Bangkok--31 Jan--PwC Thailand
- Confidence in people, processes and technology is critical to building a secure digital world.
- Only about half of medium and large businesses in key sectors say they are building resilience to cyberattacks and other disruptive shocks to a large extent. And fewer than half of them say they are very comfortable their company has adequately tested its resistance to cyberattacks.
In an increasingly technologically-driven and interconnected business community, companies have the responsibility to take the necessary steps to manage digital risk. Despite the importance of protecting against cybersecurity threats, PwC's Digital Trust Insights survey has found that businesses of all sizes are equally unprepared to address these threats and protect themselves and their customers.
Digital Trust Insights is the reimagination of the Global State of Information Security(R) Survey (GSISS), a worldwide study by PwC which for 20 years has served as a trusted resource to navigate the turbulent cyber risk landscape. This year's survey presents the views of 3,000 business leaders across 81 territories and a range of industry sectors.
Among key findings from the report:
- Only 53% of businesses practice proactive risk management "fully from the start" of their digital transformations.
- Only a small minority of companies (23%) even at the +$100M level, say they plan to align security precautions to business objectives.
- Just 27% of execs believe their board receives adequate metrics for cyber and privacy risk management.
- Fewer than half of +$100M companies in key sectors worldwide say that they are fully ready to comply with the General Data Protection Regulation, which went into effect in May 2018.
- Though 81% of executives consider IoT critical to their business, only 39% are very confident that sufficient "digital trust" controls are built into their adoption.
Confidence in people, processes and technology is critical to building a secure digital world. More than just mitigating risk, companies must thoroughly integrate and align cybersecurity concerns into their business strategy. Companies can gain a competitive advantage by becoming trusted providers in terms of safety, security, reliability, privacy, and data ethics.
Sean Joyce, US Cybersecurity and Privacy Leader, PwC comments:
"Cyber risk priorities have evolved from focusing on information security to a more holistic focus on digital risk management. Our Digital Trust Insights explores how leaders can meet tomorrow's challenges. Companies that show the connected world how to lead on safety, security, reliability, data privacy, and ethics will be the titans of tomorrow."
Distilling insights from 3,000 business leaders across 81 territories, the Digital Trust Insights survey breaks down the mechanisms that companies need to build digital trust in an evolving cyber risk landscape - and identifies 10 opportunities to improve security and privacy and build consumer trust.
1) Engage security experts at the start of digital transformations
2) Upgrade your talent and leadership team
3) Raise workforce awareness and accountability
4) Improve communications and engagement with the board of directors
5) Tie security to business goals
6) Build lasting trust around data
7) Boost cyber resilience
8) Know thy enemies
9) Be proactive in compliance
10) Keep pace with innovation
Vilaiporn Taweelappontong, Consulting Lead Partner for PwC Thailand, concludes:
"Nowadays, Thai organisations in almost every industry—from banks to retailers to telecoms—have widely adopted digital technology to serve their customers, whether it be mobile banking, online shopping or e-Wallet. You name it. And with these fast-emerging technologies, it's inevitable that we also see a rise in cybercrimes. It's critical for business leaders to realise this fact and put in place cybersecurity measures, including investing in data protection.
"Thai business leaders need to keep abreast of any developments in the area of personal data protection, which is currently a rising trend both globally and in Thailand. The cabinet approved cybersecurity and personal data protection bills that were enacted by the National Legislation Assembly late last year. This would allow our country to have personal data protection mechanism that is on the same level—or at the very least, aligns with—international standards.
"Personal data and privacy breaches in Thailand are likely to increase even further, so I'd like to warn business operators to start preparing their data protection journey today. Basic preparation can range from enabling effective processing of consent and data subject requests, clearly specifying the objective of using personal data, and putting in place a back-office system to treat data in a safe and secure manner. Hiring a team of experts at an early stage would also be beneficial because this is an issue that Thai businesses won't be able to avoid."
The full report is available at pwc.com/us/digitaltrustinsights