Companies must do more to regain public trust after breaches: PwCReprints
Companies and C-suite executives need to do more to regain public trust in light of massive data breaches, according to a PricewaterhouseCoopers study released Wednesday.
PricewaterhouseCoopers said its 2018 Global State of Information Security Survey found that many organizations around the world are not doing all they can to protect privacy.
Privacy risk management needs reinvigoration and stronger integration with cybersecurity, the study said. “Consumers and regulators want this. For CEOs and boards, the existential question is less about the future of privacy and more about the future of their own organization.”
While the World Economic Forum’s 2018 Global Risks Report ranks both large-scale cyber attacks and major data breaches or fraud among the top five most likely risks in the next decade, PwC said its study, based on responses from 9,500 executives in 122 countries, “show(s) that many companies are still beginners in data-use governance.”
In addition, PwC’s 2017 U.S. Consumer Intelligence Series survey revealed that just 25% of consumers said they believe most companies handle sensitive personal data responsibly.
Sean Joyce, PwC’s U.S. cybersecurity and privacy leader, said few companies are building cyber and privacy risk management into the digital transformation properly. Mr. Joyce said in the report that “the winners of the future are going to be the ones that from the design phase all the way to production build in that risk management — it’s a brand-defining opportunity.”
The study said that organizations of all sizes should boost the engagement of corporate boards in the oversight of cyber and privacy risk management.
Less than one-third of the survey respondents said their corporate board directly participates in a review of current security and privacy risks. For companies worth more than $25 billion, PwC said the figure is only a bit higher.
About two-thirds of respondents worldwide said their organization has put a chief privacy officer or similar executive in charge of privacy, PwC said.
“Cyber security, privacy and trust are increasingly intertwined within and outside the organization,” the report said. “CEOs must lead and not simply delegate data protection and privacy issues to others who are not fully responsible for driving the business and setting the risk appetite.”