PwC Australia adopts security awareness platform SecurityAdvisor


PwC Australia and security awareness platform SecurityAdvisor today announced they have entered into an exclusive strategic alliance for the Australian market. The alliance brings together PwC’s cyber, research-based behavioural and cultural diagnostic framework, and people and change expertise, with SecurityAdvisor’s behavioural platform and security technology to create a unique machine learning-based solution.

Cyber risk was identified by 95% of Australian CEOs as the top threat to business growth in PwC’s 24th Annual Global CEO Survey – and people remain a critical aspect of it. The cybersecurity sector is fast-moving and regardless of the sophistication of an organisations’ security technologies, the human element can either make or break cybersecurity capabilities. Various studies have shown that anywhere between 75% to 95% of security breaches and incidents can be traced back to human actions.

To gain a deeper understanding of human behaviour – and the pitfalls and hot spots that could lead to cyber incidents – the ‘Together Effect’ of combining cybersecurity, business, technology, privacy, change and behavioural minds is key to design targeted, real-time teachable processes. Real-time notifications that prompt feedback to users and require their action, creates a positive feedback loop that promotes further learning and behaviour change, and in turn, a reduction in security events. In addition to real-time response, looking at leading Indicators of Behaviours (IoBs) prevents incidents before they happen and helps organisations get ahead of the game to manage and mitigate risk.

Recently, PwC Australia merged its cyber capabilities across consulting, assurance and financial advisory into one ‘Cybersecurity and Digital Trust’ team to improve service delivery in response to clients’ expectations.

As part of PwC Australia’s digital transformation strategy, the firm is also demonstrating its ongoing commitment to investing in Australia and Australian skills with the recent announcement of a new onshore delivery centre in Adelaide – the Skilled Service Hub, which will meet the rising demand for cyber and cloud skills, and increasing capacity onshore to address data sovereignty and security requirements.

Rick Crethar, PwC Australia’s Cyber and Global Crisis Centre leader, said, “The combined Cybersecurity and Digital Trust team is providing scale, a broader range of services and a single point of contact for the vast array of cybersecurity issues and risks being experienced by our clients. We now have 19 partners and 260 staff across Australia and will look to grow further with new partner appointments and recruitment of 50 staff in our Skilled Service Hub in Adelaide.”

Cybersecurity and Digital Trust Partner at PwC Australia, Nicola Nicol said that human errors and decision making in judgement are one of the main reasons behind security breaches and incidents.

“Cyber criminals are relentless and becoming more brazen with their manipulation tactics to dupe employees into providing sensitive information. Human errors in judgement are one of the main reasons behind security breaches and incidents. Organisations need to strengthen their defences by understanding cognitive biases and thought processes as they are used by hackers to target people.

“By collaborating with SecurityAdvisor, we are able to take the ‘what’ and ‘why’ from our behaviour based approach and drive targeted, real-time changes to the ‘how’ and evidence the improvements through everyday security data and metrics. Our alliance allows us to collect data from security tools, provide real-time information to individuals and show a tangible reduction in security events.

“Cybersecurity is critical for business growth yet our CEO Survey revealed only about a quarter of Australian CEOs on average said their organisation needs to do more to measure and report on cybersecurity and data privacy. With cyber attacks on the rise, businesses need to articulate cyber risk in a way that is meaningful to executives, directors, investors, and employees. It’s crucial to be able to interpret data, quantify cyber risk and explain how this relates back to specific business outcomes,” said Nicol.

Crethar added, “A paradigm shift is required to make current risk techniques and practices more effective. This shift requires moving more into the less explored areas of behavioural and social aspects of cybersecurity. People don’t have to be cyber security experts. It’s about identifying what biases, beliefs, values, perceptions and mindsets influence cyber-related decision-making, and designing solutions and operating environments to enable people to make optimal security decisions.”