Cybersecurity: key findings and themes

2019 Digital Trust Insights Survey

Can dealing with risk increase the gains?

Companies are investing massively in capitalising on the opportunities of data. But are they also investing in managing the risks and building data trust? Data is the inexhaustible output of today’s ubiquitous connections of things, people, and organisations. Analyst estimates of the potential of data to transform experiences, industries, and cities run in the trillions of dollars, the size of a large economy today. 

According to PwC’s Digital Trust Insights survey of more than 3,500 respondents, these pacesetters show discipline in valuing data across corporate initiatives: from new product or service launch, to savings captured by data-driven cost initiatives, to potential acquisitions, to initiatives to increase workforce effectiveness.

The findings of the survey are exciting: companies that build privacy into their approach are able not only to reduce data risks, but also to boost the value they squeeze from their data. In other words, addressing issues of data privacy and ethics isn’t just an expense; it’s an investment with a direct and measurable return. 

Survey hypotheses

1.  Only a small fraction of companies have a formal way of assigning value to data that includes the privacy team.

  • Those who are assigning value to data also 
    • have more mature data security and privacy practices
    • report better outcomes for data monetisation

2. Market leaders are opening new data monetisation frontiers involving the supply chain, workforce and deals.

Were these hypotheses confirmed? Check out this site for the findings. There’s also some food for thought on how your organisation might catch up with the leaders and squeeze more value from your data.


Insights

A relatively small number of companies combine data valuation with data privacy.

We’ll start with the hypothesis that only a small fraction of companies have a formal way of assigning value to data that includes the privacy team. 

Does the survey confirm this?

Yes, many companies have a formal process for valuing data, but not so many have included a mechanism for assuring data privacy in the process – even though the majority say they would sacrifice profit to invest in better data trust.

72% of respondents now have a formal process for assigning value to their data assets. In the past two years, 40% of companies have assigned value to data as part of a new product or service launch.

  • Only 37% of respondents have a formal way of assigning value to data that includes the privacy team consistently.
  • If asked to choose between customer privacy and profit, 60% of companies emphasise customer privacy while 34% choose profit.
  • If asked to choose between risk management in vendor selection and profit, 56% of companies choose risk management while 38% choose profit.
  • If asked to choose between addressing emerging data localisation requirements and customer privacy, 54% choose privacy while 38% choose data localisation requirements.

Questions you might like to ask yourself:

  • Do the numbers for who would sacrifice profit for privacy surprise you?
  • Does the 72% statistic for those that have a formal data valuation process surprise you?
  • What does good data valuation look like? What precisely does assigning value to data involve?
  • What would be your main reason for committing to data trust: the needs of the market, or compliance requirements?

Companies that focus on both data value and data privacy squeeze more value out of their data, and are further along in terms of exploiting new ways of using data.

Next, the hypothesis that the companies that a) assign value to data and b) consistently include data privacy in the process have more mature data security and privacy practices, and report better outcomes for data monetisation – and that the market leaders are opening new data monetisation frontiers involving the supply chain, workforce and deals. 

Does the survey confirm this hypothesis?

Yes, 37% of the leaders are further along in data use in ways most likely to impact profitability and/or growth, including seeing ROI from their efforts.

  • Thereof, 61% have successfully implemented their plan to use data to make business operations run smarter and faster, compared to 38% of the rest of all other companies (those who do not have a process for assigning value to data as well as those who do have a formal process but do not consistently involve the privacy team in that process) of which 48% of leaders have seen ROI from this initiative vs 21% of others.
  • 68% have successfully implemented their plan to use data to generate new products and services, compared to 41% of the rest of which 45% of leaders have seen ROI from this initiative vs 22% of the rest.
  • 67% have successfully implemented their plan to use data to improve the effectiveness of the workforce, compared to 38% of the rest of which 48% of leaders have seen ROI from this initiative vs 21% of the rest.

They more often see regulations as helping them gain value from data vs hindering them.

  • 76% say regulations are helping them to extract value from data in making business operations run faster and smoother vs 55% of others.
  • 76% say regulations are helping them to extract value from data in generating new products and services vs 49% of others.
  • 79% say regulations are helping them to extract value from data in evaluating potential new partners or acquisitions vs 53% of others.

Questions you might like to ask yourself:

  • Has your company adopted more mature data security and privacy practices? 
  • If not, what’s preventing you from doing so? 
  • What will happen if you don’t adopt such practices?

 


A more detailed analysis of the survey responses reveals that the market leaders’ success in exploiting the value of data is no accident, but the result of a smart combination of three tactics: exploiting data value, putting data ethics into action, and designing in data security and privacy. Other companies can benefit from studying their approach.

  • Only 37% have a formal process for assigning value to data AND consistently involve the privacy team in that process. A significant percentage of highly resilient companies do so. Large companies are also more likely to do this.
  • The 37% is assigning value to data in a large number of occasions, from acquisitions (34%) to valuation of IP (46%) to documentation for board reporting (43%).
  • They are investigating how to use data for both efficiency and effectiveness in nearly every part of the business. Most pervasive use is in talent, IT and customer service.
  • More than half of the 37% have implemented these practices across the entire organisation, compared to about a third of the rest: a 20 to 25 point spread in every practice we queried. Companies tend to implement leading practices across the board at the same rates: they either do it well or don’t do it well.
  • The 37% say different parts of their organisation work together on data-driven initiatives far more often than peers. This is important because the locus of responsibility seems to shift to different leaders from strategy to risk management to technology.

 

Next steps: Speed up and scale up gains from data

If decision-makers within an organisation cannot trust their data, or their ability to protect that data, then the data is not just useless, it’s actually a source of risk. Companies that build their business models on inaccurate or unsecured data risk breaches, regulatory scrutiny and damage to their reputation. 

Contact us

Urs Küderli

Urs Küderli

Partner Cybersecurity and Privacy, PwC Switzerland

Tel: +41 58 792 42 21

Yan Borboën

Yan Borboën

Partner Cybersecurity and Privacy, PwC Switzerland

Tel: +41 58 792 84 59