Despite all the attention that massive hacks and other breaches have attracted in recent years, organizations everywhere still struggle to comprehend the scale of and manage emerging cyber-risks.

Of the more than 9,500 senior executives in 122 countries who participated in PricewaterhouseCoopers’ Global State of Information Security Survey (GSISS) 2018, only 39% say they are very confident in their attribution capabilities — that is, their ability to detect and trace cyberattacks.

Where Are the CISOs?

Some 40% of GSISS respondents say that disruption of their operations is the biggest potential consequence of a cyberattack. Another 39% cite the compromising of sensitive data, 32% cite harm to product quality, 29% cite damage to physical property, and 22% cite harm to human life as the biggest by-products of an attack.

Meanwhile, cybersecurity executives are either absent or thin on the ground in many organizations. Only about half (52%) of respondents say their organizations have a CISO on the payroll. While 45% say they employ a chief security officer, another 47% say they recruit dedicated security staff to support internal business operations.

Building greater resilience against cyber threats — as a society and within organizations — will require a concerted effort to uncover and manage new risks inherent in emerging technologies. Organizations need to have the right leadership and processes in place to implement the security measures required by digital advances. Many organizations are just beginning this critical journey.