Organisations that take a business-driven cybersecurity approach to their digital initiatives achieve better outcomes and outperform their peers, according to PwC’s May 2019 Digital Trust Insights Survey.

The global survey of more than 3,000 executives and IT professionals worldwide found that the top 25% of all respondents – market leaders known as “trailblazers” – are not only leading the way on cybersecurity but also delivering more value and better business outcomes.

Among respondents who say growing revenue is the top value sought from digital transformation efforts, nearly nine in 10 trailblazers say they are getting a payoff that meets or exceeds their expectations (compared to 66% of the other respondents).

Trailblazers are also significantly more optimistic about the potential growth in revenue and profit margin for their companies, with 57% percent expecting revenue to grow by 5% or more, and 53% expecting profit margin to grow by 5% or more.

The survey revealed key demographic information about trailblazers. Many are large companies; 38% of respondents from companies worth at least US$1 billion are trailblazers. The financial services (FS) industry and the technology, media, and telecommunications (TMT) sector are particularly well represented in the leader group. Thirty-three percent of FS respondents and 30% of TMT respondents are trailblazers, compared to roughly a quarter of the survey base in other industries.

Geographically, just 21% of EMEA (Europe, the Middle East and Africa) respondents are trailblazers, compared to 30% in the Americas, and 30% in Asia Pacific.

The leading behaviours that set trailblazers apart from their corporate peers include aligning their  business and cybersecurity strategies, taking a risk-based approach, and coordinating their teams that manage risk. Key findings from PwC’s Digital Trust Insights survey illustrate the edge that trailblazers maintain in all three areas:

Connected on strategy: 65% of trailblazers strongly agree their cybersecurity team is embedded in the business, conversant in the organisation’s business strategy and has a cybersecurity strategy that supports business imperatives (vs. 15% of others)
 

Connected on a risk-based approach: 89% of trailblazers say their cybersecurity teams are consistently involved in managing the risks inherent in the organisation’s business transformation or digital initiatives (vs. 41% of others)

Coordinated in execution: 77% percent of trailblazers strongly agree their cybersecurity team has sufficient interaction with senior leaders to develop an understanding of the company’s risk appetite around core business practices (vs. 22% of others)

“By focusing on building digital trust, trailblazers are driving more proactive, pre-emptive and responsive actions to embed these strategies into the business, as opposed to their peers who primarily look to minimise the operational impacts of cyber threats in reactive manner,” comments TR Kane, PwC US Strategy, Transformation & Risk Leader.

More than eight in 10 trailblazers say they have anticipated a new cyber risk to digital initiatives and managed it before it affected their partners or customers (compared to six in 10 of others).

“Organisations that take a proactive approach to cybersecurity and embed it into every corporate action will be best placed to deliver the advantages of digital transformation, manage related risks and build trust,” adds Grant Waterfall, EMEA Cybersecurity and Privacy Leader, PwC UK.

“Our research highlights the need for organisations to embed their cybersecurity teams within the business to support strategic goals. It’s not just about protecting assets – it’s about being a strategic partner in the organisation,” adds Paul O’Rourke, Asia Pacific Cybersecurity and Privacy Leader, PwC Australia.

For more than 20 years, countries have been struggling to introduce a set of rules of conduct and liability requirements for digital space users. Progress in designing a code of cyber conduct is all the more relevant since digitalization is sweeping the planet at breakneck speed, creating new risks along with new opportunities. Businesses that are confronted with new challenges and threats in the digital space are putting forward their own initiatives, thereby pressing governments to speed up the process of adopting an international cyber code.

Why is the business community interested in setting rules in the cyber environment? There are many reasons for this.

Firstly, the quantity and quality of hacker attacks on the private sector increase every year. Hackers target any enterprises — whether they are small enterprises or technological giants. Attacked by the NotPetya virus, the world largest container carrier Maersk sustained $300 million damage and had to shell out nearly $1 billion for restoration. In total, according to Sberbank’s estimates, the damage to the global economy from hacker attacks in 2019 can reach about $2.5 trillion, and by 2022 — as much as $8–10 trillion.

Secondly, many technology-oriented companies, facing a lack of trust on the part of government agencies, experience severe difficulties in promoting their business projects abroad. At present, the UK, Norway, Poland, and other countries are involved in a debate about whether Huawei should be allowed to build fifth-generation mobile communication networks (5G). Huawei is suspected of stealing intellectual property and espionage. The US, Australia, New Zealand have introduced a ban on the use of 5G equipment from Huawei.

Not only Chinese companies face distrust. Google, Apple, Microsoft, Kaspersky Lab, and many others are often accused of illegally spying on people.

Thirdly, IT companies are forced to pay huge sums to protect their customers against hacker attacks and guarantee information security. Microsoft allocates more than $1 billion for this purpose yearly.

In the absence of a political solution to ensure international information security, private companies, which are keen to safeguard themselves and their customers, have chosen to conduct negotiations with each other on information security cooperation and are launching their own initiatives. Thus, coming into existence is a business information security track running parallel to the government.

In February 2017, Microsoft’s President Brad Smith launched the Digital Geneva Convention initiative. The Convention is expected to oblige governments not to take cyber attacks on private sector companies or the critical infrastructure of other states, and not to use hacker attacks to steal intellectual property.

Overall, the document formulates six basic principles of international cybersecurity:

1. No targeting of tech companies, private sector, or critical infrastructure.
2. Assist private sector efforts to detect, contain, respond to, and recover from events.
3. Report vulnerabilities to vendors rather than to stockpile, sell, or exploit them.
4. Exercise restraint in developing cyber weapons and ensure that any developed are limited, precise, and not reusable.
5. Commit to non-proliferation activities to cyber weapons.
6. Limit offensive operation to avoid a mass event.

However, while the Digital Geneva Convention is still on paper, 34 technology companies, including Microsoft, without waiting for decisions at the government level, signed the Cybersecurity Tech Accord in April 2018. Thus, the largest ever group of companies have become committed to protecting customers around the world from cybercriminals.

Cybersecurity Tech Accord members have called for a ban on any agreements on non-disclosure of vulnerabilities between governments and contractors, brokers, or cybersecurity experts; they also call for more funding for vulnerability detection and research.

Besides, signatories of the agreement have come up with a series of recommendations to strengthen confidence-building measures, which are based on the proposals of the UN and OSCE.

Such measures include:

-Develop shared positions and interpretations of key cybersecurity issues and concepts, which will facilitate productive dialogue and enhance mutual understanding of cyberspace and its characteristics.

-Encourage governments to develop and engage in dialogue around cyber warfare doctrines.

-Develop a list of facilities that are off-limits for cyber-attacks, such as nuclear power plants, air traffic control systems, banking sectors, and so forth.

-Establish mechanisms and channels of communication to respond to requests for assistance by another state whose critical infrastructure is subject to malicious ICT acts (organizing, i.e. tabletop exercises).

By now, Cybersecurity Tech Accord has been signed by 90 companies, including Microsoft, Facebook, Cisco, Panasonic, Dell, Hitachi, and others.

Another initiative was presented in 2018 by Siemens, which came up with the Charter of Trust. The Charter, which was signed by 16 companies, including IBM, AIRBUS, NXP, and Total, urges companies to set up strict rules and standards to foster trust in ICT and contribute to further development of digitalization.

Facebook has become part of the process too. In late March 2019, Mark Zuckerberg — the founder and CEO of Facebook — urged governments to become more actively involved in regulating the Internet. In particular, Zuckerberg spoke in favor of introducing new standards related to the Internet and social networks. These standards would come useful to guarantee the protection of personal data, prevent attempts to influence elections or disseminate unwanted information, and would assist in providing a solution to the problem of data portability.

Another initiative worth mentioning is the creation in 2014 of the Industrial Internet Consortium TM, IIC, which was founded on the initiative of AT & T, Cisco, GE, IBM, and Intel. This is a non-profit open-membership group that seeks to remove barriers between different technologies in order to maximize access to big data and promote the integration of physical and digital environment.

Some initiatives are coming from the Russian private sector. In particular, since 2017, Norilsk Nickel has been active on the international scene promoting the Information Security Charter of critical industrial facilities. The Charter’s main provisions include condemnation of the use of ICT for criminal, terrorist, military purposes; supporting efforts to create warning and detection systems, and assist in the aftermath of network attacks; and sharing best practices in information security.

In turn, Sberbank has launched an initiative to hold the world’s largest International Cybersecurity Congress. Last year, such a congress took place with the participation of 681 companies from 51 countries. The second such Congress is scheduled for this June. The Forum serves as an inter-sectoral platform that promotes global dialogue on the most pressing issues of ensuring information security in the context of globalization and digitalization.

Most business initiatives hinge on the fact that they all call for developing confidence-building measures and rules of conduct in the digital space. Besides, the business community welcomes the need to adjust international law to the new realities of the digital economy.

Private sector initiatives can perfectly be streamlined with initiatives put forward by countries within the framework of the UN. After all, by and large, governments pursue the same goals as business in this area. The use of ICT for peaceful purposes, confidence-building measures, the supply of information about vulnerabilities — all this is significant both for business and for most states.

Fortunately, the global discussion under the aegis of the UN on issues related to International Information Security is getting back on track after a pause of about one year. From now on, it will be attended by representatives of the private sector. According to the resolution (A/RES/73/27), the mandate of the future Open-Ended Working Group (OEWG) allows for the possibility of holding inter-session consultative meetings with representatives of businesses, non-governmental organizations and the scientific community to exchange opinions on issues within the group’s mandate. The first inter-sessional meeting with representatives of global business is scheduled for November 2019.

In conclusion, we would like to remark that the issue of information security is dynamic and for this reason, it can be adequately addressed only with the close cooperation of governments and technology companies, since it is the latter that keep pace with the development of technologies and are the drivers of the digital economy. Governments should keep a close eye on the initiatives of non-state actors and put the most useful proposals on the agenda of discussions at international forums. Moreover, once adopted and approved at the government level, these standards and regulations should have a legal force, rather than be recommendatory — this is the only way to guarantee the order in the cyber environment.

First published in our partner RIAC

From using drones to plan water supply schemes in hard-to-reach locations, to deploying satellite imagery for enhancing land usage, or using mobile phones to track children’s health, technology is changing the way we live. The World Bank is supporting several interventions where new-age technology is being used for social good, giving a new tool to policymakers to improve governance and the quality of our lives

Making farmers resilient

Digital applications are helping farmers in Bihar and Madhya Pradesh make faster and better decisions on crop planning based on weather conditions, soil and other indicators

This $12.67-million Sustainable Livelihoods and Adaptation to Climate Change project that started in 2015 has so far empowered more than 8,000 farmers to adopt climate resilient practices.

Prioritizing interventions

Satellite images taken from a height of 900 km in Karnataka capture crucial data like land use as well as land cover, groundwater prospects, and soil characteristics. When this data is fused with rainfall patterns and literacy rates, it helps experts and communities to prioritize action plans such as those for soil and water conservation

Geographic information system (GIS) technology can also map nutrient deficiencies in the soil, which helps with crop planning.

The Karnataka Watershed Development Project, known locally as Sujala, covered over half a million hectares of land in seven predominantly rain-fed districts in Karnataka between 2001 and 2009 and was the first to deploy the use of satellite remote sensing and GIS mapping effectively over a large area.

Supplying Water in Challenging Terrain

Shimla city in Himachal Pradesh gets water once every two days for a few hours, while bulk water is pumped over 1,400 meters, creating a high cost of service

To tackle this, drones have been used to click high resolution images in high altitudes and challenging topography in World Bank’s Shimla Water Supply and Sewerage Service Delivery Reform Project. This, along with GIS technologies, has helped the state government prepare a 24×7 water supply model for the city that addresses issues such as pressure management, transmission and distribution networks, and identifying illegal connections.

Tracking health

All across India approximately 150,000 Anganwadi workers are using smartphones to track growth and nutrition in children. Photos of the hot lunch served to the children at health and nutrition centers, for example, can now easily be shared with block, district and state-level officials.

“It’s easier to work with mobiles than registers,” confessed an Anganwadi worker in Madhya Pradesh.

The World Bank has so far invested about $306 million in nutrition through the ICDS Systems Strengthening and Nutrition Improvement Project.

In Chhattisgarh, a mobile based application called Nutri-Click provides real time, need-based, one-on-one counseling on appropriate nutrition and care practices to pregnant women and caregivers and mothers of young children and their family members.

The program has so far helped over 4000 pregnant and lactating women

Digitizing Medical Records

Doctors in 36 public hospitals in Tamil Nadu can now access, collect and analyze critical health data for quick and timely interventions with the click of a button. The system also helps with retrieval of manual records as well as maintenance and management of medical equipment, making the entire process transparent and convenient.

The $110.3 million Tamil Nadu Health Systems Project was active in five Tamil Nadu districts. A second phase will now aim to cover another 222 hospitals across the remaining 25 state districts.

e-Governance

In 164 municipalities in Karnataka, property owners are now able to calculate their property taxes online; 10 million birth and death records are now online and searchable; and over 390,000 citizen complaints were lodged over 10 months—98 percent of which were redressed.

Through the Karnataka Municipal Reforms Project, municipal revenues have increased while interface between citizens and local administrations has vastly improved.

Vocational Training

World Bank’s Vocational Training Improvement Project has helped digitize activities such as admissions, examination management, and certifications in Industrial Training Institutes (ITI) under the National Council of Vocational Training.

The portal provides detailed records from more than 13,000 public and private ITIs across the country, including data related to courses offered, admissions, examinations, placements, etc.

So far more than 150,000 e-certificates to past trainees have been issued, and over 2 million certified trainees have received online certificates, saving time and effort.

World Bank