Executives Adopting New Tech to Manage Cyber Threats and Achieve Competitive Advantages, According to PwC Survey
- Employee Training Remains a Top Priority for Data Privacy: 56% of respondents currently require employees to complete privacy training.
- Moving Beyond Passwords to Advanced Authentication: Many businesses are turning to advanced authentication technologies to add an extra layer of security and improve trust among customers, with 57% of survey respondents using biometrics for authentication.
- Internet of Things: As the Internet of Things is growing, organizations are beginning to update their cybersecurity safeguards, with 46% of respondents investing in a security strategy for the Internet of Things.
- Phishing Becomes Top Threat: Phishing is the most-cited vector of cybersecurity incidents this year, with 43% of large businesses reporting phishing incidents.
NEW YORK, NY and FRAMINGHAM, MA October 5, 2016 – There is a distinct shift in how organizations are now viewing cybersecurity, with forward-thinking organizations understanding that an investment in cybersecurity and privacy solutions can facilitate business growth and foster innovation. The Global State of Information Security® Survey 2017, released today by PwC US in conjunction with CIO and CSO, examines how executives are adopting technology and collaborative approaches to cybersecurity and privacy to manage threats and achieve competitive advantages.
Many organizations no longer view cybersecurity as a barrier to change or as an IT cost. According to the survey, 59% of respondents said they have increased cybersecurity spending as a result of digitization of their business ecosystem. In this process, organizations not only create products, but also deliver complementary software-based services for products that extend opportunities for customer engagement and growth.
“There is a distinct transformation in how business leaders are viewing cybersecurity and technology – no longer seeing technology as a threat and understanding that cybersecurity is a vital component that must be adopted into the business framework,” said David Burg, PwC’s US and Global Leader, Cybersecurity and Privacy. “To remain competitive, organizations today must make a budgetary commitment to the integration of cybersecurity with digitization from the outset.”
Survey results also found that as trust in cloud models deepens, organizations are running more sensitive business functions on the cloud. Today, the majority of organizations around the world — 63% of survey respondents — say they run IT services in the cloud. Additionally, approximately one-third of organizations were found to entrust finance and operations to cloud providers, reflecting the growing trust in cloud models.
“The fusion of advanced technologies with cloud architectures can empower organizations to quickly identify and respond to threats, better understand customers and the business ecosystem, and ultimately reduce costs,” added Burg. “Cloud models have become more popular in recent years, and that trend will likely only continue as the benefits become increasingly clear.”
According to survey respondents, organizations are also embracing both managed security services and open-source software to enhance cybersecurity capabilities, signaling that businesses are making cybersecurity a priority despite many not having the necessary in-house capabilities and an overall lack in talent to fill key positions. More than half (53%) of respondents employ open-source software and 62% of respondents say they use managed security services for cybersecurity and privacy — relying on managed security services for highly technical initiatives such as authentication, data loss prevention and identity management.
“Designing and implementing a cybersecurity and privacy program is challenging enough, but once a program is in place components must be thoroughly integrated, professionally managed and continuously improved. As this can be difficult for resource-constrained organizations, many are adopting managed security services and utilizing open-source software,” said Bob Bragdon, SVP/publisher of CSO.
To explore the survey findings by industry and region, visit: www.pwc.com/gsiss.
The Global State of Information Security® Survey 2017 is a worldwide study by PwC, CIO and CSO. It was conducted online from April 4, 2016, to June 3, 2016. Readers of CIO and CSO and clients of PwC from around the globe were invited via email to take the survey. The results discussed in this report are based on the responses of more than 10,000 executives including CEOs, CFOs, CISOs, CIOs, CSOs, vice presidents, and directors of IT and information security from more than 133 countries. Thirty-four percent (34%) of respondents were from North America, 31% from Europe, 20% from Asia Pacific, 13% from South America, and 3% from the Middle East and Africa. The margin of error is less than 1%.
CIO is the premier content and community resource for information technology executives and leaders thriving and prospering in this fast-paced era of IT transformation in the enterprise. The award-winning CIO portfolio—CIO.com, CIO executive programs, CIO Strategic Marketing Services, CIO Forum on LinkedIn, CIO Executive Council and CIO primary research—provides business technology leaders with analysis and insight on information technology trends and a keen understanding of IT’s role in achieving business goals. Additionally, CIO provides opportunities for IT solution providers to reach this executive IT audience. The CIO Executive Council is a professional organization of CIOs created to serve as an unbiased and trusted peer advisory group. CIO is published by IDG Enterprise, a subsidiary of IDG. Company information is available at http://www.idgenterprise.com/.
CSO is the content and community resource for security decision-makers leading “business risk management” efforts within their organization. For more than a decade, CSO’s award-winning web site (CSOonline.com), executive conferences, strategic marketing services and research have equipped security decision-makers to mitigate both IT and corporate/physical risk for their organizations and provided opportunities for security vendors looking to reach this audience. To assist CSOs in educating their organizations’ employees on corporate and personal security practices, CSO also produces the quarterly newsletter Security Smart. CSO is published by IDG Enterprise, a subsidiary of IDG. Company information is available at www.idgenterprise.com.
At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 157 countries with more than 223,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com.
© 2016 PwC. All rights reserved. PwC refers to the US member firm or one of its subsidiaries or affiliates, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.
This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.
# # #