The Three Biggest Business Cyber ​​Risks – What You Need To Know

Most companies do not adequately manage cybersecurity risks and come from third parties, as these risks are overshadowed by the complexity of their processes and operations as well as their supplier networks.

This conclusion is drawn from PwC’s research “2022 Global Digital Trust Insights Survey”. The study involved 3,600 CEOs of companies as well as other senior executives from around the world, 60% of whom state that they do not fully understand the risks of data breach through third parties, while respectively they understand little or not at all these risks in 20% .

These findings sound the alarm in an environment where 60% of executives expect an increase in cybercrime in 2022. They also highlight the challenges that companies face in trying to build trust with their data, ensuring that it is accurate, verified and secure, so that their customers and everyone else involved can be assured that their information is adequately protected.

It is noted that 56% of respondents say that their organizations are waiting for them increase in malicious attacks and data breaches through the software supply chain (software supply chain), however only 34% have formally assessed their business exposure to this risk. Respectively, 58% expect a vertical rise in attacks on their cloud servicesbut only 37% say they understand the risks of the cloud based on official ratings.

Regarding how companies mitigate the risks posed by third parties, the most common responses were to check or confirm the compliance of their suppliers (46%), to share information with third parties as well as to assist them in improving their attitude towards cybersecurity (42%) and addressing the difficulties in terms of cost or time they invest in order to ensure resilience to cyber threats (40%). However, the majority did not define the criteria for third parties (58%), did not review the contracts (60%), nor did they increase the rigor of due diligence (62%) regarding the identification of threats related to third parties.

Nearly three-quarters of respondents said the complexity of operations and procedures posed risks to cybersecurity and data protection. Respectively, governance and data infrastructure (77% each) are the two sectors that are considered to be characterized by unnecessary complexity, which can be avoided.

Simplification is certainly difficult, but there is some evidence that it offers significant benefits. While three out of 10 respondents overall said their businesses had streamlined their operations in the past two years, those who had seen the “biggest improvement” in the survey (10% with top performance in cybersecurity scores) were five times more likely to have streamlined operations across the business. This 10% of organizations were also 10 times more likely to have formally adopted data security practices and 11 times more likely to have a high level of understanding of cyber security and data protection risks to third parties.

Significant differences have emerged between executives and CEOs regarding the CEO’s support for cybersecurity, with them considering themselves more involved and supportive of the adoption and achievement of cybersecurity goals than their teams. However, there is no disagreement that the active involvement of the CEO in the adoption and achievement of cyber security goals is a key factor. Executives in the “biggest improvement” team report greater progress in cybersecurity results, in cases where they were 12 times more likely to have the broad and in-depth support of their CEOs. Most executives also believe that training CEOs and boards to better meet their cybersecurity obligations is the most important step towards a more secure digital society by 2030.

Follow Skai.gr on Google News
and be the first to know all the news