Most Companies Do Not Adequately Manage The Risks Of Cybersecurity

Many CEOs and senior executives believe that the cybersecurity “attacks” will rise in the following years, being concerned about the way the operation of the companies will be affected. The above conclusion comes from PwC’s «2022 Global Digital Trust Insights Survey». A number of 3600 CEOs and senior executives from all over the world took part in the survey trying to describe the connection between the operation of a company and cybersecurity risks.

The findings of the survey create concern in an environment where 60% of senior executives expect an increase in cybercrime is about to take place. They also highlight the challenges that companies face in trying to build trust with their data, ensuring that it is accurate and secure so that their customers and everyone else involved can be assured that their information is adequately protected.

It is worth mentioning that 56% of the respondents to the survey reported that their organizations are expected to have an increase in malicious attacks and data breaches carried out through the software supply chain. 34% of them have assessed their business exposure to this risk. Another 58% are expecting a vertical increase in attacks on their cloud services, but only 37% understand the risks.

The survey finds out that CEOs can make a difference concerning cybersecurity, being able to participate in and support the adoption and achievement of cybersecurity goals more than their teams. Undoubtedly, the CEOs’ active involvement in adopting and achieving cybersecurity objectives is a key factor.

Executives reported greater progress in cybersecurity outcomes; in some cases, they were 12 times more likely to have their CEO’s broad and in-depth support. According to most executives, the most critical step towards a more secure digital society by 2030 is training CEOs and boards to better meet their cybersecurity obligations. For the needs of the survey, nearly 700 CEOs and 2.900 other C- suite executives were asked. One basic conclusion that came out is that CEOs see themselves as more involved in cybersecurity than others in the organization do. However, although CEOs believe they give significant cyber support, only 3 out of 10 executives agree.

Regarding how companies limit the risks posed by third parties, the most common responses were to check or confirm the compliance of their suppliers (46%), to share information with third parties as well as assist them in improving their attitude towards cybersecurity (42%) and addressing the difficulties in terms of cost or time they invest in order to ensure resilience to cyber threats (40%). However, the majority did not define the criteria for third parties (58%), did not review the contracts (60%), nor did they increase the rigor of due diligence (62%) regarding the identification of threats related to third parties.

Over the past two years, organizations with the most advanced or improved practices have been twice as likely to have significant progress in cybersecurity. The most advanced practices usually refer to engaged CEOs, streamlined organizations, data trust, and secure ecosystems. The survey points out that the top 10% of the organizations that are most advanced in cyber practices or most improved on cyber outcomes are in a good position. But the majority overall – 63% of organizations – don’t get the kind of support they need from their CEOs.

Have you read?
Better Together by Leo Bottary.
Leadership Lessons from Fatherhood: 7 Key Behaviors to Adopt by Robin Landa.
The value of small talk as a powerful empathy tool by Vanessa Vershaw.
Unleashing The True Power Of Financial Wellbeing by Chris Budd.
Why Can’t the Public Sector Consistently Make Smart Decisions by Bryan Shane.