HITS

Executives around the world are getting better at acknowledging the risks posed by today’s cybersecurity threats, yet companies at large may still be unprepared to deal with them, according to a survey from PricewaterhouseCoopers (PwC).

The results of the Global State of Information Security Survey 2018 — which were shared at the Dec. 6 Content Protection Summit in Los Angeles, by Namir Khan, global and U.S. copyright, cybersecurity, and technology leader for PwC — showed that many organizations are still struggling to manage emerging cyber risks in today’s digital society, with 44% of the 9,500 executives in 122 countries surveyed saying they simply do not have an overall information security strategy, and 48% saying they don’t have an employee security awareness training program. Fifty-four percent said they don’t have anything in the way of an incident-response process.

“Many organizations need to evaluate their digital risk and focus on building resilience for the inevitable,” said Sean Joyce, PwC’s U.S. cybersecurity and privacy leader, in the report.

One of the top concerns to emerge out of the report is the massive production of insecure internet of things (IoT) devices, resulting in widespread cybersecurity vulnerabilities. However, very few respondents said their organizations are assessing their IoT risks, with the responsibility of IoT security varying: 29% said that duty belongs to the CISO, while 20% pointed to the engineering staff.

And, overall, cybersecurity executives are still widely absent in many organizations, with only 52% of respondents reporting that their organizations employ a CISO. Forty-seven percent said they employ dedicated security personnel to support their internal business operations. Greater information sharing and coordination among those in organizations is also a concern. The PwC report found that only 58% of respondents formally collaborate with others in their industry (including competitors) to improve security.

Only 44% of respondents said their corporate boards actively participate in their companies’ security strategy, with 66% of respondents saying their security spending aligns with the revenues of each line of business.

“The bottom line is that leaders can seize the opportunity now to take meaningful actions designed to bolster the resilience of their organizations, withstand disruptive cyberthreats, and build a secure digital society,” the report concludes.

The Content Protection Summit was produced by MESA and CDSA, presented by MediaSilo, and sponsored by Independent Security Evaluators, Aspera, the Digital Watermarking Alliance, Menlo Security, Microsoft Azure, NAGRA, NexGuard, Convergent Risks, HGST, PwC, Thinklogical, Avid, Militus Cybersecurity Solutions, Amazon Web Services and Bob Gold & Associates.