• by Ray Schultz , November 2, 2017

Despite blaring headlines about cyber attacks, many companies are unprepared to cope with one, according to “The Global State Of Security Survey,” a study by PricewaterhouseCoopers (PwC).  

Of 9,500 executives surveyed in 122 countries, 44% say their firms have failed to create an overall security strategy. In addition, 54% lack an incident-response process and 48% have no employee awareness training program. What’s more, only 39% are “very confident” in their cyber attack attribution capabilities. 

Yet executives seem to grasp the dangers, especially with regard to attacks that would hit their advanced technologies.  

Asked to predict the impact of an attack against their automation and robotics systems, 40% cite disruption of operations and 39% cite the loss of company or sensitive data; presumably, that would include customer information.

In addition, 32% anticipate a decline in the quality of the products produced, 29% anticipate damage to physical property and 22% are concerned about harm to human life.

However, there is a lack of oversight at the top. Only 44% of respondents say their boards actively participate in their overall security strategy. “Many boards still see it as an IT problem,” says Matt Olsen, co-founder and president of business development and strategy, according to PwC.

What should companies do about this global threat? PWC says executives in charge of business results should be held accountable for the “associated risks of doing business.” And boards must conduct meaningful oversight. 

“Many organizations need to evaluate their digital risk and focus on building resilience for the inevitable,” says Sean Joyce, PwC’s U.S. cybersecurity and privacy leader. PwC adds that firms would be better served by practical advice than by reports proclaiming ““cyber Armageddon.”

The study also shows that: 

• Slightly under half agree that risk alone drives security spending.
• Over half of the firms polled employ a chief information security officer (CIS0).
• Two-thirds say their security spending is aligned with the revenues of each line of business, but a third say it is not, or that they don’t know.

As for consumers, PWC found in an earlier survey that they are more sure that their email will be hacked than they are that a flight will be cancelled. 

That research shows that 45% of the respondents expect their email or social media accounts in the next year. 

In contrast, 36% anticipate a flight cancellation and 35% that they will get a new job. And 31% fear they will have to go to the ER.

Surprisingly, 25% think they will win money in a lottery.

Overall, the survey shows a lack of trust in corporate security. Only 25% think companies handle their data responsible and 15% that firms will use that data to improve their lives. 

Worse, a mere 10% believe their personal information is secure.

This study also determined  that:

• 69% believe companies are vulnerable to cyber attacks.
• 87% will leave a company if they don’t trust it to responsibly handle their information.
• 88% say they will share information only if they trust the company.