As many as 70% of C-suite executives believe organizations have significantly improved in the last 12 months in securing their organizations from cyber threats. According to PWC’s 2023 Global Digital Trust Insights report, this was made possible by a higher level of security collaboration and investments in the domain.
Most senior executives said their organizations’ security teams were able to improve in ten of the most important security sub-domains. These include operational technology (OT) security (79%), ransomware defense (77%), security and privacy approach to product development (75%), the efficiency of cyber resources (75%), collaboration with engineering (73%), cyberattack response (72%), supply chain risk management (70%) and more.
However, only one in four (26%) of C-suite respondents said their teams could accomplish all ten, and fewer than 40% believe they have fully mitigated the risks that arose due to the sudden shift to remote work and the digital cloud, and that will persist going into 2023.
Besides remote work and cloud computing, PwC listed eight other emerging cyber risks, including increased data volumes, the convergence of IT and OT, IoT use, digitization of supply chain, digitization of back-office operations, and entering new markets, all of which have been mitigated by only 3% of respondents.
Percentage of Organizations That Have Mitigated Cyber Risks Associated With Above | Source: PwCOpens a new window
However, security gaps in tech and operations come later. Where the threat comes from is an integral part of addressing future threats.
Most executives are concerned that mobile devices will be leveraged as an attack pathway by 41% more in 2023, followed by email (40%), cloud (38%), web applications (37%), human error/insider threat (37%), third parties (34%), endpoints (33%), software supply chain (32%), remote access portals (32%), IoT (29%), and OT (26%).
When it comes to the types of attacks expected to be prevalent in 2023, C-suite respondents are concerned about business email compromise/account takeovers (33%), ransomware (32%), compromise of cloud management interfaces (31%), hack-and-leak (30%), third-party breach (29%), compromise of the software supply chain (26%), IP theft (26%), IIoT breaches (26%), DDoS (25%), and more.
See More: Hacking Your Security Behaviors: CISOs Share Best Practices for 2022Opens a new window
Furthermore, PwC’s survey covered the ‘who’ part of cyberattacks, to which 65% of senior executives said that cybercriminals are the biggest threat. Sabotage from hacktivists (48%), insiders (44%), and competitors (42%) are the subsequent three concerns, followed by nation-states (27%).
PwC’s report details the inter-executive opinions on the organizational cybersecurity posture and what keeps them up at night when looking at future threats.
The bad news is that only one in five or 19% of CIOs, CISOs, and CTOs are confident their organizations have taken steps to secure against cloud breaches (one of the most prevalent attack vectors). Also, more than half (56%) of COOs and CROs are “extremely or very concerned†about their company’s ability to fend off a supply chain attack.
The good news is that 46% of CEOs want to empower CISOs to drive security collaboration, and 51% of CEOs and board members seek cyber risk management plans in case business or operational elements are altered.
The survey pointed to five capabilities that need to be advanced to ward off future threats: Identify, Protect, Detect, Respond, and Recover.
Five Capabilities CISOs Believe Need to Advance | Source: PwC
For additional details on the C-suite playbook for cybersecurity in 2023, refer to PwC’s full reportOpens a new window .
Note: PWC’s 2023 Global Digital Trust Insights survey was conducted in July and August 2022. The findings of the report are based on responses from 3,522 business, technology, and security executives (CEOs, corporate directors, CFOs, CISOs, CIOs, and C-Suite officers), 52% of which lead companies with a revenue of $1 billion and above, and 16% of which lead companies with $10 billion or more.
Respondent organizations are engaged in industrial manufacturing, tech, media, telecom; financial services, retail and consumer markets, energy, utilities, and resources; health, and government and public services across western Europe, North America, Asia Pacific, Latin America, Eastern Europe, Africa, and the Middle East.
Let us know if you enjoyed reading this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!