Cybersecurity a race of two horses, as top quarter increase gap on average firms

12 July 2019 3 min. read
More news on

Cybersecurity threats continue to impact global markets, as more and more data is digitized and exposed to hackable networks. New analysis shows that while some companies are on top of the threat, an increasingly large gap between top and bottom performers is creating a risky environment for consumers and businesses alike.

Cybersecurity is increasingly seen as an agenda item for global directors, since digitalization entails both opportunity and risk. Mitigating these risks can be expensive, requiring considerable investment, training, and compliance work. Not doing so can be devastating, with loss of trust to business disruption – and in severe cases, closure.

To understand how companies are operating in the new environment, PwC recently released a report into the cybersecurity industry titled ‘Digital Trust Insights Survey’. The report is based on a survey of 3,000 executives and IT professionals worldwide. A key finding from the survey is that the top 25% of companies are much better prepared than average companies for protecting against the most acute cyber security events – at 58% for the top quarter vs. 21% for average firms.

Yet how prepared are organisations globally in terms of identifying possible risks, detecting when things have gone wrong as well as cleaning up the consequences of a break-in. To better understand the current level of security, the firm surveyed more than 3000 executives and IT professionals globally.

Cybersecurity a race of two horses, as top quarter increase gap on average firms

The analysis shows some differences between industries in terms of their ability to manage threats. Across the board, around 10% of companies said that they have an optimised strategy in place when it comes to identifying threats. Risk management strategy has the highest level of performance, at around 12%, compared to asset management at approximately 8%. However, supply chain risk management suffers from the highest level of unsure and incomplete levels of maturity for threat identification. 

In terms of the kinds of protections companies have in place, and their relative maturity, companies seem increasingly well-protected. One of the key elements to a good defensive position is well-trained staff, with around 85% of firms noting that the issue is at least being managed. Most companies have deployed protective technology to some degree, while data security is optimised at 15% of the companies surveyed.

The survey notes however that trailblazers, the top quarter of companies surveyed, tend to have much stronger protections in place than the company average. Their awareness and training exceed 20% optimisation, with a similar figure for information protection processes and procedures. Smaller companies( <$100 million) tend to perform better than large companies ($1 billion).

When it comes to recovery, the firm found that around 40% of companies have recovery plans, can manage improvements, and have a communication policy in place. A further 20% have defined actions that need to be undertaken, with more than 95% of companies saying that they can manage such an eventuality.

Dealing with the aftermath then, tends to be one of the areas in which companies rate themselves as competent. However, given the negative consequences of such an event, making sure it never gets to a recovery situation remains paramount for many businesses globally.