Building Digital Trust: Three questions for every leader on cybersecurity and privacy

The year 2018 has seen a steady shift in the place of cybersecurity and privacy matters: from the back office to the front office, from the tech section to the front page, and from the IT dept to the boardroom. 

Cybersecurity and privacy move beyond the back office

Cyber risk management was already high on the business agenda at the beginning of the year, when I had the honor of taking part in a related panel discussion at the World Economic Forum’s annual January meeting in Davos and shared some reflections on that discussion in a post on the Centrality of Cybersecurity.

As I noted then, PwC’s 21st CEO Survey showed that business leaders around the world named cyber threats as a top concern. The WEF’s Global Risks Report for 2018 also reported that large-scale cyberattacks and data breaches would be increasingly likely amid rising cyber-dependency.

Looking back, it is amazing just how prevalent cyber concerns have become in the months that followed. We have also seen a significant repositioning: while cyber threats continue to be a major business concern, developments during 2018 have brought cyber concerns front of mind for broader groups of stakeholders across society as a whole. A shift has taken place in the attitudes of digital consumers—with much more attention on how our data is accessed, protected and used, as well as the downstream impacts.

This presents an opportunity for businesses to establish themselves as digital leaders in helping to address the broader cyber challenges we face. To do so, they need to make a shift from a protective focus on information security to a more proactive focus on building digital trust.

Digital Trust Insights

Our recently released Digital Trust Insights survey distils views on this topic from 3,000 business leaders across 81 countries and all major industries. The survey shows that while most businesses are currently not doing enough to build digital trust, there are clear opportunities to do so.

At a basic level, these opportunities boil down to improvements in three main areas that will make or break digital trust in any organization: people, processes and technology. Confidence in all three of these is critical to building a secure digital world.

This raises three important questions that leaders need to ask of themselves and their organizations to help determine whether they are positioned to become leaders in the digital future.

1. How well are you enabling all people in your organization to help build digital trust?

Organizations around the world are rightly seeking to improve their performance through digital transformation. People are the main success factor in such projects, including when it comes to managing cyber risk. Over 90% of our survey respondents at companies undergoing digital transformation say they include security and privacy personnel as stakeholders in the projects, but only 53% say that they practice proactive risk management “fully from the start” of their digital transformations.

Organizations would also do well to make sure they have the right leaders in place, and to step up their efforts to raise employee awareness and accountability around cybersecurity and privacy. Currently, less than half of respondents are very comfortable their company has adequately identified the executives responsible for cybersecurity (39%) and privacy (40%)—and only 34% of respondents say their company has an employee security awareness training program.

Smart organizations are providing digital skills training to prepare their people for the future. They are also raising workforce awareness about cybersecurity and privacy using straightforward messaging that avoids invoking security fatigue and is memorable enough to influence behavior.

2. How well are you engaging your organization’s business processes to build digital trust?

Cybersecurity and privacy matters are increasingly mission critical for any organization, and yet far too few have taken the steps to evolve their business processes into digital trust mechanisms. Only a small minority of companies (23%) say they plan new investments this year to align security precautions to business objectives.

When it comes to the boardroom, most cyber and privacy risk specialists told us that their company has provided the board with the necessary strategies, but admit to doubts about internal reporting on cybersecurity and privacy metrics. Less than 30% of respondents say they are very comfortable that the board is receiving adequate reporting on metrics for cyber and privacy risk management.

3. How well are your controls keeping pace with emerging technology?

Businesses are reinventing themselves through digital transformations and the application of emerging tech. But are they opening themselves up to new risks even as they pursue new opportunities?

Our survey finds that most business leaders say that emerging technologies are critical for business, but fewer are very confident they have sufficient ‘digital trust’ controls in place for their adoption. For example, 81% of executives consider IoT critical to their business, but only 39% are very confident that they have all the right controls in place to adopt it safely. The same goes for AI, with 70% of respondents saying it is critical to at least some of their business, but only 31% very comfortable they are building sufficient digital trust controls for its adoption.

At the start of the year in Davos, I talked about some overarching principles for combating cyber risks—including the need for collaboration among stakeholders and the imperative for leaders to ask for help when needed. I hope that our Digital Trust Survey will provide further basis for informed collaboration and a useful guide for leaders to determine where they need help in dealing with this crucial matter.