How global CXOs can improve their security posture: 6 tips

Only 56% of businesses have an information security strategy, according to PwC. Here's how to fix that.

These are the cybersecurity concerns that keep execs up at night
Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • 87% of global CEOs said they are investing in cybersecurity to build trust with customers. -- PwC, 2018
  • 53% of CXOs said they require employee training on privacy policy and practices. -- PwC, 2018

Only 56% of businesses have an overall information security strategy, according to a new report from PwC--a major risk in an era of increasingly sophisticated attacks and high-profile breaches that cost companies millions.

A failure to consider privacy risk management puts global business leaders at risk, according to the Global State of Information Security Survey 2018. PwC surveyed 9,500 executives in 122 countries, and found that CXOs have much work to do to build up their companies' cybersecurity posture.

Only 53% of CXOs said that their company requires employee training on their privacy policy and practices, and 51% said they have an accurate inventory of personal data. Just 49% said they limit personal data collection, retention, and access to the minimum necessary, and 46% require third parties to comply with their privacy policies.

SEE: Information security policy (Tech Pro Research)

"There are very few companies that are building cyber and privacy risk management into their digital transformation correctly," Sean Joyce, PwC's US cybersecurity and privacy leader, wrote in the report.

However, there are some bright spots. Some 87% of global CEOs said they are now investing in cybersecurity to build trust with customers, the report found. And companies are increasingly deploying advanced authentication technologies, including biometrics (60%), software tokens (59%), hardware tokens (55%), cryptographic keys (53%), and multifactor authentication (51%).

About two-thirds of respondents worldwide said their organization has put a chief privacy officer (CPO) or similar executive in charge of privacy.

Here are six tips for global business leaders to improve their enterprise security posture.

1. The C-suite must own management of digital risk

As cybersecurity and privacy become paramount both within and outside every company, CEOs must lead rather than delegate data protection and privacy strategies, the report said. CEOs must also lead the development of strategies for mitigating cyberattacks. A CPO should have a seat at the table to support the CEO's decision making.

2. Engage your board

Boards should be continually informed about the C-suite's plans to address emerging risks in data protection and privacy, according to the report, which requires a strategy for board education. Right now, only 31% of CXOs said their corporate board directly participates in a review of current security and privacy risks, the report noted.

SEE: Network security policy template (Tech Pro Research)

3. Prioritize data-use governance

Businesses that learn to use data in more innovative ways will find more opportunities, but also more risks, the report noted. That means CXOs must understand the most common risks, such as lack of awareness of about data collection and retention activities, and create a data-use governance framework to guide their work in this area.

4. View GDPR as an opportunity

CXOs should view GDPR as a chance to align their organization--no matter what countries it does business in--to more protective policies, the report said.

5. Consider the risks of regulation abroad in a strategic context

The "balkanization" of the internet means more companies will likely face pressures from foreign governments to provide access to sensitive intellectual property, such as source code, the report said. Companies should make decisions on how to respond to this pressure by considering the cybersecurity, privacy, and trust risks that could arise from offering up that information.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

6. Champion responsible innovation

Companies across all industries should support and participate in the development of emerging standards that could help put privacy principles into practice. Embedding cyber and privacy risk management into digital transformation efforts will help CXOs better withstand cyber threats, and gain customer trust and a competitive advantage.

"Companies that seize the opportunity to manage data protection and privacy risks are expected to be better positioned to thrive in the data-driven economy and build resilience in digital society," the report stated. "Businesses that rush to transform digitally without building in security and privacy are on the path to obsolescence."

Also see

Image: iStockphoto/gorodenkoff