The most recent PwC Pulse Survey shows that the recession, inflation, and interest rates are not at the top of executives’ risk-worries. The top spot goes to cyber-attacks.
According to the PwC report, 40% of all respondents list cyber-attacks as a serious risk (and another 38% cite it as a moderate risk). Virtually all roles in the C-suite ranked cyber-attacks high on their list of risks, including tax leaders (with 47% citing it as a serious risk), CFOs (44%), and CMOs (41%).
An even bigger signal of the growing concern around cyber-attacks is that 51% of board members cited it as a serious risk (and another 35% as a moderate risk) — more than any other category of business leader.
In March 2022, the SEC proposed to enhance and standardize cybersecurity disclosures, requiring that the registrant’s board of directors oversee cybersecurity risk. The proposal would also require annual reporting or certain proxy disclosure about the board of directors’ cybersecurity expertise. As a result, board members are becoming increasingly attuned to cyber threats and their role in overseeing cybersecurity risk management.
Cybersecurity — including the related realms of privacy and data protection — is also becoming a growing policy concern of business leaders. Not surprisingly, 84% say they’re either monitoring closely or taking action on potential regulatory changes.
The importance of cyber reflects two things. First, virtually all companies are now digital companies, with a heavy reliance on data and analytics and a growing reliance on mobile and cloud. Second, cyber threats continue to grow and become more sophisticated.
What your company can do:
View cybersecurity as a broad business concern and not just an IT issue. Build cybersecurity and data privacy into agendas across the C-suite and board. Increase investment to improve security.
- Educate your employees on effective cybersecurity practices.
- For each new business initiative or transformation, make sure there is a cyber plan in place.
- Use data and intelligence to regularly measure your cyber risks. Proactively look for blind spots in your third-party relationships and supply chains.