The most innovative companies have recognized that cyber security is a customer experience and revenue opportunity, not just a risk that needs to be managed. 

They are finding ways to turn cyber security preparedness into a competitive advantage rather than a cost, building security into new products and services at the design stage and realizing that cyber security is not an IT issue: it must work across the entire organization and the ecosystem.

KPMG International recently surveyed over 1,200 chief executives from many of the world's largest and most complex companies and discovered what keeps them awake at night. This new report, a follow-up to the CEO Outlook Survey seeks to provide perspectives on the global cyber security landscape and track insights on the coming 3 years.

Key findings

• One out of five CEOs indicated that information security is the risk they are most concerned about.
• CEOs are grappling with escalating competitive pressures and have concerns about the loyalty of their customers (86 percent), keeping pace with new technologies (72 percent) and the relevance of their product or service (66 percent) in the next 3 years.
• CEOs who said they were not prepared for a future cyber security event are more likely to be increasing their headcount over the next 3 years, and half of them expect a skills gap to emerge over the same period.
• Cyber security was seen as being the issue having the biggest impact on their company for nearly a third of the CEOs (29 percent)
• Only half of the respondents had appointed a cyber security executive or team and two in 10 (21 percent) with no plans to do so.
• Only 37 percent of organizations who responded have upgraded current technologies.Are Canadian organizations ready?

Are Canadian organizations ready?

In Canada, we believe there is a false sense of preparedness amongst CEOs. Many companies have incident response programs and have teams in place to act on routine security incidents such as a malware infection, which makes them assume they are prepared. But many of those response plans are generic and aren’t designed to handle a material breach. Organizations should identify, their crown jewels, their breach scenarios and develop response plans to effectively manage them. As organizations change and evolve, breach scenarios and their plans should be updated.

KPMG’s Cyber Team can help an organization be cyber resilient with the end-to-end management of cyber security threats.