An analysis by PwC shows blockchain technology has the potential to boost global gross domestic product (GDP) by $1.76 trillion over the next decade. That is the key finding of a report assessing how the technology is being currently used and exploring the impact blockchain could have on the global economy.
Through analysis of the top five uses of blockchain, ranked by their potential to generate economic value, the report gauges the technology’s potential to create value across industry, from healthcare, government and public services, to manufacturing, finance, logistics and retail.
“Blockchain technology has long been associated with cryptocurrencies such as Bitcoin, but there is so much more that it has to offer, particularly in how public and private organizations secure, share and use data,” comments Steve Davies, Global Leader, Blockchain and Partner, PwC UK.
“As organizations grapple with the impacts of the COVID-19 pandemic, many disruptive trends have been accelerated. The analysis shows the potential for blockchain to support organizations in how they rebuild and reconfigure their operations underpinned by improvements in trust, transparency and efficiency across organizations and society.”
- The report identifies five key application areas of blockchain and assesses their potential to generate economic value using economic analysis and industry research. The analysis suggests a tipping point in 2025 as blockchain technologies are expected to be adopted at scale across the global economy.
- Tracking and tracing of products and services – or provenance – which emerged as a new priority for many companies’ supply chains during the COVID-19 pandemic, has the largest economic potential ($962bn). Blockchain’s application can be wide ranging and support companies ranging from heavy industries, including mining through to fashion labels, responding to the rise in public and investor scrutiny around sustainable and ethical sourcing.
- Payments and financial services, including use of digital currencies, or supporting financial inclusion through cross border and remittance payments ($433bn).
- Identity management ($224bn) including personal IDs, professional credentials and certificates to help curb fraud and identity theft.
- Application of blockchain in contracts and dispute resolution ($73bn), and customer engagement ($54bn) including blockchain’s use in loyalty programmes further extends blockchain’s potential into a much wider range of public and private industry sectors.
Blockchain’s success will depend on a supportive policy environment, a business ecosystem that is ready to exploit the new opportunities that technology opens, and a suitable industry mix.
Economic benefits across continents
Across all continents, Asia will likely see the most economic benefits from blockchain technology. In terms of individual countries, blockchain could have the highest potential net benefit in China ($440bn) and the USA ($407bn). Five other countries – Germany, Japan, the UK, India, and France – are also estimated to have net benefits over $50bn.
The benefits for each country differ however, with manufacturing focused economies such as China and Germany benefiting more from provenance and traceability, while the US would benefit most from its application in securitisation and payments as well as identity and credentials.
At a sector level, the biggest beneficiaries look set to be the public administration, education and healthcare sectors. These sectors are expected to benefit approximately $574bn by 2030, by capitalising on the efficiencies blockchain will bring to the world of identity and credentials.
Meanwhile, there will be broader benefits for business services, communications and media, while wholesalers, retailers, manufacturers and construction services, will benefit from using blockchain to engage consumers and meet demand for provenance and traceability.
Digital transformation as top priority
The potential for blockchain to be considered as part of organizations’ future strategy is linked to a research with business leaders that showed 61% of CEOs said they were placing digital transformation of core business operations and processes among their top three priorities, as they rebuild from COVID-19.
“One of the biggest mistakes organizations can make with implementing emerging technologies is to leave it in the realm of the enthusiast in the team. It needs C-Suite support to work, identify the strategic opportunity and value, and to facilitate the right level of collaboration within an industry,” comments Davies.
“Given the scale of economic disruption organizations are dealing with currently, establishing proof of concept uses which can be extended and scaled if successful, will enable businesses to identify the value, while building trust and transparency in the solution to deliver on blockchain’s potential.”
The report warns that if blockchain’s economic impact potential is to be realized, its energy overhead must be managed. Growing business and government action on climate change, including commitments to Net Zero transformation, will mean that organizations need to consider new models for consolidating and sharing infrastructure resources to reduce reliance on traditional data centres and their overall technology related energy consumption.
Liability for cyber-physical security incidents will pierce the corporate veil to personal liability for 75% of CEOs by 2024, according to Gartner.
Due to the nature of cyber-physical systems (CPSs), incidents can quickly lead to physical harm to people, destruction of property or environmental disasters. Gartner analysts predict that incidents will rapidly increase in the coming years due to a lack of security focus and spending currently aligning to these assets.
The funcion of CPSs
CPSs are defined as systems that are engineered to orchestrate sensing, computation, control, networking and analytics to interact with the physical world (including humans). They underpin all connected IT, operational technology (OT) and Internet of Things (IoT) efforts where security considerations span both the cyber and physical worlds, such as asset-intensive, critical infrastructure and clinical healthcare environments.
“Regulators and governments will react promptly to an increase in serious incidents resulting from failure to secure CPSs, drastically increasing rules and regulations governing them,” said Katell Thielemann, research vice president at Gartner.
“In the U.S., the FBI, NSA and CISA have already increased the frequency and details provided around threats to critical infrastructure-related systems, most of which are owned by private industry. Soon, CEOs won’t be able to plead ignorance or retreat behind insurance policies.”
The financial impact of CPS attacks resulting in fatal casualties is predicted to reach over $50 billion by 2023. Even without taking the actual value of a human life into the equation, the costs for organizations in terms of compensation, litigation, insurance, regulatory fines and reputation loss will be significant.
“Technology leaders need to help CEOs understand the risks that CPSs represent and the need to dedicate focus and budget to securing them,” said Ms. Thielemann. “The more connected CPSs are, the higher the likelihood of an incident occurring.”
Many enterprises not aware of CPSs already deployed in their org
With OT, smart buildings, smart cities, connected cars and autonomous vehicles evolving, incidents in the digital world will have a much greater effect in the physical world as risks, threats and vulnerabilities now exist in a bidirectional, cyber-physical spectrum.
However, many enterprises are not aware of CPSs already deployed in their organization, either due to legacy systems connected to enterprise networks by teams outside of IT, or because of new business-driven automation and modernization efforts.
“A focus on ORM – or operational resilience management – beyond information-centric cybersecurity is sorely needed,” Ms. Thielemann said.
40% of consumers hold business leaders personally responsible for ransomware attacks businesses suffer, according to a research from Veritas Technologies.
Furthermore, research shows the public often wants restitution from businesses that fall foul of ransomware – with 65% of respondents wanting compensation, and 9% even wanting to send the CEO to prison.
Simon Jelley, vice president of product management at Veritas Technologies, said: “As consumers, we are increasingly well-educated about ransomware, so we’re unforgiving of businesses that don’t take it as seriously as we do ourselves.
“The two most essential things that businesses should have in place, according to their customers, are protection software (79%) and backup copies of their data (62%). Now, it seems, if businesses don’t get these basics right, consumers are ready to punish their leadership.”
Paying and not paying ransoms
The research, covering six countries and 12,000 consumers, also appears to show a paradox when it comes to paying ransoms. 71% of people want companies to stand up to cyber-bullies and refuse paying ransoms to get data back.
However, when the issue becomes more personal, with a direct threat to their own data, many people change their minds and want the businesses they buy from to negotiate. When it comes to financial data, 55% of respondents want suppliers to pay the ransom to facilitate the return of records.
Jelley said: “It may seem that businesses are in an impossible situation with consumers telling them both to pay – and not to pay – ransoms. However, what we, as customers, are really saying is that we want businesses to escape the dilemma by avoiding the situation in the first place.
Consumers expect businesses to have the technology in place to restore their data without negotiating. That’s the win-win solution and, considering the likely brand damage and loss of customers that come with failing to put this into practice, the risk is simply too big for companies not to have this aspect of their systems in place.”
In fact, the study shows how some consumers quickly lose patience with companies that risk data through ransomware attacks. 44% of consumers would stop buying from a company that had been the victim of such a crime.
Patterns that emerge from country to country
- In China, people have the highest tendency to change their minds on negotiating with cybercriminals, when it’s their own critical information. While 80% of respondents believe businesses shouldn’t negotiate in general, when it becomes a personal issue of recovering their own data, that number drops sharply to just 16%.
- Brits have the strongest feelings about standing up to cyberbullying demands, with 81% believing businesses should not negotiate with criminals.
- The French seem to be the most forgiving respondents from surveyed countries, with 24% wanting to blame company heads, 55% believing only criminals can be blamed for ransomware attacks, and only 36% considering dropping a company’s services after an attack.
- Inversely, the Japanese and Chinese are the least forgiving, with 49% and 51% dropping company services after an attack, and China looking to blame business heads directly (66%).
- Germans are most vociferous about harsh punishment for leaders following an attack, with 29% of those who blame the leaders seeking a prison sentence.
- In contrast, in the United States, the most common attitude for those blaming leaders is to seek fines as punishment (41%).
There are growing disparities in how CEOs and CISOs view the most effective cybersecurity path forward, according to Forcepoint.
The global survey of 200 CEOs and CISOs from across industries including healthcare, finance and retail, among others, uncovered prominent cybersecurity stressors and areas of disconnect for business and security leaders, including the lack of an ongoing cybersecurity strategy for less than half of all CEO respondents.
The research also identified disparities between geographic regions on data protection as well as a digital transformation dichotomy battle between increased risk and increased technology capability.
- Most leaders (76%) are losing sleep over the prospect of becoming the next headline-grabbing security breach
- This is despite a high percentage (87%) believing that their security team is consistently ahead of cybersecurity threats
- This disparity is compounded by a belief that senior leadership is cyber-aware and data-literate (89%) and focused on cybersecurity as a top organizational priority (93%)
- Cybersecurity strategies are seen by 85% of executives as a major driver for digital transformation, yet 66% recognize the increased organizational exposure to cyber threats because of digitization
- Only 46% of leaders regularly review their cybersecurity strategies
“When more than 89% of leaders believe their teams are more cyber-aware than ever, it’s not surprising to hear executives are losing sleep over their cybersecurity posture today because they know the stakes to their business are so high,” said Nicolas Fischbach, Global CTO of Forcepoint. “At a time when cybersecurity is more strategic to business growth than ever before, it is time senior business and security leaders reassess their cybersecurity strategy to one that enables them to move left of breach.
Disparities between CEOs, CISOs and global geographies
The research spotlights the disparity in how enterprises across global geographies prioritize key elements of security. Protecting customer data is a resounding priority for leaders in the US (62%) and Europe (64%), while in Asia 61% of leaders will prioritize protecting organizational IP over customer data.
Factors influencing these results may be due in part to differing regulatory approaches to data and privacy protection as well as recent legislative decisions in the U.S. and Europe, such as GDPR and CCPA.
There is also a clear divide between CEOs and CISOs in how they identify the right cybersecurity path forward for their business. CEOs prefer to be proactive and risk-focused (58%), prioritizing maintenance of business stability above all.
While more than half of CISOs (54%) embrace a more reactive, incident-driven approach to mitigating today’s dynamic cybersecurity threat landscape.
The research also found that, despite claiming vendor fatigue, enterprises use more than 50 security vendors on average with 62% reporting they want even more.
However, as more enterprises begin to embrace the cost savings and benefits of converged networking and security capabilities found in the emerging Secure Access Service Edge (SASE) security architecture approach the need for dozens of security vendors will abate over time.
Fischbach continued, “Companies leading on the cybersecurity front today are realistic about the risks they face and are prepared to prioritize security to protect the lifeblood of their business – which is customer data and organizational IP. And with today’s new way of working, getting this right within a remote work reality has never been more critical.
“Now is the time for all business and security leaders to recognize the business continuity actions they take now will determine whether they simply survive or thrive in today’s new business reality.”
A serious disconnect exists between how decision makers (i.e., CISOs, CIOs and CEOs), and security practitioners (i.e., IT managers and directors, security architects and security operations analysts) perceive phishing prevention, according to a research by Ironscales.
The research is based on a detailed, cross-industry survey of 252 security professionals from the United States and the United Kingdom.
Among its key findings, the survey revealed that decision makers are four times more likely than security practitioners to consider email security the highest priority, suggesting that security personnel believe that they have a sufficient handle on phishing prevention while the C-Suite sees substantial business risk.
“The disconnect between security practitioners and decision makers is extraordinarily problematic for phishing prevention and incident response,” said Eyal Benishti, CEO at Ironscales.
“The cause for such a predicament – whether or not security professionals on the front lines don’t fully understand the long-term business impacts of a successful phishing attack or if the C-Suite is simply over-concerned – is irrelevant. What matters is that moving forward these two important constituencies get on the same page so that the proper time and attention can be allocated towards minimizing phishing risk.”
The survey revealed that there is a critical need for real-time threat intelligence to more thoroughly address the risk of phishing; that the security skills shortage is having a material impact on security teams’ ability to deal with phishing properly, and that most organizations are using several tools to combat phishing, with secure email gateways remaining the most common.
Key research findings
- 24% of a 40-hour work week is spent by security analysts investigating, detecting or remediating phishing emails.
- Only One in five organizations continuously updates and tweaks its corporate email security policies in a typical month.
- Nearly three in five organizations train their users on proper email security protocols no more than twice per year, while only a third of organizations do so much more frequently (at least monthly or continuously).
- More than 70% of organizations use only manual processes for reviewing user-reported phishing emails, making it far too labor and time-intensive to mitigate email threats at scale.
Problems with phishing prevention
The survey also found that phishing emails continue to take organizations a substantial amount of time to detect, investigate and remediate. In total:
- 70% of organizations take more than 5 minutes to remove a phishing attack from a corporate mailbox even though the average time-to-click is 82 seconds.
- 75% of organizations cannot act on phishing intelligence automatically in real-time.
- 90% of organizations cannot orchestrate phishing intelligence from multiple sources in real time in the context of their overall email security solution(s).
“The survey’s findings reinforce the significant challenges that email phishing attacks incur on organizations of all sizes,” said Michael Osterman, principal analyst at Osterman Research.
“Most immediately, decision makers and cybersecurity practitioners must work to overcome the disconnect that exists so that time, budget and resources can be properly allocated to reduce email phishing risk.”
While a majority of CEOs express strong confidence in the effectiveness of their current IT systems, most are struggling to close the innovation achievement gap to drive growth and revenue, according to a global study by Accenture.
The is based on Accenture’s largest enterprise IT study conducted to date, including survey data from more than 8,300 organizations across 20 countries and 885 CEOs.
Innovation achievement gap: Adopting new technologies
The research, which analyzed the adoption of both mature and emerging technologies – such as artificial intelligence, cloud, blockchain, and extended reality – found that just 10% of companies are making optimal technology investment and adoption decisions and realizing the full value of those investments.
By adopting new technologies more aggressively and breaking down barriers to effectively scale innovation across their organizations, these leading companies are generating more than twice the rate of revenue growth than those on the lower end of the spectrum.
At the same time, the study found that 80% of CEOs believe they have the right technologies in place to innovate at scale, and 70% claim to be very knowledgeable of their organization’s investments in innovation.
Key factors that distinguish the top 10% of companies from the rest
- Progress: The extent to which companies apply new technology to evolve business processes across the enterprise. One example is the use of cloud and AI to increase the effectiveness of multiple business processes rather than working in silos.
- Adaptation: Ensuring that IT systems can adapt and respond to changing market conditions with actions such as decoupling from legacy systems and using cloud services as a catalyst for innovation.
- Timing: Creating an appropriate sequence and roadmaps for deploying new technology. This begins with identifying foundational technologies and prioritizing adoption based on their enterprise-wide impact.
- Human+machine workforce: Using technologies to augment employees and make work more engaging while simultaneously realizing efficiency gains. This could entail delivering technology-augmented training that is personalized and experiential for working with technologies of the future.
- Strategy: Actively aligning business strategy and IT strategy and weaving technology investments together to better seize opportunities.
“Companies that are not actively building enterprise-wide systems that are fully optimized for all of the rapidly-maturing technologies will find it difficult to catch up, and will see that reflected negatively in their financial performance,” said James Wilson, managing director of Information Technology and Business Research at Accenture.
More than half of CEOs think their enterprise risk management program (ERM) program is not as effective as it should be, a LogicGate survey reveals.
Challenges for enterprise risk management programs
With companies experiencing an increase in risks and data breaches, it’s no surprise the report uncovered that 88% of CEOs think ERM is very or extremely important. However, while most companies have an ERM program in place, there’s little agreement as to what a successful program really looks like in practice, beyond the baseline features.
Fortunately, CEOs are beginning to understand the need for their involvement in their company’s ERM program with 66% wanting more involvement.
“It’s not a matter of if your company will face risk, it’s a matter of when, and which risks. Every business faces risks, and without a strategy in place, you are setting your company up for failure,” said Matt Kunkel, CEO, LogicGate.
“For CEOs to become more involved with ERM, they must integrate ERM in their business decision-making process and create a culture of risk. The responsibility of ERM does not fall only on the IT or compliance departments, it involves every employee and every department.”
The CEOs surveyed echo this sentiment, asserting a clear desire for increased visibility into risks and a quantifiable methodology for tracking and evaluating them.
Several CEOs lamented the “labor-intensive” process in their organizations and voiced a need for a “better understanding of what it’s costing us to mitigate risk.” They also recognize a need for “regimented” and “streamlined” methods of factoring risk into their overall business strategies.
Greatest concerns for CEOs
Looking ahead to 2020, CEOs are most concerned with risks in three categories: Strategic, Operational, and Macroeconomic risks.
- 1 in 3 CEOs see Strategic Risk as the “Biggest Potential Risk Concern.” Among Strategic Risks, risk arising from key business partners is most frequently ranked first.
- 1 in 3 CEOs are most concerned about Operational Risk. In this category, cybersecurity is the top concern due to the increase in cyber threats.
- Finally, of the CEOs most worried about macroeconomic trends, 1 in 4 are most worried about the threat of a recession. Global political instability was close behind.
Other key takeaways from the report
- CEOs at smaller firms are significantly less satisfied with their ERM programs, with 1 in 3 finding them not very or not at all effective.
- CEOs are the least satisfied with the ongoing monitoring of ERM, particularly firms with <$250M in terms of having risk KRIs tracked by a central team.
- About 3 in 4 CEOs rate their risk identification favorably, although fewer CEOs in the core industries of financial services, healthcare, and technology, media, and telecom report cross-functional team involvement.
- Information security leads ERM for 3 out of 10 CEOs, followed by finance, risk, and the board of directors.
- Most CEOs meet with their ERM leader at least weekly, or daily in larger firms.