Cyberattacks top the list of business risks, with 40% of business executives listing them as a serious risk (and 38% citing them as a moderate risk), according to a survey of more than 700 U.S. executives by PricewaterhouseCoopers (PwC). In its latest Pulse Survey, PwC identified top enterprise risks observed in 2022.
In addition, 51% of board members have cited cybersecurity as a serious risk (and 35% as a moderate risk). Cybersecurity is now a significant responsibility for the entire C-suite and board as more federal agencies aim to enhance and standardize cybersecurity disclosures.
In March 2022, the Securities and Exchange Commission (SEC) proposed to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. Mainly, the proposal requires the board of directors to oversee cybersecurity risk and annual reporting or certain proxy disclosure about the board of directors’ cybersecurity expertise.
As a result, board members are more in tune with the evolving cyber threat landscape and their role in overseeing risk management, PwC notes.
To stay on top of the risky cyber environment, PwC recommends six strategies:
- View cybersecurity as a broad business concern, not just an IT issue.
- Build cybersecurity and data privacy into agendas across the C-suite and board.
- Increase investment to improve security.
- Educate employees on effective cybersecurity practices.
- For each new business initiative or transformation, ensure a cybersecurity plan is in place.
- Use data and intelligence to measure cyber risks regularly, and look for blind spots in a third-party partner and the supply chain.
For the full report, visit pwc.com.