action on potential regulatory changes related to these issues. With data breaches and cyber-attacks becoming increasingly prevalent and costly, policymakers are taking a more active role in regulating these areas to protect both businesses and consumers.
The old saying goes, "prevention is better than cure," and this is especially true when it comes to cybersecurity and privacy. In today's interconnected world, our collective failure to take the necessary steps to safeguard against cyber threats and protect sensitive data can have severe consequences for organizations and their customers and stakeholders. In the past, failure to do the right thing has led to regulatory action, as lawmakers seek to hold organizations accountable for protecting against cyber risks. We all know that compliance with regulations can be a costly and time-consuming process, and failure to comply can result in severe penalties and damage to an organization's reputation and legal liability. Therefore, local governments and organizations should take a proactive approach to cybersecurity and privacy, implementing robust security measures and best practices to protect against cyber threats and stay ahead of regulatory changes. By doing so, organizations can avoid the costs and consequences of non-compliance and build trust and confidence with their residents and stakeholders.
The survey findings highlight the growing importance of cybersecurity in local governments. The fact that virtually all local governments are now digital and heavily rely on data and analytics, as well as mobile and cloud technology, means that they are more vulnerable to cyber threats. The survey also revealed that cyber threats are becoming more sophisticated, underscoring the need for local governments to take a proactive approach to cybersecurity. As cyber-attacks continue to grow in frequency and severity, it is crucial for local governments to implement robust security measures and best practices to protect against cyber threats and safeguard sensitive data.
Recommendations for Local Governments Based on the Survey
The survey's recommendations emphasize the need to view cybersecurity as a council or broad enterprise risk concern rather than just an IT issue. Local government leaders should build cybersecurity and data privacy into agendas across the executive team and elected officials, recognizing that cyber threats are a significant risk to the organization's reputation, financial stability, and resident trust. Increasing investment to improve security is also critical, including investments in digital transformation, IT, cybersecurity, and privacy.
Education is also key, as employees are critical in protecting organizations from cyber threats. Local government leaders should ensure that employees are educated on effective cybersecurity practices, including identifying and reporting suspicious activity. Additionally, for each new initiative or transformation, it is essential to have a cyber plan in place, ensuring that cybersecurity is embedded into the organization's DNA from the outset. Cybersecurity is the organization's response to cyber risk and that risk exists in every department, not just IT.
Finally, local government leaders should use data and intelligence to measure their cyber risks regularly, proactively looking for blind spots in their third-party relationships and supply chains. This approach will help organizations identify vulnerabilities and respond quickly to emerging cyber threats, helping to mitigate the risks associated with cyber-attacks. By adopting these recommendations, local governments can ensure that they are well-positioned to address the growing cyber threat landscape and protect the sensitive data entrusted with.