The scenario is all too common: a security breach at an organisation results in data leaks, loss of service, loss of revenue, and reputational damage.
What’s the likelihood of your organisation facing a similar scenario? Research shows that cyber attacks in New Zealand are more common than you may think.
Introduction
Key takeaway
Public and private sector organisations of all types and sizes are frequently affected by malicious cyber activity. New Zealand’s Computer Emergency Response Team (CERT) saw a % increase in the number of cyber security reports made by individuals, small businesses and large organisations in 2020, compared to 2019.
Resource: CERT NZ 2020 Report Summary
Findings from PwC’s Global Digital Trust Insights 2021 survey demonstrate that organisations have moved away from reactive responses to cyber security and are increasingly more deliberate and forward-thinking, combining knowledge and technology to prevent attacks.
Security leaders are working closely with business teams to strengthen their cyber security readiness and to increase the resilience of the entire organisation. The timing couldn’t be better. According to our survey, 40% of respondents are accelerating the investment and adoption of digital technologies throughout the business value chain.
This rapid adoption has introduced opportunity as well as new risks.
Cyber security strategies
Key takeaway
Almost all respondents from our Global Digital Trust Insights 2021 survey identified a shift in their cyber security strategy due to COVID-19.
Half are now more likely to consider cyber security in every business decision – an increase from % in 2020. Having an effective cyber security strategy helps value protection and creates value enhancement opportunities.
Cyber security has matured into a profession, with the cultural, technological, and business understanding needed to combat a growing threat landscape. As the threat environment evolves, so too must the investment and maturation of practices.
As the cyber threat landscape continues to evolve, it has become increasingly important for organisations to determine and communicate the effectiveness of their cyber security investment. Our survey found many challenges in quantifying cyber risk: the lack of widely accepted models, lack of personnel who understand cyber and risks from a business lens, and lack of scalability. However, despite the complexities involved, 60% of respondents have begun to quantify cyber risks.
Threat landscape
With so many competing demands in the online environment, it can be challenging for business leaders to prioritise cyber health and hygiene. However, over time, failure to do so can lead to a technical deficit. As such, decision makers (such as governing boards) must ensure there are sufficient resources so that IT budgets and capabilities can meet the growing challenges posed by cyber attacks.
Over the past 12 months, the changing threat landscape has driven the need for organisations to maintain confidence in withstanding an incident or disruption with minimal downtime or impact. We have observed an important shift with organisations now assuming that their technology and operations will be disrupted, driving their need to quickly recover from, and maintain continuity during an event and the ability to ensure continuous business operations.
Stakeholders are now seeking greater trust and confidence that organisations are able to respond to and recover from a cyber event with minimal impact to core business operations.
Although there is greater understanding that cyber attacks can happen to anyone, there is still more work to be done around how organisations build the right capabilities internally - and externally with partners - to respond in a way that’s good for stakeholders.
It can be difficult for business leaders to decide where and how to start strengthening cyber security. It requires knowing whether the right controls are in place, whether they’re configured effectively and whether there is clarity about how to fix problems.
Connected Risk Engine
PwC’s Connected Risk Engine offers a solution for organisations to dynamically assess and benchmark the maturity of their cyber security controls, and quantify their cyber risk exposure.
The tool enables organisations to visualise their business risks mapped to threat scenarios, and the security capabilities which mitigate them to help prioritise where to focus investment.This allows organisations to draw real value and begin to make informed and measured decisions when viewing maturity scores from a business risk perspective.
Users can access PwC’s specialist frameworks such as our cyber security maturity framework alongside industry standards. Connected Risk Engine can also incorporate an organisation’s own framework or control set.
Intuitive scoring
Rapidly score, provide guidance to achieve accuracy, and record recommendations.
Interactive visualisations
Show progress and findings with live dashboards and charts.
Data sovereignty
Specify where the data hosted in PwC’s Google Cloud Platform is geographically stored.
Peer benchmarking
Compare scores against peers according to location, industry or size. This can provide confidence your organisation is on the right track.
Multiple frameworks
Perform assessments in other disciplines (e.g. privacy, fraud, operational resilience).
Complex organisations
Configure the assessment to support complex organisational structures (or difference business units to drive improved organisational consistency)
Our technology and cyber risk professionals, together with Connected Risk Engine, provide organisations with meaningful insight and support to achieve security goals.
Contact us
