Organizations worldwide are continuing to put cybersecurity on the back burner, with only two percent having implemented cyber-resilience in all areas surveyed, says business consulting giant PwC.
According to the latest PwC report, Bridging the gaps to cyber resilience: The C-suite playbook: “Fewer than half of the executives say their CISOs are involved to a large extent in strategic planning, board reporting, and overseeing tech deployments.”
C-suite executives and their CEOs are currently paying growing lip-service to cybersecurity in an effort ensure their compliance with the growing body of cyber legislation on both sides of the Atlantic. But, according to PwC, only 15 percent are actually measuring the potential financial impact of cyber risks to a significant extent.
Organizations’ chief concern is threats for which they are unprepared
PwC is concerned that what worries organisations most are the cyber-threats for which they are least prepared. The top four cyber threats organisations find most concerning are: cloud-related threats, hack-and-leak operations, third-party breaches and attacks on connected products. Crucially, these are the very security threats that executives feel least prepared to address.
“This gap highlights the urgent need for better investments and stronger response capabilities,” warns the report.
PwC recommends to company information security officer (CISOs), that they take pains to explain to their fellow c-suite executives the threats they believe most jeopardise their organizations. This is particularly crucial if the company’s investment efforts need to be shifted.
PwC’s advice to company finance officers (CFOs) is to gain deeper insight from the CISO on the most critical cyber management and investment priorities. The advice to chief executive officers (CFOs) is to hold regular meetings with the CISO to understand which threat vectors are causing them the most concern and ensure that they are receiving regular reports on current threat mitigation efforts. The rest of the board should also ensure that they understand the top cyber risks to the organization and have adequate plans and funding in place to proactively address risks and respond should an event occur.
PwC surveyed 4,042 business and tech executives from across 77 countries while researching the report.
