Cybersecurity concerns represent the most serious risk facing organizations, beating inflation, talent acquisition/retention and rising production costs, according to a new PwC study.
The PwC Pulse: Managing business risks in 2022 report was compiled from interviews with 722 US C-suite executives.
Two-fifths (40%) ranked cyber-attacks as a serious risk, rising to 51% of board members. PwC said boardrooms may be getting more attuned to cyber risk after new SEC proposals were published in March that would require directors to oversee cybersecurity risk and be more transparent about their cyber expertise.
In fact, executives appear to be getting more proactive with cybersecurity on a number of fronts.
Some 84% said they are taking action or monitoring closely policy areas related to cybersecurity, privacy and data protection. A further 79% said they’re revising or enhancing their cyber risk management approaches, and half (49%) pointed to increased investments in cybersecurity and privacy.
By way of comparison, 53% said they’re increasing investment in digital transformation and 52% in IT.
“Cybersecurity is a strategic business enabler – technology is the central nervous system of many companies – and confirming its data is secure and protected can be brand defining,” said Sean Joyce, PwC Global and US cybersecurity and privacy leader.
“There’s now heightened attention from a wider range of business leaders and corporate directors as they recognize that cybersecurity and data privacy should be part of not only a risk management strategy, but also a broader corporate strategy. C-suite and boards are actively taking steps to better understand the global threat landscape, confirm a foundational cybersecurity program is in place, and manage these risks to create opportunities.”
The report is more optimistic than many recent studies into IT–business alignment on cyber risk.
Research from April claimed that over 90% of IT decision makers believe their organization would be willing to compromise on cybersecurity in favor of other goals. In addition, more than 80% of IT managers surveyed said they felt pressure to downplay the severity of cyber risks to their board for fear of sounding too negative or repetitive.