Escalating concern over cyber threats has CEOs warming to government collaboration 2015 US CEO Survey Leading in extraordinary times With cyber attacks the new normal in business, CEOs from the biggest companies expressed the highest concern over cybersecurity. Compared to all other hindrances to growth, cyber threats caused the sharpest uptick in worry for US CEOs. And surprisingly, while CEOs see over-regulation as a growth impediment, a relatively large number say they welcome government-business collaboration on cybersecurity signaling a shift for the sake of securing business ecosystems. Following last year s high-profile cyber attacks on major businesses, cybersecurity continues to wind its way to the top of the CEO agenda. Nearly 45% of US CEOs (21% globally) say they are extremely concerned about cyber threats and a lack of data security, making them the most-worried group among nations. And nearly 42% (40% globally) of US CEOs say they are somewhat concerned. 33% of CEOs in China also expressed extreme concern about cyber threats, which makes them the second-most worried group among nations, followed by 31% of CEOs in Australia and 30% of CEOs of Canada. 29% of CEOs from the Association of Southeast Asian Nations (ASEAN) say they are extremely concerned, rounding out the groups that are most worried about cyber threats. Regionally, North American CEOs showed the most worry, with 40% of CEOs saying they are extremely concerned, followed by 24% of CEOs from Asia- Pacific and 18% from Africa. Continued on the next page 2015 US CEO Survey Top findings 1
Continued Many of those same CEOs also ranked cybersecurity as the most strategically important digital technology, and one they see creating high value for the business. 35% of CEOs worldwide say digital technologies create very high value in digital trust and cybersecurity. In the US, 42% say this is where digital is delivering very high value to their organizations. The top three regions where CEOs see digital investments creating very high value in digital trust and cybersecurity are Central and Eastern Europe at 47%, the Middle East at 42%, and Latin America at 37%. In terms of industries, at 60%, banking and capital markets CEOs were the group most likely to see technology creating very high value in cybersecurity, followed by 56% of technology CEOs. The largest companies showed the most concern over cyber threats and placed the most strategic importance on cybersecurity. 30% of CEOs at companies with revenues over $10 billion say they are extremely concerned about cyber threats, making them the most worried about the risk. 62% of this group say cybersecurity is strategically very important to the organization. For companies with revenues less than $10 billion, extreme concerns from their CEOs came in at less than 25%, and a little over 50% found cybersecurity to be strategically very important. 2015 US CEO Survey Top findings 2
Continued Many CEOs especially at smaller companies welcome collaboration between business and government on cybersecurity strategies. 43% of CEOs globally say they see harmonization between business and government on cybersecurity strategies. 51% of CEOs at companies up to $100 million in revenue see this harmonization; 42% of CEOs at companies of more than $10 billion in revenue see it. Regionally, 57% of CEOs from Central and Eastern Europe are more likely to see harmonization on cybersecurity; 44% of CEOs from Asia-Pacific and Latin America; 43% from Western Europe; and 38% from North America. In terms of industries, more than half of CEOs in five different industries globally witnessed that collaboration, including 53% in banking and capital markets; 52% in pharmaceuticals and life sciences; 52% in entertainment, media, and communications; and 51% in engineering and construction. Globally, the banking industry expressed the highest concern over cyber threats and data security. Interestingly, retail, which has often grabbed cybersecurity headlines, was not among the top-ten most worried industries. 35% of banking CEOs are extremely concerned about cyberthreats, including lack of data security, making them the most worried sector. 31% of communications CEOs say they are extremely concerned, followed by 30% of technology CEOs; 27% in entertainment, media, and communications, and 26% in power & utilities. Only 12% of retail CEOs said they were extremely concerned about cyber threats, including the lack of data security. 2015 US CEO Survey Top findings 3
In their words The role of any Internet company is to protect its customers and provide them the safest possible experience and to be as transparent as possible around privacy. Now, when you step back and look at the role of a company versus the role of a government, clearly if we re going to provide the safest possible experience in aggregate, government and companies need to work together So there s a lot of dialogue going on between governments and companies right now on this front, and it s not been particularly successful thus far. I m hopeful that it gets more productive in the coming months and years. John Donahoe, President and Chief Executive Officer, ebay Inc. The risk with smart grid is cybersecurity. You ve opened another door to the system, so we need to ensure that access to those meters from an IT standpoint is controlled. We have to remember too that even though they are our meters, they re on the customers homes, so we need to be sensitive to that. John G. Russell, President and Chief Executive Officer, CMS Energy Corporation and Consumers Energy Company The bigger risk today is cybersecurity and some of the issues we ve seen with retailers in the US. That s certainly something we ve got to be vigilant about at all times. J. Patrick Doyle, President and Chief Executive Officer, Domino s Pizza, Inc. We learn a lot from other industries. For instance, as we re looking at best practices and what people are doing, we look to industries like financial services and communications for data analytics. In cybersecurity, for instance, banks and retailers have had experience building that, so we re looking and benchmarking with those kinds of companies to help us understand what to do. Alan D. Wilson, Chairman, Officer, McCormick & Company We are obviously concerned, like many companies, with the whole matter of cybersecurity. We store massive amounts of engineering information. A lot of it is proprietary, for mechanical, hydraulic, and electronic designs. So protection of our intellectual property is foremost in our minds, and I m very aware of the risks in that regard. John C. Plant, Chairman, Officer, TRW Automotive Collaboration is becoming much more standard in terms of how you build partnerships between third-party providers and companies. But it s also becoming more complex as data security, cybersecurity, is more important. Some of those partnerships with outside providers have created a point of penetration. With that, it brings complexity in the sense that you have to make sure that your thirdparty provider is approaching security at as great or a better level of protection than you are. D. Bryan Jordan, Chairman, Officer, First Horizon National Corporation 2015 US CEO Survey Top findings 4
Worry over cyber threats spikes, spurring US CEOs to consider new cybersecurity approaches 2014 2015 Percentage of US CEOs somewhat or extremely concerned Cyber threats, including lack of data security 69% 86% Over-regulation 81% 90% Government response to fiscal deficit and debt burden 83% 92% Availability of key skills 70% 78% Increasing tax burden 76% 81% Shift in consumer spending and behaviors 51% 54% Q: How concerned are you about these threats to your organization s growth prospects? Base: 103 (2015); 162 (2014). Source: PwC, 2015 US CEO Survey, January 2015. Next steps, next questions There are indicators that 2015 represents a tipping point in cybersecurity, moving toward more collaboration between business and government on potential regulation, standards, and preparedness. Have you adopted or are you considering adopting the National Institute of Standards and Technology s Cybersecurity Framework? Is your company currently collaborating with industry, government, or other partners? Will you create or join the new collaborative entities proposed in the executive order on cybersecurity? For a deeper conversation, please contact David Burg Principal +1 (703) 918-1067 david.b.burg@us.pwc.com The challenges in cybersecurity are complex and constantly evolving, making it difficult to keep up with the talent and technology needed to keep pace with evolving threats. What type of training and development do you have in place for employees, such as cybersecurity training for key business roles and throughout the company? Have you considered new technology approaches to protecting data and digital assets, including cloud-based cybersecurity? Cybersecurity is not just a challenge; it represents a sizable opportunity with so many stakeholders searching for solutions. How might your company become a disruptor in this area? How might collaborations or new innovations unlock new value for your company and its partners? PricewaterhouseCoopers has exercised reasonable care in the collecting, processing, and reporting of this information but has not independently verified, validated, or audited the data to verify the accuracy or completeness of the information. PricewaterhouseCoopers gives no express or implied warranties, including but not limited to any warranties of merchantability or fitness for a particular purpose or use and shall not be liable to any entity or person using this document, or have any liability with respect to this document. 2015 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved. PwC refers to the US member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors. MW-15-1019. PwC US helps organizations and individuals create the value they re looking for. We re a member of the PwC network of firms, which has firms in 157 countries with more than 195,000 people. We re committed to delivering quality in assurance, tax and advisory services. Find out more and tell us what matters to you by visiting us at www.pwc.com/us.