- Companies outperforming their peers in cybersecurity measures are more optimistic about their revenue growth prospects.
- These ‘trailblazers’ empower their cyber teams to engage with the overall business strategy.
- A focus on three dimensions — identifying risk, recovering assets and protecting data — will help organisations close the gap.
In uncertain times for global business, optimism around profit growth can be hard to come by. But what if we told you that changing the way your business thinks about cybersecurity can be a catalyst for renewed confidence?
While most companies understand the importance of securing their assets, many are under-capitalising on the benefits offered by proactively managing digital risks. PwC’s Digital Trust Insights report, which surveyed more than 3,000 executives and IT professionals from across the globe, found that just 53 percent of respondents said they had baked cyber security planning into their digital transformation strategies from the start, and only 23 percent said they plan to invest in aligning their business strategies with an information security strategy over the next year.
The sense of urgency around the need for a stronger approach is growing. According to PwC’s 22nd Annual CEO Survey results, geopolitical cyber activity is perceived to be on the rise, as nearly three-quarters of CEOs said their company may be affected by it. And 30 percent of respondents said they are extremely concerned about geopolitical activity. However, despite the concern, just 15 percent of respondents said they believe their company is cyber resilient.
Companies know they need to get cybersecurity right. But how do they move beyond focusing on cybersecurity concerns to being better able to respond to cyber threats when they occur? We’ve identified the top 25 percent of respondents to the Digital Trust Insights survey as trailblazers — those who outperform their peers in digital initiatives and overall security.
Businesses that fall into this category say they are more preemptive and responsive to cyber threats than their peers, and are therefore able to minimise the impact attacks have on their operations. Indeed, more than 80 percent said they had anticipated a new cyber risk to their digital initiatives compared with 60 percent of their peers.
Perhaps the biggest benefit this cohort enjoys is how they view their company’s bottom line. Trailblazers reported that they were significantly more optimistic about their growth prospects over the next three years: 57 percent said they expected revenue to grow by 5 percent or more on average, while 53 percent said they expected their profit margin to grow by 5% or more, compared with less than a third of others.
To enjoy these advantages, however, business leaders must think differently about the role of their cybersecurity teams. Companies that achieve trailblazing status typically position their cybersecurity teams to support the business’s strategic goals. They reframe the team’s purpose from simply protecting assets to becoming a strategic partner in the organisation. Sixty-five percent of this group (compared with 15 percent of others) said they strongly agree that their cybersecurity is embedded in the business. For example, the cyber team works with the product development team to help build security into its product designs from the beginning.
Trailblazers are proactive on risks with digital transformation. Eighty-nine percent of this group (compared to 41 percent of others) reported that their cyber teams were consistently involved in managing risks associated with digital transformation programs. To enable this level of integration, trailblazers bring their cyber teams to the table when discussing risk appetite. Seventy-seven percent said they strongly agree that their cyber teams interact enough with senior leaders to develop an understanding of that tolerance, compared with 22 percent of all others.
Breaking down silos and integrating the cyber team into the strategic fold is paying dividends for those companies setting the new pace for proactive cybersecurity. Joining this high performing cohort requires businesses to focus on three key areas around digital security. This roadmap is based on how IT professionals in the survey assessed their organisations in categories established by the US National Institute for Standards and Technology (NIST) Cybersecurity Framework:
Few survey respondents showed acumen around activities such as identifying which of the organisation’s physical and software assets need protection. The results show that even trailblazers have room for improvement in this area.
Our Digital Trust Insights survey shows that trailblazers have the strongest capabilities when it comes to recovering assets. Closing the gap in recovery planning means incorporating the lessons learned from past failures, and focusing on how internal and external communications are communicated during and after an incident.
Other such gaps in which the trailblazers have a clear edge include:
- Data security (under Protect) — safeguarding information in line with a firm’s strategy for protecting the confidentiality, integrity and availability of information
- Detection processes (under Detect) — defining how to identify cyber intrusions, in order to provide for timely discovery of such incidents
- Response planning and improvements (under Respond) — establishing actions to take in the wake of an incident, enabling an organization to contain the impact
By embedding cybersecurity into their decision making processes, companies will be better positioned to help reap the advantages digital transformation promises, while managing the inherent risks. Importantly, taking this approach also will build trust with employees and customers alike. Today’s trailblazers stand out from the competition — but making the necessary changes will allow others to join their ranks.
For further information on how companies can help proactively secure their companies from digital threats, visit PwC’s Digital Trust Insights website.