Navigate cyber risks with a tech-enabled approach

Cyber risk has become synonymous with business risk.

Work from home, the proliferation of available data, ecommerce and more have accelerated digitization for every business, ushering in a new wave of cyber vulnerability. According to PwC’s Annual Global CEO Survey 49% of CEOs see cyber risk as the number one threat to their business growth in the next 12 months, ahead of global health, unemployment and inflation.

Whether it’s through ransomware, phishing, password compromises or other avenues, sophisticated attackers are often better at exploiting human error and network vulnerabilities than your organization is at blocking them.

That’s because most businesses have an increasingly complex web of existing risk and cybersecurity systems and processes in place. Over time, you’ve built disparate data sources, like a paper trail of spreadsheets, coupled with legacy and inconsistent processes for monitoring supply chain and third-party vendor risk. Together, these have resulted in layers of complex cybersecurity solutions at the backbone of your business.

According to our 2022 Global Digital Trust Insights Survey, 50% of businesses expect there to be a surge in reportable cyber incidents in 2022, exceeding last year, previously the worst on record. For this reason, 69% of organizations predict a rise in cyber spending in 2022; more than 25% expect double-digit growth. 

With so much at stake, how can businesses protect themselves and avoid additional spend? For many C-suite, CISOs and IT teams, the answer will be to streamline and simplify cybersecurity efforts with robust technology. To choose the right platform, you should consider the following three cybersecurity and risk management plays. 

1. Play offense, not defense, with your cyber risk

Cybersecurity investments tend to be reactive, rather than proactive. Most businesses are stuck putting out fires when a small risk turns into a major liability. By then, it’s often too late. 

In our experience, 30-40% of your cyber investments should be spent on protection, about 30% on detection and 30% on response and recovery. Protection should lead the way. While most leaders agree, in practice it’s not always so simple. 

Only a little more than half, or 55% of CEOs, are taking a future-forward approach by choosing growth-related objectives to help frame their mission and actions when it comes to cybersecurity. Those who take this approach know that it helps establish trust with customers when it comes to data privacy and getting ahead of real cyber threats to their business. 

Being proactive starts at the top and adopting a posture of proactive offense can be impossible without gaining support from the C-suite. Unfortunately, CISOs and other non-CEOs working in cybersecurity know that CEOs don’t always back proactive efforts when it comes to cybersecurity. Only 30% of non-CEOs report receiving adequate resources and funding from their CEO. And when it comes to embedding cybersecurity and privacy in key operations and decisions of the organization, another 30% report the same. 

Earning the CEO’s support can be critical for CISOs and IT teams focused on reducing cybersecurity vulnerability. This includes leveraging tech to help repair network issues, strengthening perimeter protection and disabling unneeded software services. 

Given the persistent threat of cyber attacks, top priorities for future cyber investments should include cloud security, security awareness training and cross training security operations, endpoint security, and real-time threat intelligence capabilities. To earn the trust and ear of the CEO on these initiatives, share details about your organization’s inherent risks that are backed up with evidence from an assessment. Explain how existing resources are currently used to help address those risks as well as what’s likely needed for the future. 

2. Take a data-driven approach to cybersecurity investment 

Knowing your numbers can be key to moving the needle successfully in the near term. In fact, it’s one of the only ways to be strategic about which tech and risk management solutions you implement. Most businesses don’t have this kind of data — and if they do, it’s often tied up in disparate data sources, like spreadsheets and one-off platforms. 

Traditional paper-based assessments often lack a consistent audit trail to understand who or what data drove a given response, or how methodologies can change over time. 

Fewer than one in three respondents to PwC’s 2022 Global Digital Trust Insights survey say they’ve integrated analytics and business intelligence tools into their operating model in order to make decisions about cyber investments and risk management. These same respondents scored lowest in their ability to turn data into insights for cyber risk quantification, threat modeling, scenario building and predictive analysis — all critical to making smart decisions about your organization’s cybersecurity investments.

Barely half of all organizations have risk metrics for cyber threats, but businesses with fewer than 10,000 employees are four times less likely to apply quantitative assessment of their cyber risks. This disparity between small and large businesses can make it even harder for those with smaller internal teams to scale their cybersecurity to necessary levels.  

With the right data, businesses can piece together their risk story like a roadmap or storyboard complete with a business’ dynamic characteristics, all with the goal of building a strategic and proactive approach to cybersecurity. 

3. Build a cybersecurity roadmap that aligns with your business goals and priorities

According to the PwC US Cloud Business Survey, 81% of businesses who quantify their cyber risk say it helped increase productivity and sharpen focus on strategic matters. Cyber-savvy executives know that building a visionary, data-driven roadmap can reduce cyber risk today while preparing an organization for what’s next. The question is how to get there. 

While cyber budgets are increasing, only half of organizations say cyber and privacy will be baked into their every business decision or plan. When cyber security affects every aspect of an organization, you can’t afford to be unprepared. Consider the following ways to acclimate areas of your business to cyber preparedness: 

• Build in tools for change management. To reorient thinking in a way that includes cybersecurity throughout the organization, consider budgets, how each business unit processes data, additional manpower that may be necessary and more. Think about how each business unit can incorporate cybersecurity and what types of changes will be involved in getting there.

• Consider the personnel you need. While cyber threats have been multiplying, the talent pool to address them hasn’t. Cloud-tech and data-driven risk management that helps leverage the power of new technologies still need people to unlock the potential of that tech. While you may struggle to hire new talent to take on these challenges, you could upskill with tools necessary for cybersecurity and take advantage of the institutional knowledge your people already have.

• Know the plan may change. Each organization has specific risks and vulnerabilities and needs solutions that can align accordingly. Building a flexible roadmap means thinking outside the box about what can happen — and how your business should respond. Working across departments and business units may be key. 

Your risk story should be built on the back of enterprise goals and your organization’s unique risk appetite — and you can benefit from a platform that will help you get there. 

Making the case for new technology among rising risks 

Half of executives expect a surge in cyber attacks in the coming months. Cloud service attacks, ransomware, cryptomining, supply chain partners and more — the risks are real. Organizations armed with strong controls and those that have instituted leading practices are well-positioned to truly reduce their risk of attack.  

Doing so starts with an enterprise-wide risk assessment that helps bring your risk data to a single place, so your business can strategically identify, manage and monitor that risk, with the goal of building protective walls around your network and critical operations. 

What would a single tool to help identify your evolving cyber risk mean for your business, from an operational, financial, security and compliance standpoint? 

Enter: Ready Assess, a PwC Product. This digital platform for ongoing risk assessment offers a holistic view of evolving business risk to empower better decisions across your organization. 

Learn more about how Ready Assess can help your organization take a proactive approach to understanding and managing your cybersecurity risks.