The next wave of digital trust has arrived

COVID-19 has triggered widespread shutdowns and disruptions to supply chains. At the same time, it’s caused a rapid rise in remote working, and digitisation has accelerated overnight. For much of 2020, it’s been like building the plane while flying it.

In such a fast-moving and uncertain environment, what can organisations do to secure confidence in their people, processes and technology? How can organisations engender digital trust?

Now is the time to look back at the digitisation over the pandemic period to date and to mitigate the risks that have emerged or been elevated. It’s also the time to plan a cyber-secure future for your organisation. 

Here are five key areas for you to consider:

1. Cyber capabilities and cyber risk

Right now, cyber professionals are being asked to balance cyber capabilities on the one hand, and cyber risk on the other, and all while enabling fast-tracked digitisation. How do you go about this? 

The answer is: prioritisation. Start by identifying your organisation’s critical data assets, as well as the major risks you’re facing. Cost is a challenge right now, and businesses are looking to leverage any spend on digitisation. Bang for your technology buck is essential, and capital constraints must be considered before deciding where digital investment is needed most.  

We’ve compiled a guide revealing the major COVID-19 related cyber threats seen to date, including phishing campaigns and brand spoofing emails impersonating the World Health Organisation, as well as disinformation campaigns spreading false information about government responses to COVID-19.

The guide also outlines key considerations for your organisation’s cyber risk and cyber capability roadmap. These should be viewed as opportunities for your organisation because digitisation—carried out in a strategic way—can increase confidence in your organisation’s capabilities.

Ask yourself: Does the organisation have a strategy for:

  • Risk management and governance?

  • Authorised access management?

  • User awareness and training?

  • Incident detection and response?

  • Third parties (including cloud services)?

  • System and data protection?

2. Data

Data is a building block of everything we do, so having effective data governance is essential. The need for accurate, complete, consistent and timely data has never been greater than it is right now. We’re facing an extremely unpredictable environment, and organisations need to be able to access the right data, of the right quality, and get it into the right hands at the right time. Meanwhile, there are issues of cyber security to contend with, as well as regulatory obligations around privacy.

But that’s not to say data governance is only about navigating data-centric challenges; your organisation’s data is also a valuable asset and a source of competitive advantage. 

There are opportunities available to those organisations that can leverage their data, including:

  • Improved agility and oversight

  • Protected privacy, operational resilience and regulatory trust

  • Increased return on investment on data spend

  • A data-centric transformation

  • Reduced inefficiency and waste.

3. Supply risk

COVID-19 has seen a spike in the adoption of digital services, including cloud and other third-party service providers. This almost certainly includes your supplier. Consider: Have they moved to virtual workplaces, or implemented remote working practices? Have they engaged a fourth party? 

Supplier due diligence should be a cornerstone of your risk management framework at any time, but the risks are coming thick and fast right now. 

Consider an adjustment to the assessment criteria and controls required to manage these risks, in particular: 

  • Have you understood the risks to changes in your suppliers’ operations?

  • How are you monitoring supply risk on an ongoing basis?

  • How will your organisation mitigate risk while ensuring continuity of service? 

4. Technology resilience

How do you ensure your technology can support new ways of working, as well as your organisation’s digital service delivery?

When building technology resilience there are three phases of response: mobilise (4-8 weeks), stabilise (2-6 months), and strategise (6+ months). In the short term, everything hinges on your organisation’s critical processes. Identify these processes, and then ensure they have in-built redundancy because business continuity is the name of the game in the immediate term. 

Looking to the future, technology resilience is less about crisis management, and more about preventing problems before they occur. This requires a more strategic, proactive brand of resilience, and there are several things to consider including:

  • Have you forecasted future utilisation of IT services? How might changing consumer and staff behaviours affect IT resource plans?

  • Can you use digitisation and automation to drive improved IT resilience?

  • Can you enhance the design of network and connectivity infrastructure to remove single points of failure, enable new ways of working and sustain surge capacity requirements? 

  • Can you in-source services and house data in low-risk data centres? 

  • Can you uplift risk management processes?

5. Operational resilience

Operational resilience spans the entirety of your organisation’s end-to-end business services, from workforce and culture through to business continuity and supply chain. Successfully manage disruptions to critical business services and you’ll have achieved operational resilience.

As with technology resilience, operational resilience can be divided into three phases of response: Mobilise, stabilise and strategise. In the immediate term, assess the impact to critical business services and activities, and engage with key parties in the supply chain ecosystem to understand impacts. In the longer term, consider digitisation of existing processes to improve resilience, re-assess any offshoring models, and review and uplift risk management processes, functions and culture.

Ask yourself: How can the organisation achieve operational continuity? What must be built in, up-front, to achieve that? Our series of papers will assist you in answering these questions and ensuring your organisation's operational continuity.



Contact us

Peter Malan

Peter Malan

Partner, Melbourne, PwC Australia

Tel: +61 413 745 343

Jon Benson

Jon Benson

Partner, Melbourne, PwC Australia

Tel: +61 438 565 299

Nicola Nicol

Nicola Nicol

Partner, Melbourne, PwC Australia

Tel: +61 436 444 949

Craig Sydney

Craig Sydney

Partner, Sydney, PwC Australia

Tel: +61 400 215 757

Philippa Cogswell

Philippa Cogswell

Director, Sydney, PwC Australia

Tel: +61 410 588 877

Jason Knott

Jason Knott

Partner, Perth, PwC Australia

Tel: +61 8 9238 3418

Robert Di Pietro

Robert Di Pietro

Partner, Canberra, PwC Australia

Tel: +61 418 533 346

Shad Sears

Shad Sears

Partner, Canberra, PwC Australia

Tel: +61 419 771 079

Kim Cheater

Kim Cheater

Partner, Adelaide, PwC Australia

Tel: +61 414 227 035

Ryan Ettridge

Ryan Ettridge

Partner, Brisbane, PwC Australia

Tel: +61 417 702 234

Follow PwC Australia