| | June 20158CIOReviewopinionin myWhy CIOs are Embracing Enterprise Risk Management to Improve CybersecurityBy David Burg, Global & U.S. Advisory Cyber Security Leader, PwCBusinesses across sectors and around the world have reached a tipping point on cybersecurity. As risks continue to escalate, it's becoming clear that existing approaches simply are not working.In The Global State of Information Security Survey 2015, PwC found that the number of detected security incidents increased at a compound annual growth rate of 66 percent over the past five years. And it's not just the frequency of incidents that's surging--cyberattacks are also becoming increasingly multi-faceted and destructive. Last year's assault on a U.S. entertainment company, in fact, introduced an entirely new level of malice. The perpetrators not only stole valuable intellectual property, but they also released personal data and corporate documents that included damaging employee communications and payroll information. The attack also disrupted the company's email and telephone systems and included an unprecedented threat of physical violence to individuals.It's no wonder, then, that concern about cybersecurity risks has become top of mind among executive leaders. PwC's 18th Annual Global CEO Survey 2015 shows that concern about cyberthreats increased more than any other risk factor over the past year. And nowhere is that unease more pronounced than in the U.S., where apprehension about cyberthreats is second only to worries about government regulation. In fact, the percentage of U.S. executives who say that they are "extremely" concerned about cyber threats has doubled in the past year: 45 percent of CEOs reported the highest level of concern, up from 22 percent in 2014.As more executive leaders and Boards of Directors become concerned about cyber-risks, they're asking their CIOs about the company's cyberthreat landscape and response readiness. Forward-thinking CIOs are not only delivering a clear picture of current risks and readiness, they are also emphasizing the importance of understanding cybersecurity as an enterprise-wide business risk issue. They are taking the lead by explaining why cyberthreats are among the most significant business risks facing their organizations, and how cybersecurity incidents can result in potentially crippling financial, legal,
< Page 7 | Page 9 >