Matthias Bossardt explains in an interview how companies are dealing with the growing threat of cyber risks and what role new talent plays in this.
Cyber attacks and their consequences have been a reality faced by Swiss businesses for some time now. A survey conducted by KPMG Switzerland shows that nearly half of the companies that have been the victims of a cyber attack suffered financial losses and disruptions to their business activities as a result. The increasing sophistication and volume of cyber security threats and attackers, rapid technology changes, the continued move toward automated and cloud-based services, and changing data privacy regulations are just a few factors that have propelled companies to increase their focus on cyber security and information protection.
Increasingly, sensitive data, including intellectual property, customer data and personally identifiable information is being stored and transacted on the cloud. The driving force behind this transition toward the cloud is business agility, innovation and speed to market, customer experience, and, in some cases, increased security and assurance. However, it is critical that a company understands its risk exposure to third parties and has a clearly defined cloud security strategy and approach. The strategy should address how to securely enable the adoption and use of cloud resources across the business. The strategy should also take into account that the cloud is not “just another outsourcing solution” as risk mitigating controls may look different in a hybrid cloud environment. Ignoring this will endanger the expected benefits from the cloud and, hence, jeopardize the business case to move to the cloud.
Yes, we can. A cyber security study that we conducted last year showed that nearly half of those surveyed responded that they do not have any controls in place for suppliers and 38% of the companies do not have contractually binding terms and conditions related to cyber risks. What’s more, the vast majority of cyber response plans do not cover incidents such as attacks on suppliers or business partners.
It can be both. As artificial intelligence technologies accelerate business transformation, with more decisions shaped by machine-learning algorithms, responsible use of these powerful tools is paramount. Moreover, appropriate governance must be in place to achieve desired outcomes. To help organizations manage and evolve artificial intelligence responsibly, KPMG has introduced “AI In Control”. This framework is supported by a set of methods, tools, and assessments to help organizations realize value from AI technologies while achieving imperative objectives like algorithm integrity, explainability, fairness and agility.
Actually, we are in big need for seasoned cyber security professionals. Up-and-coming talent in Switzerland must be given a lot more support. We’re talking about people who will be familiar with the multifarious kinds of cyber risks and know how to tackle them. The lack of seasoned cyber security professionals, combined with tightening budgets, highlights the importance of automation. Organizations should consider automating some of the repetitive aspects of collecting and analyzing data about intruder activity. This will help to re-prioritize where cyber professionals are focusing their efforts. Companies should also focus on recruiting new talent out of college and developing bespoke training programs to build the next generation of cyber professionals.
KPMG is making an important contribution in this area and is investing in the next generation of cyber specialists and thus, over the long term, in Switzerland itself as a training and business hub. KPMG Switzerland has joined forces with UK-based cyber security firm Immersive Labs to launch the Digital Cyber Academy. With this innovative partnership, KPMG is making a cloud-based cyber training and assessment platform available for free to all Swiss universities and universities of applied sciences. This allows Switzerland as a training and business hub to benefit from the next generation of experts who can deal confidently with increasingly complex cyber risks. Ultimately, this added value will be a boon to Swiss companies.
Extensive financial and commercial due diligence has long been routine in the context of investments or mergers and acquisitions. Yet, despite the risks it can pose, cyber security appears to be overlooked by the vast majority of Swiss businesses during a due diligence process. Not undertaking cyber due diligence prior to investing in a business can prove costly in both financial and reputational terms – especially if there follows a breach of customer privacy or a major business interruption.
Most companies seem to acknowledge the relevance of cyber security but still fall short when it comes to taking specific action. This stark contradiction looms over the cyber strategies of many Swiss organizations. While many companies only view the topic of cyber security in terms of the threats or risks it presents, if they play their cards right, they could also use it as an opportunity to improve their companies’ resilience and build greater confidence among their relevant stakeholders. That would strengthen their reputation and thus also their competitive position, in turn generating more business.