With “Trust in What Matters”, we are focusing on building trust in the business world. What role does trust play when it comes to cyber security?
Grant Waterfall: Trust is a fundamental pillar of any business, and in today’s digital landscape, it is becoming increasingly intertwined with cyber security. Secure and resilient technology is central to building this trust in the digital age. For organisations, the ability to provide a reliable and secure online experience is essential to maintaining customer confidence.
Whether it’s online banking, e-commerce platforms, or essential digital services, customers expect these systems to be available and operational whenever they need them. If businesses fail to meet these expectations—due to outages or vulnerabilities that compromise their online systems—their trustworthiness is immediately called into question.
Moreover, trust can be severely damaged when data breaches occur or when businesses fail to protect personal data in line with customer expectations. Data privacy has become a top priority for consumers, who are increasingly aware of the risks involved in sharing their personal information online. A breach of this data, or even a perceived mishandling of it, can significantly erode stakeholder trust, potentially leading to long-term reputational damage and financial loss. Thus, in the context of cyber security, trust is not just about preventing attacks; it’s about demonstrating to stakeholders that their data is secure and their digital experience protected.
What challenges do companies face in this area?
Waterfall: In today’s world, businesses operate in highly complex technological environments, which presents several challenges in maintaining cyber resilience. Most organisations have a hybrid technology infrastructure that includes both on-premises and cloud components. These environments are often interconnected with operational technology (OT), making them difficult to secure comprehensively. Furthermore, as companies increasingly rely on global supply chains, their technological ecosystems also include numerous external partners, adding to the risks they face.
This complexity is further compounded by the growing cyber threats driven by geopolitical uncertainty.
In an era where digital warfare and politically motivated cyber attacks are on the rise, organisations must be prepared to protect their systems from increasingly sophisticated threats. Attackers can target not only the company itself but also third-party suppliers, potentially leading to breaches in the supply chain.
Therefore, businesses must understand not only their own vulnerabilities but also those of their partners. The dynamic nature of these environments demands continuous adaptation and a proactive approach to cyber security.
What questions should companies ask themselves now in order to be fit for the future in the area of cyber security?
Waterfall: To remain resilient in the face of evolving cyber threats, companies need to critically assess their current cyber security posture. Here are three essential questions that every organisation should consider:
- Do we have clear visibility at board level on the cyber security risks to the organisation, and how are these risks being mitigated? Boards must not treat cyber security as a purely technical issue. It’s a business-critical risk that requires active oversight. Executives need to have a clear understanding of the cyber risks facing the organisation and ensure that proper mitigation strategies are in place. This requires continuous communication between the IT/security team and board members.
- Have we committed appropriate resources, and do we have the right leadership and technical skills to manage cyber security risks? Managing cyber risk effectively requires both the right human and technical resources. Companies need to invest in leadership that understands the importance of cyber security and is equipped to make strategic decisions. At the same time, technical teams need the necessary tools and training to stay ahead of threats.
- Do we have a tested cyber incident and crisis response plan? It’s not enough to have a response plan on paper. Companies must conduct regular simulations to ensure that, in the event of a cyber breach or crisis, they can respond quickly and effectively. These tests should involve all stakeholders, from technical teams to executive leadership, to ensure everyone knows their role in mitigating damage and restoring normal operations.
Learn more about our
Cyber Security & Privacy Services
How do we at PwC specifically support our clients in building trust in the area of cyber security?
Waterfall: At PwC, we take a holistic approach to helping our clients strengthen their cyber security framework, thereby building trust with their stakeholders. We assist organisations in developing a robust cyber security strategy and target operating model tailored to their unique business environment. From there, we help execute a comprehensive programme to design and implement the necessary controls, ensuring that clients are prepared for potential cyber threats.
This includes everything from technical implementation – ensuring the right security measures are in place – to providing cyber-managed services that allow clients to maintain a vigilant, ongoing defence. What sets our approach apart is our focus on bridging the gap between technical operations and business strategy.
We help clients translate complex technical data from their security operations into insights that can be easily understood by board members and senior leadership. This empowers them to make informed decisions about cyber security investments and resource allocation.
Ultimately, our goal is to help clients ensure that their cyber security efforts are aligned with broader business objectives, and to build long-term trust with their stakeholders.
