Companies should embed a risk-based mindset across every level of their organisation.
According to the recent KPMG / Harvey Nash CIO survey, increased investments in cyber security are leading to greater confidence in managing cyber risk. The last two years have seen a slight decrease in the number of well publicised large cyber incidents, but managing the increasing regulatory focus in many jurisdictions such as the EU, particular regulations such as GDPR and ePrivacy, and additional regulatory stakeholders such as the Public Company Accounting Oversight Board (PCAOB), means that cyber security is still at the top of agenda for most organisations.
This is only reiterated by KPMG's 2019 Global CEO Outlook which found that 69% of CEOs believe a strong cyber strategy is key to building customer trust – a sharp increase from the year before (55%) when protecting their customers' data was also felt to be one of their most important responsibilities.
Regardless of what is driving behaviors and decisions, keeping your business safe is paramount if your organisation wants to remain competitive and successful. But getting everything in place and preparing your company for something that may never happen can be challenging.
Consumers are demanding more transparency on what is being done with their data, while at the same time looking for improved levels of customer service and global access to goods and services. When you put these together, it becomes clear that organisations need to align and connect all areas of their business. As a result, many are investing significant resources and budget into digitisation and implementing improved technologies. The customer experience is being digitised, including omni-channel, multi-platform and AI-supported technologies, back-end processes are being harmonised, and supply chains are being enhanced through increased levels of transparency.
What is proving challenging for organisations is the technology they are working with is still emerging – such as large cloud transformation, low code platforms, and machine learning and robotics. Some technologies are still on the cusp of deployment, such as 5G networks and deep learning, and others are looming on the horizon, such as quantum computers, smart energy grids and self-driving cars.
Across the board, management teams are preparing for the impact of technologies that are well beyond their current knowledge base. They are having to try and predict and prepare for attacks from sources that are not yet known, and in some cases including state-sponsored attacks or cyber espionage being carried out by competitors.
Advice for organisations in this position is to ensure you keep a risk-based mindset with regard to cyber security in everything you’re doing – embedding this across every level of your organisation. Some of the aforementioned developments can actually be a risk for your business, while others could turn out to be an opportunity. Cyber security must be foundational to not only protect sensitive data, but also to give better insights and enable better business decisions.
Working with experienced companies you can trust is key. At KPMG, member firm cyber security professionals work together with clients and alliances such as Microsoft, ServiceNow and IBM, to help shape cyber security governance and to proactively identify cyber security threats and technical vulnerabilities your organisation might face now or in the future.
The term Partner refers to a member of KPMG LLC / KPMG Audit LLC.
© 2020 KPMG LLC, an Isle of Man limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved.