Organizations are increasing investments in cybersecurity and their dependence on third parties—even in light of disruptions, according to PwC’s Cyber Trust report.
Increased investments in cybersecurity (74%), information security (64%) and consumer privacy (60%) are the top priorities of business leader respondents to demonstrate a commitment to building digital trust, according to a newly released report.
PwC’s latest Cyber Trust report also found that business leaders identified cloud security (64%) and data protection and privacy (63%) as the most strategic areas to prioritize in improving stakeholder trust.
SEE: Microsoft releases biannual reports on digital trust (TechRepublic)
Third-party-related disruptions were among the top organizational risks identified, with one-third of survey respondents revealing their firms had experienced significant disruptions due to third parties. These included software supply chain disruptions (47%), cloud breaches (45%), third-party platform exposures and outages and downtime (41%) and data exfiltration (39%).
Yet, the trend of dependency on third parties “continues to gather steam,” with nine in 10 still expecting to rely on external partners for critical business functions to grow, according to the report.
At the same time, 92% of businesses expect increased regulatory scrutiny of third parties.
Proving a commitment to innovation
Respondents have only implemented three to six of the 10 components of a robust third-party risk management program; only 5% had a full complement, the PwC report said.
The survey found that respondents have also implemented measures to illustrate their commitment to take action and innovate. For example:
44% said environmental, social and governance initiatives are evolving into business growth efforts, rather than avoid enforcement action
53% said they are doing greater due diligence when it comes to securing software code than they create or acquire
53% said innovation by corporations, rather than regulation, will be more effective in strengthening stakeholder trust in companies
48% said in their industry, a leader is emerging in innovation (e.g. new product features or practices) that strengthen customer trust.
With a significant majority of the executives actively focused on stakeholder trust, many are investing in multiple measures–at least four of them, on average. The top two focus areas for trust-building are related to cybersecurity: Cloud security (64%) and data protection and privacy (63%), followed by corporate responsibility to society and environment (58%) and responsible development and use of technology (55%).
Finding a balance is the most powerful role leaders have in trust-building
These executives “face hard, even profound, strategic decisions touching on core issues such as balancing customer privacy with the monetization of their data, moving with speed and agility while embedding security and privacy, flexibility in supply chains while managing third-party risks,” the report said. Between 53% and 60% of executives reported that their organizations have fully addressed these tensions—that is, they have crafted strategies and processes to address them.
“But with technology ever advancing and the business environment ever-changing, leaders may have to revisit these time and again. They may even create new solutions that achieve the balance between apparently conflicting choices.”
A company that chooses privacy as its primary value can build thriving business models around it. A company that honors consumers’ right to opt-in to sharing their data might be more successful in reaching more consumers and earning their loyalty, the report said. Additionally, an organization that takes the time to invest in supply chain security by design may encounter fewer operational disruptions down the road.
Leadership and operational challenges of building trust
Building trust is all-encompassing because it is both a leadership challenge and a design problem, according to the report. It requires a two-pronged approach that focuses on both culture and operations and requires buy-in from everyone.
The CEO’s role “is to frame the choices among apparent trade-offs, to set a strategy that reflects the company’s values and to imbue the culture with the spirit that animates their chosen direction — all with board confidence and oversight,” the report said.
They also “lead imaginative thinking on new ways of doing business that can open deeper connections between trust and profitability—poised for a growth trajectory in a changing world.”
The role of operational leaders like the CIO, CISO, chief privacy officer, chief data officer is to design and weave trust into the flesh and bones of the organization through detailed policies, controls and playbooks.
In the case of a new mobile app or a new IoT device, for example—vetting users, verifying their identities, protecting the data they provide and generate on the app or device, using data for business intelligence or revenue generation, sharing data with business partners—all these should be set by policies, guarded through controls and governed through playbooks, the report stated.
“Operational leaders should also serve as key advocates, offering counsel on the real-world consequences of the trade-off decisions leaders must make. Just as companies are going beyond digitizing and reconceiving how they recreate value, so will they be innovating in the ways they can win stakeholder trust.”
Some of these operational leaders are already re-shaping their organizations into security-first, privacy-first businesses, without waiting for regulations to set the new rules. “Along the way, they’re helping build the scaffolding for 21st-century digital trust that can also facilitate more ambitious social, political and economic goals.”