A recent report by PwC highlights the lack of cyber resilience measures in global organizations, with only 2% fully implementing such measures.
Description
Critical gaps identified in the report include the absence of a dedicated resilience team, a cyber recovery playbook [1], and technology dependency mapping [1]. Chief Information Security Officers (CISOs) are not sufficiently involved in strategic planning [1], board reporting [1], or technology deployments [1], posing risks of misaligned strategies [1]. The report emphasizes the need for organizations to give CISOs a “seat at the table” to align cybersecurity with overall business risk [3]. A disconnect between tech and business leaders is evident [3], with tech executives ranking cyber as a top risk more frequently than business executives [3]. PwC calls for greater alignment between CISOs and boards to improve cyber resilience and prioritize investments [3]. The increasing use of generative AI, cloud technologies [1], and connected devices is heightening vulnerabilities [1], despite increased spending on generative AI [1]. While cybersecurity regulations are driving security enhancements [1], there is a confidence gap between CISOs/CSOs and CEOs regarding compliance readiness [1]. Only 15% of respondents are measuring the financial impact of cyber risks to a significant extent [2], despite the majority agreeing on its importance [2]. Barriers to improvement include uncertainty around risk scope [2], data issues [2], and compliance concerns [2]. PwC emphasizes the need for organizations to fully realize the potential of cyber risk quantification, as those that do not measure cyber risk are missing out on critical intelligence for informing board decisions and capital allocation [2].
Conclusion
The report underscores the urgent need for organizations to address the identified gaps in cyber resilience measures to mitigate the risks posed by cyber attacks. By giving CISOs a more prominent role in strategic planning and aligning cybersecurity with overall business risk, organizations can enhance their cyber resilience and prioritize investments effectively. Additionally, improving alignment between CISOs and boards [3], measuring the financial impact of cyber risks [2], and fully realizing the potential of cyber risk quantification are crucial steps towards strengthening cybersecurity and informing decision-making processes at the board level.
References
[1] https://dig.watch/updates/pwc-report-reveals-only-2-of-organisations-achieve-firm-wide-cyber-resilience
[2] https://www.infosecurity-magazine.com/news/pwc-boards-cisos-seat-table/
[3] https://thecyberwire.com/podcasts/daily-podcast/2161/transcript