(Image: Shutterstock)

Financial services, followed by health care, led the way among business sectors in a new survey by PricewaterhouseCoopers on firms’ readiness to manage cyber and privacy risks.

Financial services leaders also showed a great concern for cyberattacks from outside state-sponsored actors, the survey revealed.

Of firms undertaking a digital transformation, financial services firms were more likely than average to say that cyber and privacy risk management was baked into the plan from the start, according to the inaugural PwC Digital Trust Insights survey.

The survey and an accompanying report by PwC addressed business sectors’ cyber readiness and went on to identify 10 major areas for improvement in the areas centered on technology, processes and people. The initiative surveyed 3,000 business leaders worldwide.

While 55% of respondents said their company was engaged in an enterprise-wide digital transformation project, the number soars to 81% for financial services and to 86% for technology, media and telecommunications companies valued at $100 million or more, according to a footnote in the survey.

“Only about half of medium and large businesses in key sectors say they are building resilience to cyberattacks and other disruptive shocks to a large extent. And fewer than half of them say they are very comfortable their company has adequately tested its resistance to cyberattacks,” according to PwC.

In addition to financial services and health care, the survey included the sectors of industrial products; consumer products; technology, media and telecommunications; and energy, mining  and utilities.

The 10 major opportunities PwC identified for improvement after the survey include corporate governance actions such as upgrading talent and leadership teams and raising awareness and accountability.

Improvement of communications and engagement with the board of directors plus tying security to business goals were also featured among the cyber-related opportunities identified.

Other areas include engaging security experts at the start of digital transformations, being proactive in compliance, boosting cyber resilience, keeping pace with innovation and a category called knowing the enemy.

The enemy — cyber threats — can be external or internal to the company, although relatively large companies are more concerned about insider threats than are small businesses, according to the survey.

However, over the past year financial services firms’ concern over state-sponsored hackers increased 33%, the biggest increase of any sector, according to PwC.

Concern about insider threats has grown more modestly among health-services respondents from the same size companies, however, despite Verizon’s 2018 Data Breach Investigation Report finding about the health sector’s insider-threat problem, PwC said.

Respondents also said the top digital compliance and ethics challenges worldwide include staying aware of the latest regulatory developments (41%); complying with current regulations (37%); and preparing for future regulations (34%). (Brazil’s data protection law is a recent example of new legislation.)

Perhaps the most well-known example is the European Union’s General Data Protection Regulation (GDPR), which went into effect in May 2018, according to the study.

Fewer than half of companies worth $100 million or more say they are fully ready to comply with GDPR, the report states.

— Check out 2 Common Email Spoofing Scams to Avoid: SEC on ThinkAdvisor.