Companies everywhere are pursuing digital transformation projects, putting emerging technology into action, while aiming to solve problems, create unique customer experiences and accelerate business performance.
The increase of connectivity between personal devices and businesses is increasing the cyber and privacy risks that businesses have to manage.
Our PwC 2019 Digital Trust Insights survey revealed that New Zealand businesses lag significantly behind other countries when it comes to addressing data security and privacy. Only 20 percent of New Zealand businesses felt ‘very comfortable’ that they have a comprehensive programme in place compared with Australia (27 percent), UK (35 percent) and the US (40 percent).
This is reinforced by the lack of adequate reporting at board level on cyber and privacy risk. Only 16 percent of New Zealand business leaders were ’very comfortable’ that adequate metrics are provided to the board compared to Australia (20 percent), UK (27 percent) and the US (37 percent).
The top three digital and compliance challenges identified by New Zealand business leaders were:
• Preparing for potential future regulations
• Staying aware of the latest regulatory developments
• Adopting emerging risk management standards.
International privacy laws are having an impact on how companies outside their direct jurisdiction approach privacy requirements. The most recent well-known privacy law is the European Union’s General Data Protection Regulations (GDPR), which came into effect in May 2018 and applies worldwide. Our global results revealed that fewer than half of companies worth US$100 million or more say they are fully ready to comply with GDPR. Other international jurisdictions that have or are implementing new privacy regulations include the US and Brazil.
Businesses which operate in multiple jurisdictions internationally should comply with the highest standard (currently GDPR is considered the highest standard), especially if they share data with overseas operations and business partners.
Closer to home, the New Zealand Privacy Act is being updated after 25 years, to better reflect the changes in technology during this time. The new privacy bill was released on March 20, 2018 and is expected to be enacted by March 1, 2020. Changes include that businesses will remain liable for personal information stored in the cloud, regardless of location, and that foreign-owned businesses that operate in New Zealand have to meet the obligations of the Privacy Act requirements.
Increasingly, cybersecurity, privacy and data risks are being intertwined as organisations undertake digital transformation projects based upon emerging technologies such as artificial intelligence (AI), internet of things (IoT), intelligent process automation (IPA), blockchain and virtual reality.
There is a need to build trust into the outcomes of these projects through the implementation of controls. These controls are most effective and least costly when they are built in during the design and implementation phases, yet only 53 percent of our global survey respondents say that proactive management of these risks are included in the project ‘fully from the start’.
We have identified 10 major opportunities for improvement around people, processes and technology:
• Engage security experts at the start of digital transformations
• Identify who at the executive level is responsible for cybersecurity and privacy
• Raise employee awareness and accountability
• Improve communication and engagement with your board of directors
• Tie security to business goals
• Build lasting trust around data
• Boost cyber resilience
• Know who threatens your digital assets
• Be proactive in compliance
• Keep pace with innovation.
At PwC, we believe companies that commit to building and demonstrating digital trust will likely define tomorrow’s digital economy and take the lead ahead of their competitors.
The comments in this article of a general nature and should not be relied on for specific cases. Taxpayers should seek specific advice.