Growing concerns over supply chain, OT cyber risk management, says PwC survey

“CISOs and cyber teams are rising to the challenge. C-suites are joining forces with them, recognizing that their bold moves have increased their organizations’ cyber risk exposure,” PwC stated in its report.

The 2023 Global Digital Trust Insights survey surveyed 3,522 business, technology, and security executives from July to August 2022. 52% of all respondents were from large companies ($1 billion and above in revenues) and 16% were from companies with $10 billion or more in revenue.

The industries covered included:

• Industrial manufacturing.
• Tech, media, and telecom.
• Financial services.
• Retail and consumer markets.
• Energy, utilities, and resources.
• Government and public services.

The survey revealed 70% of the executives interviewed had seen an improvement in their organization’s cybersecurity due to investments and C-suite collaboration.

“Fewer than 40% of respondents say they have fully mitigated the risks their bold moves incurred since 2020,” explained PwS.

That said, large organizations and those based in North America are more likely to have fully addressed these risks.

Executives believe cyber attacks will increase this year

Overall, the survey noted that organizations expect an increase in cyber threats and events in 2023, with 29% expecting a third-party breach, 28% expecting exploits of cloud component services, 26% expecting software supply chain compromise, 26% expecting theft of intellectual property for commercialization and 26% anticipating attacks on the industrial internet of things (IIoT) or OT.

However, the survey said CEOs are taking a more active role in their companies’ cyber risk management, with over half looking to create plans for significant changes and initiatives.

“And more than half say they’ll spearhead major initiatives such as streamlining the supply chain and eliminating products that weaken the enterprise’s cyber posture,” stated PwC.

The survey explained that those who have experienced breaches are particularly motivated to make changes. To help with oversight, CEOs seek more information on cyber risks and three key areas: assessments and practices, business continuity plans and a dashboard on critical cyber threats.

Executives express concern over supply chain risks

Regarding supply chain attacks, CROs and COOs have expressed extreme or very high levels of concern in the survey regarding their ability to withstand these attacks.

“Only about one-quarter strongly agree that their operations workforce has the needed digital skills, or that they have invested enough, to prevent cyber attacks from disrupting their supply chain,” stated PwC.

Additionally, these executives lack confidence in their third-party partners to prevent supply chain disruptions from cyber attacks. Overall, the survey says there needs to be more investment and preparation to protect against supply chain threats.

OT security is top of mind among executives

Further, COOs and CROs have identified operational technology (OT) security as a significant concern. Despite the growing sophistication of OT, organizations need help keeping their operations secure. This is an issue that both CISOs and CIOs are aware of, but they differ in what they see as the biggest obstacle to achieving modern and secure operations.

Outdated software and vulnerability-management tools are the biggest hurdles for CISOs and CIOs. CROs/COOs emphasize the need for a more expansive approach to OT cyber risk management that considers not just financial risks but also health, safety and environmental risks.

“As OT technologies and solutions grow more sophisticated — using artificial intelligence and machine learning to increase automation in manufacturing plants, for instance — organizations are struggling to keep up with making their operations secure and safe,” stated PwC.

Article Topics

IT/OT  |  PwC  |  ransomware  |  risk management  |  security  |  supply chain