PWC Global State of Information Security Survey Report - what you need to know

“Massive cybersecurity breaches have become almost commonplace, regularly grabbing headlines that alarm consumers and leaders. But for all of the attention such incidents have attracted in recent years, many organizations worldwide still struggle to comprehend and manage emerging cyber risks in an increasingly complex digital society. As our reliance on data and interconnectivity swells, developing resilience to withstand cyber shocks—that is, large-scale events with cascading disruptive consequences—has never been more important.”

Source: PWC

PwC recently released a series of reports, drawing from their 2018 Global State of Information Security® Survey. 9,500 executives in 122 countries and more than 75 industries contributed.

We provide a snapshot of the key findings from the report:

  • Fewer than half of the survey respondents have adopted key processes for uncovering cyber risks in business systems

    • Active monitoring/analysis of information security intelligence (48%)

    • Vulnerability assessments (45%)

    • Threat assessments (45%)

    • Penetration tests (45%)

  • Twenty-nine percent of respondents say CISOs bear responsibility for the internet of things (IoT) security

  • Only 44% of respondents say their corporate boards actively participate in their companies’ overall security strategy

    • Security budget (45%)

    • Security policies (39%)

    • Security technologies (36%)

    • Review of current security and privacy risks (31%)

  • Only 36% have uniform cybersecurity standards and policies for IoT devices and systems

  • Only 34% have new data collection, retention and destruction policies

  • Only 34% assess device and system interconnectivity and vulnerability across the business ecosystem

  • Whilst business leaders do see the risk tied to emerging technologies, of cyberattack, fewer than half cite them as of significant importance

    • Loss of operations (40%)

    • Loss or compromise of sensitive data (39%)

    • Harm to quality of products produced (32%)

    • Damage to physical property (29%)

  • Cyber threats to the integrity of data are a rising concern, however

    • 29% report loss or damage of internal records as a result of security incidents

    • 35% are concerned about customer records being compromised

    • 30% are concerned about employee records being compromised

    • 29% are concerned about loss or damage to internal records

  • Current employees remain the top source of security incidents (30%)

    • Former employee sources are down 2% to 28% from 2016’s report

    • Unknown hackers are down 3% to 23% from 2016’s report

    • Competitors are down 3% to 20% from 2016’s report

    • Current third parties are down 1% to 19% from 2016’s report

Whilst it is encouraging to see some increased awareness and risk prevention, the low levels of action should be a concern. For more information about cyber security and current topics, as well as recommendations for action, see our Cyber Security series. In it we highlight key cybersecurity and data privacy fundamentals and look at the interplay between law and practice in this area. We aim to provide clients and visitors to our site with some of the background knowledge, improving everyone’s confidence in discussing cybersecurity risks. For those short on time we’ll be posting short blog articles. For anyone who’s curious and wants to read further, we’ve written downloadable guides that explore topics like cybersecurity risk management, encryption or passwords.


For assistance with any of the points raised in this article, please contact Piers Clayden