PwC Australia and security awareness platform SecurityAdvisor have entered into an exclusive strategic alliance for the Australian market.
As part of PwC Australia’s digital transformation strategy, the firm is investing in Australia and Australian skills with the recent announcement of a new onshore delivery centre in Adelaide, dubbed the Skilled Service Hub. It is designed to meet the rising demand for cyber and cloud skills, and increasing capacity onshore to address data sovereignty and security requirements.
In response to clients’ expectations and to improve service delivery, PwC Australia merged its cyber capabilities across consulting, assurance and financial advisory into one ‘Cybersecurity and Digital Trust’ team. Human errors in decision making and judgement have been identified as one of the key factors in security breach incidents, according to Nicola Nicol, cybersecurity and digital trust partner at PwC Australia.
"With cyber attacks on the rise, businesses need to articulate cyber risk in a way that is meaningful to executives, directors, investors and employees. It’s crucial to be able to interpret data, quantify cyber risk and explain how this relates back to specific business outcomes," Nicol said.
“Cyber security is critical for business growth yet our CEO Survey revealed only about a quarter of Australian CEOs on average said their organisation needs to do more to measure and report on cyber security and data privacy."
Cyber risk has been identified by 95 per cent of Australian CEOs as the top threat to business growth in PwC’s 24th Annual Global CEO Survey. The cyber security sector is a fast-moving sector and the human element can either make or break cyber security capabilities regardless of how sophisticated an organisations’ security technologies are. Various studies have shown that anywhere between 75 per cent and 95 per cent of security breaches and incidents can be traced back to human actions.
“Cyber criminals are relentless and becoming more brazen with their manipulation tactics to dupe employees into providing sensitive information," Nicol added.
"Organisations need to strengthen their defences by understanding cognitive biases and thought processes as they are used by hackers to target people."
To gain a deeper understanding of human behaviour, the pitfalls and hot spots that could lead to cyber incidents, the new alliance brings together PwC’s cyber research-based behavioural and cultural diagnostic framework expertise, with SecurityAdvisor’s market-leading behavioural platform and security technology to create a unique machine learning-based solution.
The alliance between PwC Australia and SecurityAdvisor has created a capability that can show a tangible reduction in security events by collecting data from security tools to provide real-time information to individuals, according to Rick Crethar, PwC Australia’s Cyber and Global Crisis Centre leader.
“By collaborating with SecurityAdvisor, we are able to take the 'what' and 'why' from our behaviour-based approach and drive targeted, real-time changes to the 'how' and evidence the improvements through everyday security data and metrics," Crethar said.
“A paradigm shift is required to make current risk techniques and practices more effective. This shift requires moving more into the less explored areas of behavioural and social aspects of cyber security."
To reduce security events, the ‘Together Effect’ of combining cyber security, business, technology, privacy, change and behavioural minds is key to design targeted, real-time teachable processes. Looking at leading indicators of behaviours (IoBs) prevents incidents before they happen, enabling organisations get ahead of the game to manage and mitigate risk. Real-time notifications that prompt feedback to users and require their action create a positive feedback loop that promotes further learning and behaviour change.
"People don’t have to be cyber security experts. It’s about identifying what biases, beliefs, values, perceptions and mindsets influence cyber-related decision-making, and designing solutions and operating environments to enable people to make optimal security decisions,” Crethar added.