Cyber Security and Strategy: PwC's Grant Waterfall on breaches, the data economy and C-level attitudes

Recent hacks, breaches and malware attacks around the globe have forced companies to re-examine their methods of safeguarding consumer data. And consumers are paying attention. PwC’s recent Consumer Intelligence Series: Protect.me report on consumer attitudes of the perils of cyberspace shows that 92 percent of those surveyed think cybersecurity should be at the forefront of any company’s strategy. We sat down with Grant Waterfall, PwC’s U.S. Cybersecurity & Privacy Deputy Lead to talk about the target-rich environment in today’s data economy, consumer attitudes, and how companies are shifting their thinking.

Consulting: What’s the typical consumer attitude towards cybersecurity threats?

Waterfall: There’s a much higher level of awareness and I think it’s playing out in the report. I think we’re seeing an environment where you’ve got a rapidly increasing level of awareness and consumers are getting far more interested in how companies are handling it.

Consulting: What are the big consulting opportunities around cybersecurity?

Waterfall: If you look at it more from the privacy side of things you’re seeing some new technologies arriving, things like algorithms, artificial intelligence, and facial recognition, which are only going to make this trust dynamic more accentuated. I think in the space of consumer trust around privacy and how is data protected and used in a responsible way by companies there’s going to be a much greater need for companies to be more transparent and really think about how they deal with this new dynamic. We’re finding there’s a lot of opportunity in the space around privacy and often it’s driven by regulation at the moment. More and more companies are realizing they need to put in place the processes to help be more transparent, to help give customers more control of their data. I think more and more companies will realize this is more of a transformation to get them ready for what’s coming. That’s driving a lot of our business and we’re shifting the conversation to be less about regulation and more about readiness for being able to build these trust relationships with customers.

Consulting: What industries are the most vulnerable to breaches of private data?

Waterfall: The most obvious industries that have always had to invest a lot of money in private security are the big banks and technology companies. It’s quite interesting how Petya, the malware that was out there some months ago, has quietly changed the game. If you look at the companies that got hit by Petya, a number of those companies are in that category that might have said we’re not a bank, we’re not a tech company, we don’t need to invest in this at a high level. When you look at a number of them that had their entire IT infrastructure wiped out and a lot of the write-offs you see were companies that couldn’t ship goods for sometimes months on end, you start to get into a world where virtually every industry is vulnerable, and it comes down to resilience of supply chain, etc. from that perspective. I think we’re seeing a wake-up call across all sectors.

Consulting: Do you think we’ll ever catch up to the hackers or will it always be a game of whack-a-mole?

Waterfall: I think you’re going to see a continuous situation of actors who have a lot of money to invest and you’re going to have the industry constantly chasing to keep up, but I think we will see better and better technologies, better threat intelligence, better analytics and artificial intelligence driven analytics, which will get better at protecting. But it’s going to be a constant race to keep up.

Consulting: What are some best practices individuals and companies can do to protect their data?

Waterfall: I think it comes back to that Petya question. I do think that wakeup call has come through for a lot of companies. I’ve gone through this with my clients over the years, you get a lot of companies that say if we look at this from a risk perspective, we’re not a bank or a tech company, we don’t have customer-facing systems or a lot of intellectual property we’re protecting, we’re a manufacturing and distribution company, for example. Then you see the situation of these companies not able to ship goods and distribution networks go down. I think the realization dawned that actually every company now is a tech company; every company is relying on tech to do its day-to-day business.

Consulting: What makes a company or industry trusted by consumers?

Waterfall: I think it’s likely to be individual companies that start to differentiate themselves in the future. If you look at Apple being pretty public about not wanting to create backdoors into iPhones, I think companies have the ability to differentiate themselves by making public stands that will help with the trust relationship. I’d say you will see companies become differentiated because consumers will trust them more with their data and that will open up potential new business opportunities, such as tech companies moving into healthcare. If companies look after customers’ data in the way they expect them to and build that trust they open up new potential business models for themselves. There’s a whole lot of value for companies who invest in this space.

To continue reading,
become a free ALM digital reader

Benefits include:

  • Complimentary access to Consulting Magazine Online and digital edition
  • Bi-monthly digital newsletter delivered to your inbox
  • 1 free article* every 30 days to Consulting Magazine's sister publications
  • Exclusive discounts on events and publications produced by ALM

*May exclude premium content