The fourth industrial revolution is both enabling vast business innovation and also creating sizable cyber security risks. KPMG’s 2016 Global CEO Outlook presents CEO views on their actions and readiness to mitigate business cyber risks.
“When we went through the third industrial revolution, we failed to secure the Internet effectively, but have we learned our lessons?” asks Malcolm Marshall, Global Head of Cyber Security, KPMG International.
The fourth industrial revolution, the age of the Internet of Things, machine learning, cognitive computing and artificial intelligence increases the security risks exponentially. If not secured from the beginning, the consequences may be measured in lives lost, not just money lost.
According to KPMG’s 2016 Global CEO Outlook, the world’s leading CEOs are beginning to learn the lessons from the third industrial revolution and, going forward, they recognise the risks of the new wave of technologies.
Cyber security is the top risk named by CEOs this year (30 percent), up from the fifth highest ranked last year.
CEOs enter this new era with some trepidation. Eighty-five percent are concerned about having to consider the integration of basic automated business processes with artificial intelligence and cognitive processes.
Depending on the type of company, cyber security does not need to be the CEO’s direct responsibility, but there needs to be somebody on the executive team who has clear responsibility for cyber security.
To be able to thrive in the fourth industrial revolution, companies need mainstream cyber capabilities: people in all parts of the organisation who understand cyber issues. Each major decision needs to be looked at through the cyber security lens.
Seventy-two percent of CEOs are not fully prepared for a cyber event, significantly higher than in 2015 (50 percent). In interviews CEOs frequently said: “We are as prepared as we can be” or “You can never be fully prepared.”
Marshall thinks that the level of CEO apprehension highlighted by the KPMG survey shows understanding of the complexity and unpredictability of cyber security. “The CEOs we speak to increasingly understand that while they might not personally be the expert, they will be held accountable if there is a major problem. They recognise the need for senior people they trust to equip their organisation to withstand the cyber-test."
How to prepare? By practicing the ability to respond to cyber events. Companies need an ability to be agile and deal with the unexpected. Often organisations that can deal with the unexpected in a business sense and have more effective governance are better prepared for cyber events. Being agile enough to respond to a cyber event often depends as much on an organisation's governance as their technology capability.
Cyber security is not just a cost, it is also a revenue driver. The survey reveals that cyber security is correlated with performance. More CEOs from top-performing companies believe that they are fully prepared for a cyber event.
What is the correlation between cyber security and growth? It starts with confidence. “If you have close to 100 percent confidence that your organisation is able to build new digitally enabled services that have a very low risk of being compromised, you are likely to be much more ambitious in what you do,” says Marshall.
Eighty-two percent of CEOs are concerned that their customers may be more worried about their privacy than their organisation is. As the volume of data grows exponentially, so do the opportunities to use it. Typically, when services are free, businesses make money from the data, and the consumer becomes, in effect, a product. Customers are beginning to recognise the value of data and see it as part of a transaction.
As customers better understand the amount of data that is collected on them, and how companies are using it, there is a danger they will hit back. “With CEOs recognising the importance of privacy, we are turning a corner towards a more open and transparent approach,” says Marshall.
© 2021 Copyright owned by one or more of the KPMG International entities. KPMG International entities provide no services to clients. All rights reserved.
KPMG refers to the global organization or to one or more of the member firms of KPMG International Limited (“KPMG International”), each of which is a separate legal entity. KPMG International Limited is a private English company limited by guarantee and does not provide services to clients. For more detail about our structure please visit https://home.kpmg/governance.
Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.