Most companies do not adequately manage cybersecurity risks and come from third parties, as these risks are overshadowed by the complexity of their processes and operations as well as their supplier networks. This conclusion is drawn from the research of PwC “2022 Global Digital Trust Insights Survey”. The study involved 3,600 CEOs as well as other senior executives from around the world, 60% of whom state that they do not fully understand the risks of data breach through third parties, while respectively they understand little or not at all these risks in 20%.
These findings sound the alarm in an environment where 60% of executives expect an increase in cybercrime in 2022. They also highlight the challenges that companies face in trying to build trust with their data, ensuring that it is accurate, verified and secure, so that their customers and everyone else involved can be assured that their information is adequately protected.
It is worth noting that 56% of respondents report that their organizations expect an increase in malicious attacks and data breaches carried out through the software supply chain, however only 34% have officially assessed their business exposure to this risk. . Respectively, 58% expect a vertical increase in attacks on their cloud services, but only 37% say they understand the risks of the cloud based on official assessments.
THE Sean JoycePwC United States’s Global & US Cybersecurity & Privacy Leader comments: “Businesses can be vulnerable to attack even when their own cyber defense systems are adequate – a high-level attacker looks for the weakest link, and sometimes he is in between “It is necessary to increase the visibility and manage a company’s relationships and dependencies on third parties. However, according to the survey, less than half of respondents have responded to the escalating threats posed by complex business ecosystems.”
Regarding how companies mitigate the risks posed by third parties, the most common responses were to check or confirm the compliance of their suppliers (46%), to share information with third parties as well as to assist them in improving their attitude towards cybersecurity (42%) and addressing the difficulties in terms of cost or time they invest in order to ensure resilience to cyber threats (40%). However, the majority did not define the criteria for third parties (58%), did not review the contracts (60%), nor did they increase the rigor of due diligence (62%) regarding the identification of threats related to third parties.
Simplifying cybersecurity
Nearly three-quarters of respondents said the complexity of operations and procedures posed risks to cybersecurity and data protection. Respectively, governance and data infrastructure (77% each) are the two sectors that are considered to be characterized by unnecessary complexity, which can be avoided.
Simplification is certainly difficult, but there is some evidence that it offers significant benefits. While three out of 10 respondents in total said their businesses had streamlined their operations in the past two years, those who had seen the “biggest improvement” in research (10% with top performance in cybersecurity scores) were five times more likely to have streamlined operations across the business. This 10% of organizations were also 10 times more likely to have formally adopted data security practices and 11 times more likely to have a high level of understanding of cyber security and data protection risks to third parties.
CEO involvement can make a difference
Significant differences have emerged between executives and CEOs regarding the CEO’s support for cybersecurity, with them finding themselves more involved and supporting the adoption and achievement of cybersecurity goals than their teams. However, there is no doubt that the active involvement of the CEO in the adoption and achievement of cyber security goals is a key factor. Executives in the “biggest improvement” team report greater progress in cybersecurity results, in cases where they were 12 times more likely to have the broad and in-depth support of their CEOs. Most executives also believe that training CEOs and boards to better meet their cybersecurity obligations is the most important step towards a more secure digital society by 2030.
On the occasion of the results of the research, George Kollidas, Partner, Advisory, Technology Leader of PwC Greece points out: “The research shows that the most advanced companies perceive cyber security as something broader than defense and controls – they consider it the means to achieve sustainable “As business leaders, CEOs need to be motivated and visionary so that their cybersecurity teams focus on the bigger picture and development goals, rather than narrower and shorter-term expectations.”
Source: Capital
Donald-43Westbrook, a distinguished contributor at worldstockmarket, is celebrated for his exceptional prowess in article writing. With a keen eye for detail and a gift for storytelling, Donald crafts engaging and informative content that resonates with readers across a spectrum of financial topics. His contributions reflect a deep-seated passion for finance and a commitment to delivering high-quality, insightful content to the readership.