PricewaterhouseCoopers’s 2022 Global Digital Trust Insights Report surveyed 700 CEOs and 2900 other C-suite executives on issues related to digital transformation and cybersecurity. As part of that, they asked CEOs how involved they were in cybersecurity discussions and compared that with the views of non-CEOs.
- Most CEOs consider themselves as “engaged” and “strategic”, participating in discussions on cybersecurity strategies and operating models
- But non-CEO survey respondents say they see their CEOs as reactive, only getting involved in cybersecurity discussions after a breach or when contacted by regulators
- Almost two-thirds of respondents say their organisation is not getting sufficient support from the CEO
PwC argues that CEOs play a key leadership role in managing cybersecurity risk. According to PwC, CEOs who embrace four P’s (principle, people, prioritisation, perception) can turn cybersecurity into business advantages.
- Principle: CEOs need to connect the organisation’s mission to the security of data, assets, and people. They can do this by articulating cybersecurity as a business imperative
- People: CEOs need to support the attraction and retention of top cybersecurity talent. Part of that is hiring the right CISO and empowering the CISO
- Prioritisation: CEOs can raise the priority of cybersecurity by simplifying the enterprise and by making cybersecurity an element of strategy development
- Perception: CEOs should acknowledge misperceptions people hold, for instance, with regards to supply chain risk
Why does this matter for businesses?
- CEO support is generally accepted as a key differentiator for successful cybersecurity strategy creation and implementation
- PwC’s survey highlights that gaps between CEOs and cybersecurity leaders still remain
- The four P’s PwC suggests are a first reference point to close the gap between CEOs and cybersecurity leaders
