Sean Joyce is Global Cybersecurity & Privacy Leader, US Cyber, Risk & Regulatory Leader, and Catie Hall is Director of the Governance Insights Center, PricewaterhouseCoopers LLP. This post is based on their PwC memorandum.
Cyber risk management is no longer just about preventing breaches. A good program can also help companies get back on their feet and mitigate financial and reputational damage when a breach occurs. How do you know whether your company is doing all it should?
Nearly three quarters of US CEOs in PwC’s 25th Annual Global CEO Survey said they are “extremely concerned” about cyber threats. They even put it ahead of the pandemic and other health crises (46%). The focus is well deserved—cyber threats are everywhere, and breaches make headlines on what seems like a daily basis. They also cost companies, in both dollars and in reputation.
The threat environment is becoming more complex with an increasing number of threat actors, including nation states, using new and more sophisticated tactics. Add to this that during the COVID-19 pandemic, the corporate world embarked upon a rapid digital transformation and many employees started working remotely, increasing companies’ digital footprint—and their cyber risk profile.
The FBI’s Internet Crime Complaint Center received over 2,000 ransomware complaints in the first seven months of 2021, a 62% increase over the same period in 2020.
At the same time, expectations have risen. Even with a robust risk management program, a company can suffer a cyber breach or attack. But stakeholders demand that companies do everything in their power to protect consumer data, and to also recover quickly from a breach or critical disruption. And don’t forget—data security and privacy are part of the “S” and “G” of ESG — an area of heavy focus from multiple stakeholders these days.