If the lifeblood of the digital economy is data, its heart is digital trust – the level of confidence in people, processes and technology to build a secure digital world.
So, how are companies doing when it comes to creating this trust? PwC asked 3,000 businesses worldwide about their readiness to address cyber security, privacy and data ethics.
While some are making progress, many can do better. Here’s a snapshot of what Australian organisations had to say.
Less than a third (28%) of Australian organisations plan to invest in new security and privacy safeguards.
These results confirm our experience that in Australian companies, digital trust functions are under-resourced and sit too far down the management chain. Given that digital risks do not stand still, it’s critical that companies support and prioritise the ongoing development of new controls and frameworks.
Many of the world’s leading firms know this and are investing significantly in strengthening security controls in their products and taking privacy issues incredibly seriously. They recognise that in a data-driven world, where data and technology are fundamental to growth, digital trust is non-negotiable.
Only 20% of Australian companies are ‘very comfortable’ that the board is getting adequate reporting on cyber security and privacy risk management.
Considering the complexity of the issues involved, this is a particularly worrisome finding. Without access to the right metrics and insights, some boards could be ‘flying blind’ when it comes to digital trust.
So, what information do boards need? It’s likely they will want to know the business impact of security and privacy activities. For example:
But boards also need to know how external factors – threats, third-party risk and regulations – affect the company’s overall risk posture and the effectiveness of its risk reduction activities. Start with what can be measured today using quantified risk metrics and create a plan to add more sophisticated metrics over time.
Most companies are eager to embrace emerging technologies such as the Internet of Things (IoT), quantum computing, robotics and artificial intelligence. But fewer are confident they have sufficient digital trust controls for those tools.
For example, 68% say that AI is critical to at least some of the business. But only 21% are very confident in their controls for security, privacy and data ethics around this technology
If businesses want to continue to reap the rewards of new digital innovations, they need to do more to manage the downside risk.
A lack of accountability at the top is a core reason that Australian companies are falling behind on digital trust.
For example, less than a quarter (24%) have a Chief Information Security Officer in charge of enterprise-wide data security. Even fewer (18%) have a Chief Privacy Officer.
But without the right leadership in place, managing risks around security, privacy and data ethics becomes a much steeper climb.
The reality today is that business is data-driven. Management structures need to reflect the fact that digital trust is not a technical issue, but a ‘business-critical’ issue.
The days of reporting up through the General Counsel, Chief Compliance officer or Chief Information Officer are over. It’s time for companies to elevate accountability for the security and privacy of data to the C-suite.
An essay in The Economist predicted 2018 “will be remembered as the year that privacy law finally started catching up to the Internet.” But business, it seems, still has some way to go.
Given the growth in new security and privacy regulation and the increasing level of cyber activity, next year will be pivotal as companies globally continue to grapple with the challenge of building and maintaining digital trust.
But those that do – that show the connected world how to lead in safety, security, reliability, privacy, and data ethics – will be the titans of tomorrow. Isn’t that a journey worth taking?
Partner, PwC Australia
Tel: +61 3 8603 0642
Partner, PwC Australia
Tel: +61 3 8603 3676