It may have taken a pandemic along with some recent high-profile breaches but looks like there is now finally a much greater appreciation for cybersecurity. A survey of 311 technology and security executives of mid-size to large enterprises in the U.S. conducted by PwC finds more than half of respondents (52%) said revenues and profits are demonstrably higher when customer trust is established and maintained. The top two areas of focus areas for building that trust are cloud security (64%) and customer data protection and privacy (63%), the survey finds.
Arguably, that greater appreciation for security can be traced directly back to digital business transformation initiatives that were either launched or accelerated in the wake of the COVID-19 pandemic. Well over half of respondents (53%) claim they have been able to strike a balance between the rate at which products are being developed and the need to build security into digital initiatives. Nearly half of respondents (49%) now discuss data security and privacy issues in depth with the board of directors or an audit committee.
Given how dependent most digital business transformation initiatives are on public clouds the fact that there is a lot more focus on securing these platforms is encouraging. However, challenges still abound. At least one-third of our survey respondents said in the past year they’d experienced significant disruptions attributable to third parties, including software supply chain disruptions (47%), cloud breaches (45%), third-party platform exposures, outages, and downtime (41%) and data exfiltration (39%).
The challenge organizations face is that it’s next to impossible to craft a digital service that to one degree or another doesn’t depend on third parties. More than half of respondents (51%) said they expect to increase their dependency on third parties for critical business functions. An almost equal number said they expected to increase monitoring of third-party risks (47%), with 52% noting they expect to see higher regulatory scrutiny of third-party partners.
PwC is making a case for the need for a more deliberate approach to third-party risk management as a result. The survey notes at 80% of respondents are worried about the level of internal support for third-party risk management. Concerns include lack of strategy for use of third parties (49%), lack of criteria for distinguishing critical from noncritical third parties (42%), and inadequate attention to fourth/nth-party risks (42%). A full 80% are moving toward a security architecture based on zero-trust principles.
Overall, the PwC survey suggests respect for cybersecurity has never been higher. There may still be some organizations that still lag rivals, but a general shift toward viewing cybersecurity as a business enabler is clearly underway. The challenge now will be maintaining that respect at a time when the rank and file of an organization may not have the same level of appreciation for cybersecurity as upper management. The difference now, of course, is that for the first time in many of their careers cybersecurity professionals have support from senior executives that goes well beyond the lip service many of them used to historically pay.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.