{"id":1260,"date":"2019-02-15T10:32:02","date_gmt":"2019-02-15T10:32:02","guid":{"rendered":"http:\/\/kusuaks7\/?p=865"},"modified":"2023-07-11T13:17:31","modified_gmt":"2023-07-11T13:17:31","slug":"how-companies-can-respond-to-consumers-demands-for-better-data-protection","status":"publish","type":"post","link":"https:\/\/www.experfy.com\/blog\/bigdata-cloud\/how-companies-can-respond-to-consumers-demands-for-better-data-protection\/","title":{"rendered":"How Companies Can Respond to Consumers\u2019 Demands for Better Data Protection"},"content":{"rendered":"<p><strong><em>Ready to learn Data Science? <a href=\"https:\/\/www.experfy.com\/training\/courses\">Browse courses<\/a>\u00a0like\u00a0<a href=\"https:\/\/www.experfy.com\/training\/tracks\/data-science-training-certification\">Data Science Training and Certification<\/a> developed by industry thought leaders and Experfy in Harvard Innovation Lab.<\/em><\/strong><\/p>\n<p>Consumers don\u2019t know who to trust with their personal data. According to PwC\u2019s latest\u00a0Consumer Intelligence Series survey, Protect.me, only 25 percent of respondents believe companies will handle their sensitive data responsibly, and just 17 percent trust the government to protect their data. At the same time, 69 percent of consumers believe companies are vulnerable to hacks and cyber-attacks, and 85 percent report that they will not do business with a company if they have concerns about its data security practices. Whether or not consumers follow through on this promise, the survey results paint a grim picture of the current state of their confidence about cybersecurity.<\/p>\n<p>However, Protect.me \u2014 which surveyed 2,000 U.S. consumers \u2014 also revealed some positive news: an opportunity for companies that take action. Seventy-two percent of respondents believe businesses, not government, are best equipped to protect their data, and 81 percent prefer that companies take responsibility for protecting their data versus the government. Of course, government regulation will certainly play a role (and 82 percent of respondents said government should regulate companies\u2019 use of data). We\u2019ve already seen this in the financial-services and healthcare industries, which our study found consumers trust the most. But it\u2019s clear that consumers have high expectations of companies when it comes to data security, and those companies that deliver can build trust while protecting their own interests.<\/p>\n<p>Many companies have a long way to go. PwC\u2019s\u00a0<a href=\"https:\/\/www.pwc.com\/us\/en\/cybersecurity\/information-security-survey.html\" target=\"_blank\" rel=\"noopener noreferrer\">2018 Global State of Information Security Survey<\/a>\u00a0(GSISS), which gathered insight from 9,500 executives in 122 countries, found that 44 percent of respondents say they do not have an overall information security strategy. Slightly more (48 percent) say they do not have a security-awareness training program for employees, and 54 percent say they do not have an incident-response process in place. Given their mandate from consumers, companies should take the following steps now to build up their resilience to withstand cyber-attacks.<\/p>\n<p style=\"text-align: center;\"><img decoding=\"async\" style=\"width: 690px; height: 400px;\" src=\"https:\/\/www.strategy-business.com\/media\/image\/40178345_thumb5_690x400.jpg\" alt=\"experfy-blog\" \/><\/p>\n<p style=\"text-align: center;\"><em>Illustration by LEJEANVRE Philippe \/ Alamy<\/em><\/p>\n<p><strong>1. Engage senior leaders \u2014 all the way to the board.<\/strong>\u00a0Only 44 percent of GSISS respondents say their corporate boards actively participate in their companies\u2019 security strategy. This could be because some firms tend to view cybersecurity as solely an IT problem. But anecdotal evidence suggests that when boards are involved in cybersecurity strategy, senior management is more likely to perceive it as a priority. Board participation elevates cyber risk beyond the day-to-day concerns of the IT function to become a part of the company\u2019s overall strategic planning. It\u2019s a level of importance commensurate with the level of risk associated with a major breach.<\/p>\n<p>Companies can further prioritize cybersecurity by making sure the C-suite is involved in a review of the company\u2019s information security strategy and budget. This includes gaining a clear understanding of what\u2019s at stake in the event that certain systems or data are compromised \u2014 and ensuring plans are in place to mitigate the most pressing risks. The good news is the GSISS found companies are starting to elevate the role of chief information security officer (CISO) beyond IT: Respondents report it is more common for a company\u2019s CISO to report directly to the CEO (40 percent) or the board of directors (27 percent) than to the CIO.<\/p>\n<p><strong>2. Assess network interdependency.<\/strong>\u00a0Companies must take a careful look at the various networks on which their own network depends. This includes everything from the public power grid to the third-party or cloud-based networks on which their proprietary data may reside in the short or long term. Vulnerabilities may lie several layers removed from the networks that companies own. But just as we don\u2019t think about our reliance on electricity until there\u2019s an outage, interdependencies between networks tend to go unnoticed until catastrophe strikes.<\/p>\n<p>For example, when cyber-attacks occur, many companies say they cannot clearly pinpoint the culprits. Only 39 percent of GSISS respondents say they are very confident in their ability to determine where an attack originated. To address this gap, company leaders need to stress-test interdependencies with simulated cyber-attack scenarios. It\u2019s also important for companies to examine emerging technologies that may take advantage of networked systems, such as the Internet of Things (IoT). Yet relatively few GSISS respondents say their organizations plan to assess IoT risks across the business ecosystem. The ownership of responsibility for IoT security varies depending on organization \u2014 29 percent say the duty belongs to the CISO, while others point to the engineering (20 percent) or the chief risk officer (17 percent).<\/p>\n<p><strong>3. Focus on data manipulation and destruction.<\/strong>\u00a0As cyber-attackers grow more sophisticated, the priorities of corporate cybersecurity have to continuously adapt. It used to be that companies worried primarily about preventing their data from being stolen. But increasingly, they also need to be aware of how hackers can use a company\u2019s own IT systems and architecture against the firm or society at large. These attackers\u2019 primary goal may not be financial gain alone \u2014 stealing credit card numbers \u2014 but may also involve manipulating data to cause harm to the company or individuals. If attackers gained access to and modified a hospital\u2019s medical records, for example, or an air traffic control system, they could inflict significant damage and even put human life at risk.<\/p>\n<p>Organizations need to take an inside-out approach to cybersecurity assessments, looking for areas of weakness and making it a priority to safeguard systems that must be impervious to attacks to protect human life and safety. Companies should undertake scenario planning to \u201cthink the unthinkable\u201d and run simulations to ensure that their firm is ready to withstand such attacks. They also need to be ready to respond immediately if a breach should occur. The\u00a0<a href=\"https:\/\/www.pymnts.com\/news\/banking\/2017\/banks-prepare-for-apocalyptic-cyber-attack\/\" target=\"_blank\" rel=\"noopener noreferrer\">Sheltered Harbor initiative<\/a>\u00a0in the financial sector could offer a model for other industries in how to deal with these emerging risks of data destruction. This effort has developed standards to help banks recover and restore account data in the event of a major cyber-attack.<\/p>\n<p>A cyber threat will always be a moving target. Companies that begin with these three steps can develop the capability to better understand cyber threats as they evolve and cultivate an environment in which developing resilience against such threats is a top priority, owned by company leaders. This resilience can protect your company from the financial, reputational, and legal havoc caused by a major cyber-attack. Your customers are watching.<\/p>\n<p><em>\u201cHow Companies Can Respond to Consumers\u2019 Demands for Better Data Protection&#8221; \u00a9 2017 PwC. All rights reserved.<\/em> <em>No reproduction is permitted in whole or part without written permission of PwC.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ready to learn Data Science? Browse courses\u00a0like\u00a0Data Science Training and Certification developed by industry thought leaders and Experfy in Harvard Innovation Lab. Consumers don\u2019t know who to trust with their personal data. According to PwC\u2019s latest\u00a0Consumer Intelligence Series survey, Protect.me, only 25 percent of respondents believe companies will handle their sensitive data responsibly, and just<\/p>\n","protected":false},"author":164,"featured_media":2704,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[187],"tags":[122],"ppma_author":[2767],"class_list":["post-1260","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bigdata-cloud","tag-big-data"],"authors":[{"term_id":2767,"user_id":164,"is_guest":0,"slug":"joseph-nocera","display_name":"Joseph Nocera","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g","user_url":"","last_name":"Nocera","first_name":"Joseph","job_title":"","description":"Joseph Nocera is a Principal with PwC US leading the Cybersecurity &amp; Privacy practice as part of PwC&#039;s Financial Crimes Unit (FCU). He has significant experience in assisting organizations to meet regulatory demands such as Sarbanes-Oxley, Anti-Money Laundering, Basel II, HIPAA, and GLBA."}],"_links":{"self":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/1260","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/users\/164"}],"replies":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/comments?post=1260"}],"version-history":[{"count":2,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/1260\/revisions"}],"predecessor-version":[{"id":28300,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/1260\/revisions\/28300"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media\/2704"}],"wp:attachment":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media?parent=1260"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/categories?post=1260"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/tags?post=1260"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=1260"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}