Cyber attacks is a threat that can strike anywhere. Attitudes towards cyber security, however, are not identical around the world. This is clear in the 2017 CEO Outlook. Nordic CEOs are much more likely to see cyber security as an opportunity, rather than a threat. This may be counterintuitive to CEOs from other regions who are more likely to focus on cyber threats than the commercial opportunities from security products and services which they necessitate.
They are, for example, more likely than their global counterparts to believe that data security prompts innovation in products and services. Nearly all (94%) take this view, almost double the 53% of global CEOs who say the same.
Nordic CEOs see data security as an integral part of new, innovative services. They are successful only if the client can trust them. For example, the buyers of cloud‑based HR systems tend to be conscious of the need for data privacy, especially in terms of sensitive data, and the compliance to EU’s General Data Protection Regulation (GDPR).
They understand that they must be able to show their clients high standards of data security, and that their partners’ and suppliers’ standards are equally high. Nordic CEOs are more likely than their international counterparts to see revenue opportunities in such cyber risk mitigation. They are also more likely to see preparedness as part of their leadership role.
Johan Björk, Head of Cyber Security at KPMG Sweden says that “Nordic CEOs are starting to see that they cannot hope for high customer satisfaction without cyber security, or privacy for that matter. They understand that it is important to protect their assets”.
Internet penetration creates higher expectations
This is likely helped by the fact that Nordic countries have very high levels of internet penetration. Denmark and Sweden top the league tables for online advertising spend and engagement by business, government and consumers. This means that the understanding of online security and how to mitigate it is commensurately greater than in regions where a smaller proportion of the economy is online.
“Due to the fact that consumers in Sweden adopt new digital services, organizations and service providers need to be on top of issues like online security, they can't afford not to”, Johan Björk states.
The expectations of Nordic consumers are thus more evolved than the global average: Nordic firms have experience of the fact that businesses and consumers will spend money to keep information and other assets safe online. This is likely to contribute to Nordic CEOs’ understanding that cyber security can be a commercial opportunity as much as a threat. That does not mean that they believe they have the talent they need to take that opportunity, however. Human capital is a challenge: 73% of Nordic CEOs say it is the biggest obstacle to tackling cyber security, compared to 47% of the core sample.
Difference in preparedness for various attacks
Although Nordic CEOs are more confident in their companies’ preparedness for certain kinds of attacks, they are less confident about their firms’ readiness for others. Whereas 73% said they are ready for a distributed denial‑of-service attack – significantly higher than the 38% globally who said the same – the proportions who expressed readiness for a ransomware attack (39%), customer data theft (37%), data theft (45%), an employee-led data breach (29%) are lower than the global averages. Nordic CEOs, however, report greater readiness for an equipment or software attack (80%) or a social media hack (55%) compared to the global average.
Johan Björk believes that the view and understanding of cyber security
is evolving very rapidly in the Nordics.
Over the years there have been some high‑profile incidents. One example is a global firm based in the Nordics that had a few minor breaches, but was reluctant to implement a solution “because it would take effort and cost money.” Subsequently, however, the company was hacked again, lost four consultancy clients, over a thousand servers, and were forced to send their workforce home for many days.
These kind of examples, coupled with the coming challenge of regulation, combine to form a picture of a region rapidly waking up to the issue of cyber security, but responding to it pragmatically and optimistically.