“2016 Chief Digital Officer” study – digital responsibility is growing

In its latest “2016 Chief Digital Officer” study, Strategy& investigates who is responsible for overseeing digitization within companies. The findings show that a third of Swiss management bodies delegate this task to a Chief Digital Officer (CDO), particularly in the financial industry. The profiles of CDOs vary – but not their role.

The aim of the “2016 Chief Digital Officer” study conducted by Strategy& is to establish who is in charge of the digital transformation in the 2,500 largest listed companies in the world (including 49 in Switzerland). The term CDO refers to senior executives entrusted with the digitization strategy of their company. The evaluation clearly shows that: The Chief Digital Officer is taking the C-suite by storm. Whereas in 2015, 6% of study participants employed a CDO; in 2016 the number had already risen to 19%. 60% of the CDOs questioned were appointed between 2015 and 2016. Europe, the Middle East and Africa (EMEA) have the highest CDO density in the world, and the strongest growth (+30%) in the role. Switzerland is ranked fifth in Europe with 33%.

The Swiss financial services industry has clearly recognized the signs of the times, and is deploying the relevant management skills to ensure the consistent implementation of a digital strategy. The financial sector has the highest proportion of CDOs in Switzerland: insurance companies lead the way with 67%, followed by banks with 50%. They are digitizing not only their customer activities, but also their internal processes.

There is no typical CDO. Half of Swiss CDOs are members of the Board of Directors, 38% have individual titles such as “Head of Digital”, 6% hold the position of Vice President, and 6% are Directors. Almost two thirds were recruited from within the company. Only 13% of CDOs are currently female. 38% of CDOs held a previous function in marketing, sales or customer service. A third come with technical baggage, while a quarter have a background in consulting, strategy or business development. The importance of technical experience has increased. In 2016, 32% of CDOs originated from the technical sector. This represents more than twice as many as the previous year.

Find out more

Contact

Dr. Daniel Diemers
Partner Financial Services, Strategy&, Schweiz
+41 58 792 3190
daniel.diemers@strategyand.ch.pwc.com

PwC’s CIO Roundtable 2017 – Master Data and other challenges

Thursday, 22.06.2017
18:00 – 19:00 hours
PwC Zurich
Birchstrasse 160, 8050 Zurich

About the event

Effective master data management is a key factor to success. Most companies are going through substantial transformation projects – either to become more effective or to open new business fields. What do have all these transformation projects in common? The difficulty of handling master data effectively and efficiently – knowing that master data is representing one of the basic pillars in companies’ information landscape. The way you build the governance, processes, tools and skills around this data is crucial and can speed up your transformation projects, or kill them instantly.

Do you want to find out more about challenges, issues and best practices ideas? Come and join us when we dive into the most relevant implications of master data management.

Registration Link

Contact Us

Alexej Freund
Senior Manager – Advisory Consulting
PwC Switzerland
Tel. +41 58 792 2754
alexej.freund@ch.pwc.com

Rejhan Fazlic
Manager – CIO Advisory
PwC Switzerland
Tel. +41 58 792 1148
rejhan.fazlic@ch.pwc.com

The Future of Wealth Management

PwC’s 4th FS-Talk

Wealth managers are challenged by shifting client segments and disruptive technologies PwC experts discuss the key success factors for wealth managers today. Private client re-segmentation makes value-added services more important. Demands on relationship managers are increasing. Operations are under pressure to deliver higher efficiency. Listen in for pointers of where the challenges are and which technologies provide opportunities to gain a competitive edge.

Watch the latest video of our FS-Talk:

Get in contact with the speakers:

Dieter Wirth
Partner / Financial Service Leader
+41 58 792 4488
dieter.wirth@ch.pwc.com

Marcel Tschanz
Partner Advisory
+41 58 792 2087
marcel.tschanz@ch.pwc.com

Marcel Widrig
Partner / Private Wealth Leader
+41 58 792 4450
marcel.widrig@ch.pwc.com

Digital IQ: focus on the human experience and technology integration

This is the tenth year running we’ve conducted PwC’s Global Digital IQ® Survey. The findings are sobering: enterprises all over the world are struggling to unlock the desired value. In most cases they’re overlooking fundamental integration of technology with the human experience of customers and employees. Compared with previous years there has been a decline in corporate digital IQ.

For the last ten years we and our colleagues at PwC all over the world have been polling the digital intelligence quotient of enterprises. For the 2017 edition, from September to November 2016 we asked more than 2,200 executives in 53 countries about digitisation trends and their impact on their organisation. In Switzerland 53 people took part, most of them chief information officers (CIOs) or heads of IT.

What makes a champion?

The so-called top performers, in other words organisations with sales and margin growth of more than 5%, consider the definition of ‘digital’ to be broader. They’re engaged in far-sighted, customer-oriented technology activities that go beyond mere digital technology to take in other aspects of business. When these companies run digital projects they involve cross-disciplinary teams with representatives from various fields of expertise and technology to revolutionize the human experience (employee & customer experience). They also use agile methods for the majority of projects, even those not involving software development.

Where do Swiss companies stand out?

Executives at Swiss companies rate the digital IQ of their CIO by international standards higher than their counterparts abroad (89% in Switzerland versus 83% worldwide). But the figure for CEOs is lower than the global average (54% versus 62%).

When it comes to innovativeness, Swiss companies do less well by international standards, with only 54% systematically venturing to take on new technologies (versus 76% in other countries). Swiss organisations take a different approach to exploring new technologies than their counterparts abroad, and are more likely to join forces with other industry leaders or technology vendors.

What determines digital success?

Digital initiatives are successful when aligned with a digital strategy that’s clear and understandable for all the stakeholders involved and that brings about changes in corporate culture. Transformation always has to take account of the perspectives of employees and partners such as suppliers and customers.

Digitally ambitious enterprises are able to draw together different aspects to enable harmonious, value-adding transformation. By integrating the business, the customer and employee experience, and the relevant technologies, they’re able to achieve lasting competitive advantage.

Want to know more about our study? You’ll find a summary of the Swiss findings here. You can also download the international edition of the Global Digital IQ® Survey:

Global Digital IQ Survey

Contact

Christoph Müller
Senior Manager, CIO Advisory
+41 58 792 27 86
christoph.mueller@ch.pwc.com

Axel Timm
Partner, Business Technology
+41 58 792 27 22
axel.timm@ch.pwc.com

Holger Greif
Partner, Advisory
+41 58 792 13 86
holger.greif@ch.pwc.com

The ransomware that made the world cry

The last few days of the cybersecurity community have been heated up by a vast-scale ransomware attack rippling across the world. On Friday 12 May came the first announcements of victims infected with a ransomware dubbed WannaCry (also known as WCry or Wanna Decryptor). It soon became clear that the scale of this wave was bigger than usual. According to the last estimates, the malware infected more than 250,000 systems in as many as one hundred countries. The list of victims is long and includes notorious names across all sectors. In some cases, the malware had unfortunate consequences. For instance, a few hospitals in the United Kingdom had to cancel their scheduled surgeries and some students in China lost their graduation thesis.

What we know

The malware encrypts and adds the extension “.WCRY” to all files that match a list of 176 specific extensions including documents, database and backup files. The victim is requested to pay between USD 300 and 600 in Bitcoins to get its files back. So far, there is no evidence that a payment will effectively provide the key for decrypting the files. In their message, the authors threaten to delete the file forever if their request is not met within eight days. The international ambitions of this campaign are made clear by the fact that the ransom message is translated in 28 languages.

Once the initial host has been infected, the ransomware dropper makes use of the MS17-010 vulnerability of the Server Message Block (SMB) protocol to spread laterally through the network. The exploit using this vulnerability has been made public by the group Shadow Broker on 14 April 2017 in a leak of hacking tools allegedly crafted by a state actor. Microsoft had released a patch a month before.

Switzerland has not been spared. The Swiss GovCERT declared that until Sunday evening there were roughly 200 potential victims. The number of victims could steeply increase, as there are more than 5,000 systems directly connected to the Internet over a SMB protocol.

What is still unclear

Despite the overwhelming information, some points still remain unclear. First, it is not yet known how the dropper is initially delivered to the victims. According to one hypothesis a spear phishing e-mail should have spread the malicious attachment. However, no such e-mails have surfaced yet. In its alert, the US-CERT claimed that hackers gained access to the victims’ network either through Remote Desktop Protocol or through the exploitation of the critical Windows SMB vulnerability mentioned above. Second, the identity of the authors is wrapped in mystery. Given the financial nature of the attack, the dominant hypothesis states that the attack has been launched by a criminal group. However, it should not be forgotten that in the past even state actors were involved in spectacular heists. Fresh discoveries suggest that the malware might be linked to Lazarus, a state actor group believed to be involved in the infamous SWIFT attack against the Bangladesh Central Bank of February 2016. So far, the authors have neither spent nor transferred the Bitcoins they obtained. At this stage, it is difficult to make further assertions on the attribution of the attack.

Main takeaways

As previously mentioned, the exploit used in this attack was leaked in April this year. By that time, the vendor had already released a patch to correct the flaws. Unfortunately, many users ignored this threat and were not much eager to install the patch. This episode should serve as a reminder that threat actors will reuse leaked tools and that without a proper prophylaxis an incident is just around the corner.

As reported by the media, a young IT-security researcher could temporarily curb the attack by registering a “kill-switch” domain that told the ransomware to stop spreading itself. Unfortunately, new versions of the malware without this feature have already been spotted in the wild. Furthermore, the threat intelligence community generously shared a lot of indicators and advices helping organisations to identify, prevent and dwarf the impact of infections. These common efforts have to be praised and should continue in the future.

Recommendations

If not done yet, apply the MS17-010 patches immediately. As short-term actions, your IT team should consider to:

  • disable all external SMB access (blocking ports 137, 139 and 445 to/from the internet);
  • disable the use of the SMBv1 network file sharing protocol;
  • ensure two-factor authentication is in place for all necessary external accesses to systems (e.g. VPN and RDP);
  • update the antivirus signatures;
  • rapidly isolate the infected system from your corporate network to curb the spreading of the infection;
  • backup the encrypted files in case a decryption tool become available, if you have already fallen victim to the ransomware.

On a more long-term approach, consider to plan and exercise a business continuity programme, adopt and test an incident response strategy, a consistent patch and vulnerability management, as well as a regular backup policy and security awareness raising trainings.

PwC can provide you with the necessary assistance and counsel to address these issues and improve your overall security posture. PwC strongly believes in a holistic approach to cyber security by offering a wide variety of services covering all the phases of the cyber lifecycle: from strategy and policy development to its implementation and review.

Why is the latest attack different and what is its relevance for boards? Read more.

In case of questions, please contact us at
cyberinvestigation@ch.pwc.com

 

Transforming Businesses through Drone Technologies

Tuesday, 30 May 2017, Papiersaal Sihlcity, Zurich

The digital transformation agenda is revolutionising business operations and impacting technological progress as well as improving economic results. The disruption through drones is a perfect example of the transformation of operational processes and PwC is pioneering on this front with the development of a dedicated solution that helps businesses.

PwC’s Drone Powered Solutions sees the commercial application of drone technologies which provides the ability to capture unparalleled levels of both data volume and data accuracy that are analysed to suit the business’ requirements. After a presentation of PwC’s global thought leadership report “Clarity from Above” which focuses on the commercial application of drones technologies, we will highlight case studies that demonstrate how drone solutions can be integrated in insurance, construction and agriculture industry businesses. We will follow with workshops around opportunities and challenges facing drones technologies implementation.

We would like to welcome you to presentations and discussions that focus on drone technologies. The event features drones in flight, virtual reality and the opportunity to engage with subject matter experts in this exciting topic.

Date and Time: Tuesday, 30 May 2017 – 10:00 – 16:00 hours
Venue: Papiersaal, Alte Sihlpapierfabrik, Kalenderplatz 6 (Sihlcity), 8045 Zurich
Costs: There will be no costs charged for this Event
Programme: Find the detailed programme online

Please register online

We are looking forward to your participation!

PwC’s NPO Breakfast Spring 2017 – breaking barriers in delivery

Breaking barriers in delivery

Switzerland, and more specifically Geneva, is an important global hub for international Not-for-Profit organisations. These play a vital role in key humanitarian activities worldwide. In spite of the importance of this work, which benefits a growing stakeholder community, these organisations can find themselves confronted with a number of formal issues in an increasingly complex environment.

Artificial intelligence and equal pay are two topics rising in importance in the business world. How do they benefit your organisation? How do they impact your organisation’s activities?

We would like to address these matters and share key questions asked by NPO managers around artificial intelligence and equal-salary at our upcoming
NPO Breakfast on Tuesday, 20 June.

The breakfast will provide a great opportunity to meet with PwC experts and peers encountering similar issues. If you would like to attend please register, as the number of participants will be limited.

We look forward to meeting you over breakfast!


Programme

8.30 am Welcome coffee & breakfast

9.00 am Introduction
Gill Sivyer, Partner, Global Leader International Development, PwC

9.10 am Artificial Intelligence
Christian Westermann, Partner, Leader Data & Analytics, PwC Digital Services
Manuel Capel, Senior Manager, Data & Analytics, PwC Digital Services
The Speakers will introduce the topic of artificial intelligence (AI) and the reasons why it is gaining importance in the business world. Interconnected digital systems generate valuable information from new sources such as the internet, sensors or images captured by drones. By applying artificial intelligence to this data, it can be used to drive revenues and reduce costs by identifying new market opportunities, increasing process automation and detecting anomalies.

9.30 am Equal-Salary Certification
Sue Johnson, Senior Manager, Inclusion & Diversity, PwC
Attracting the best talent continues to be a top of mind challenge for leaders in all sectors. Fostering an inclusive workplace is key to enabling an innovative work culture and high performing teams with a customer centric ethos. The speaker will outline the impact of how EQUAL-SALARY certification can support your organisations journey to a diverse and inclusive workplace.

9.50 am Questions & discussion

10.20 am End


Event details

Date and time
Tuesday, 20 June 2017
From 8.30 am to 10.20 am, including breakfast

Venue
PwC Geneva
Avenue Giuseppe-Motta 50
1202 Geneva
Map

Participation fee
The event is free of charge.
The number of participants is limited. Participants will be accepted in the order registrations are received.

Registration
Please register by clicking on the below link. Your registration will be confirmed.
Register here

Contact
Olga Alfaro
Event Coordinator
olga.alfaro@ch.pwc.com

Reimagine and transform your finance function in the digital age

‘Digital’ is not just about the technology. It’s about new ways of solving problems, creating unique experiences and accelerating business performance. Responding to the digital age is about the need to change the whole operational approach. CFOs will need to adopt a new mindset and language to lead transformational change.

Current megatrends shaping the finance function include digital agility, enterprise risk management, automation and robotisation, big data and data analytics, outsourcing and offshoring as well as compliance. External factors are driving the need for change and include new competitors (such as FinTech and RegTech), the necessity of responding flexibly to accounting standard changes (such as IFRS 9 and IFRS 17) and the need for agile responses to increasing regulatory requirements.

In light of the evolving role of the finance function, industry leaders have recognised that change needs to happen, as they have realised that digital technology will reshape competition over the next few years. A digital finance function will have new accountabilities and opportunities to generate more insight and add value. Whilst the finance function currently spends a lot of time on transactional processing and report production, there is now a real opportunity to move towards standardised reports and data alignment, which will increase the finance function’s ability to generate insight.

With local teams and a strong track record in areas such as automation, cloud computing, financial transformation, target operating model design and big data, PwC can help you transform your finance function to make it ready for the digital age. In our paper we look at current trends and key challenges facing the finance function


Download the paper here.

 

You can contact us at any time

Patrick Mäder
Partner
+41 58 792 4590
maeder.patrick@ch.pwc.com

Patrick Akiki
Partner
+41 58 792 2519
akiki.patrick@ch.pwc.com

Switzerland targeted in sustained global cyber campaign

PwC and BAE Systems have recently concluded an intensive investigation into an espionage network dubbed APT10. Our Advanced Cyber Defense team in Switzerland has been involved in the detection, response and remediation of the attack in multiple sectors where Swiss based clients have fallen victim to this campaign.

Over the last year we have seen sustained targeted attacks against major organisations in Switzerland. The attacks have specifically targeted managed IT service providers (MSPs) and used these networks to reach MSPs customers. This potentially gave unprecedented global access to the intellectual property and sensitive data of those MSPs and their clients.
As part of the investigations carried out by our Swiss, UK and global teams, we have linked these activities to similar attacks in more than 14 countries. PwC has gone public with this because although we have already seen several companies compromised, there may be many other organisations affected. We recommend performing a cybersecurity breach assessment to detect whether your organisation has been previously compromised, and to use tailored threat intelligence to manage risk effectively.

World-wide, the campaign has targeted many Japanese state entities, and in the US, defence-related as well as telecommunication companies. The construction, retail and consumer, energy and mining, technology, professional services, metals, industrial manufacturing, and public sector were also targeted.

What is APT10?

APT10 has targeted “managed IT service providers” and has used them as a springboard to crawl through networks. The group behind the campaign has been using a wide variety of malware which has evolved over time. This has included: RedLeaves, PlugX, Poison Ivy, EvilGrab, and mimikatz. These tools used as part of the campaign have been around for quite some while and passed around within criminal circles.

The campaign uses an impressive network of command-and-control servers. PwC assesses the energy and resources invested into the campaign as high and sustained.

Attribution

PwC was successful in attributing the attack to the campaign by seeking analytical conclusions from a variety of disciplines and perspectives, all pointing to the same conclusion. Reverse engineering of the malware revealed a command-and-control infrastructure as well as recognisable characteristics. Additional folders and file conventions and paths further shed light on associated techniques, tools, and procedures (TTPs). Robust intelligence corroborated with similar indicators and activities across related victims. Lastly, the modus operandi, targeted information and temporal analysis of activities when compared to similar activities at the time and in the industry reinforced PwC’s conclusions.

Several indicators point to the instigators being located in East Asia. Most strikingly, the timestamps of registration of domains for the important network of command-and-control servers as well as the compilation time would appear to make sense for an actor based within this region. Many of these indicators could be faked to induce investigators to draw the wrong conclusions. However, to do so consistently across several types of evidence, and without hinting at another geographical location would be rather exceptional.

Further investigations are still being carried out to try to determine more exactly who could be behind the attacks. Attribution is a lengthy investigative process, but we believe that the report needed to come out quickly to help organisations protect their networks as much as possible.

What to do

The report includes a long list of Indicators-of-Compromise. It is advisable to upload these into your systems to protect against future possible attacks. Furthermore, for organisations in targeted sectors with high value intellectual property we recommend conducting a threat hunt into your network to identify whether you have been targeted by the attacks.

PwC also recommends at a minimum two factor authentication for jump posts where managed service providers (MSP) enter client networks. The compromise and data exfiltration is done via system and MSP administrator accounts so having stronger controls around these entry points are key. Additionally, increasing visibility across the enterprise through a holistic logging policy would further assist.

Should you need any help to conduct such assessment, PwC would gladly assist you in any way we can. Don’t hesitate to get in touch with us: PwC Swiss Breach Aid Team

The report and the technical indicators can be found here
 

Reto Häni
Cyber Security Leader
+41 79 345 01 24
reto.haeni@ch.pwc.com

Besuchen Sie uns am IT Sourcing Forum 2017

PwC lädt Sie zum diesjährigen Swiss IT Sourcing Forum vom 19. April 2017 im Kultur- und Kongresscenter in Luzern ein.

Mehr als 300 Entscheidungsträger von Anwender-Unternehmen werden sich im KKL Luzern zum B2B-Event der Schweizer Cloud & IT Sourcing Branche treffen.
Als Platin Partner des Swiss IT Sourcing Forum 2016 ist PwC am 19. April 2017 persönlich vor Ort vertreten und nutzt die Veranstaltung für persönliche Gespräche mit Kunden, Interessenten und den professionellen Austausch mit Experten und Entscheidungsträgern der Branche. Gerne treffen wir Sie vor Ort und suchen mit Ihnen gemeinsam die beste Lösung für Ihr Unternehmen zur Umsetzung Ihrer IT-Strategie.

Zusätzlich zu den Vorträgen haben Sie die Möglichkeit an unseren beiden  Roundtables “Präsentation der Schweizer Ergebnisse aus der Digital IQ-Studie 2016″ um 11:20 Uhr und  “Cyber Security  – Von der Überlebensstrategie zum Unternehmensvorteil ” um 14:40 Uhr teilzunehmen.

Wir freuen uns sehr, Sie an unserem PwC Stand am Swiss IT Sourcing Forum 2017 begrüssen zu dürfen.

Online Registrierung


Datum:
Wednesday, April 19 2017, 09:30 – 17:30

Veranstaltungsort:
KKL Luzern, Europaplatz 1, 6005 Luzern

Mehr Informationen finden Sie hier