PwC, SecurityAdvisor partner to tackle human-centric cyber risks

PwC Australia has entered into an exclusive strategic alliance with security awareness platform SecurityAdvisor. The alliance combines PwC’s cyber, research-based behavioural and cultural diagnostic framework with SecurityAdvisor’s behavioural platform and security technology, to create a machine learning-based solution.

PwC’s 24th Annual Global CEO Survey revealed that 95% of Australian CEOs view cyber risk as the top threat to business growth — and people remain a critical aspect of it. The cybersecurity sector is fast-moving and, regardless of the sophistication of an organisation’s security technologies, the human element can determine the efficacy of cybersecurity capabilities. To gain a better understanding of human behaviour — and the pitfalls that could lead to cyber incidents — the ‘Together Effect’ of combining cybersecurity, business, technology, privacy, change and behavioural minds is key to designing targeted, real-time teachable processes.

Real-time notifications that prompt feedback to users and require their action creates a positive feedback loop that promotes behaviour change and therefore a reduction in security events. In addition to real-time response, looking at leading Indicators of Behaviours (IoBs) prevents incidents before they happen and helps organisations manage and mitigate risk.

Recently, PwC Australia merged its cyber capabilities across consulting, assurance and financial advisory into one ‘Cybersecurity and Digital Trust’ team to improve service delivery and meet client expectations. As part of its digital transformation strategy, the firm also demonstrated its commitment to investing in Australian skills with the announcement of a new onshore delivery centre in Adelaide. The Skilled Service Hub will meet the rising demand for cyber and cloud skills, increasing onshore capacity to address data sovereignty and security requirements.

Rick Crethar, PwC Australia’s Cyber and Global Crisis Centre leader, said the combined Cybersecurity and Digital Trust Team provides a broader range of services and a single point of contact for the range of cybersecurity issues and risks experienced by clients.

“We now have 19 partners and 260 staff across Australia, and will look to grow further with new partner appointments and recruitment of 50 staff in our Skilled Service Hub in Adelaide,” said Crethar.

Nicola Nicol, Cybersecurity and Digital Trust Partner at PwC Australia, said that human errors and decision-making in judgement are among the main reasons behind security breaches and incidents. Nicol added that cybercriminals have become more brazen with their manipulation tactics, to dupe employees into providing sensitive information. Nicol urged organisations to strengthen their defences by understanding cognitive biases and thought processes as they are used by hackers to target people.

“By collaborating with SecurityAdvisor, we are able to take the ‘what’ and ‘why’ from our behaviour-based approach and drive targeted, real-time changes to the ‘how’ and evidence the improvements through everyday security data and metrics. Our alliance allows us to collect data from security tools, provide real-time information to individuals and show a tangible reduction in security events,” said Nicol.

With cyber attacks becoming more prevalent, Nicol has urged businesses to articulate cyber risk in a way that is meaningful to executives, directors, investors and employees.

“Cybersecurity is critical for business growth, yet our CEO Survey revealed only about a quarter of Australian CEOs on average said their organisation needs to do more to measure and report on cybersecurity and data privacy. It’s crucial to be able to interpret data, quantify cyber risk and explain how this relates back to specific business outcomes,” said Nicol.

Crethar added that a paradigm shift is needed to make current risk techniques and practices more effective; this shift requires moving into the less-explored areas of behavioural and social aspects of cybersecurity.

“People don’t have to be cybersecurity experts. It’s about identifying what biases, beliefs, values, perceptions and mindsets influence cyber-related decision-making, and designing solutions and operating environments to enable people to make optimal security decisions,” said Crethar.

Image credit: ©stock.adobe.com/au/tippapatt