KPMG International report reveals only half of global execs prepared for a future cyber event.
In a major study released by KPMG International, which tracks insights on the coming three years, chief executives of global businesses said that despite the risks associated with cyber breaches, only half (49 percent) are fully prepared for a future cyber event. One notable exception was the United States, where nearly nine in ten (87 percent) say their companies are well-prepared. Their European and Asia Pacific counterparts were more cautious with 31 and 32 percent respectively saying they aren’t where they need to be.
According to the 2015 KPMG CEO Outlook Study of more than 1,200 CEOs, one out of five indicated that information security is the risk they are most concerned about.
“Collectively we sleepwalked into a position of vulnerability when it comes to cyber,” said Malcolm Marshall, Global Head of Cyber Security at KPMG. “This combination of lack of preparedness and concern, from those organizations that are among the best equipped to deal with risks of this magnitude, clearly illustrates cyber security challenges remain severely unaddressed.”
The survey revealed that CEOs are grappling with escalating competitive pressures. In particular are concerns about the loyalty of their customers, keeping pace with new technologies and the relevance of their product or service in the next three years (86, 72 and 66 percent respectively).
According to Marshall, “The most innovative companies have recognized that cyber security is a customer experience and revenue opportunity, not just a risk that needs to be managed or a line item in the budget. They are finding ways to turn cyber preparedness into a competitive advantage.”
CEOs who said they were not prepared for a future cyber event are more likely to be increasing their headcount over the next three years, and half of them expect skills gaps to worsen over the same period.
“Finding good talent is a particular challenge for any project that involves embedding technology into the customer experience,” said Greg Bell, Cyber Leader for KPMG in the US. “The skills shortage is most acute when we look for cyber security professionals who blend broader business, management, risk or social sciences skills along with technical savvy.”
There is also a question of who is ultimately responsible for cyber security within the organization. In the survey, four out of ten CEOs say they expect the role of the CIO will become more important in the years ahead, but many CIOs are neither part of the C-suite inner circle nor are they respected as business partners.
“Many companies that suffer serious breaches think they were adequately prepared,” said Marshall. “The root cause is often a failure of imagination. A failure to imagine the sophistication and persistence of their attackers.”
In the past 15 months KPMG firms have five significant cyber acquisitions around the world.
To view the infographic and for additional information about the CEO Outlook Study, please visit kpmg.com/CEOoutlookCyber. You can also follow the conversation @KPMG on Twitter, using the hashtag: #CEOoutlook.
The survey targeted 1,278 CEOs in 10 key markets (Australia, China, France, Germany, India, Italy, Japan, Spain, UK and US) and nine key industry sectors (automotive, banking, insurance, investment management, healthcare, manufacturing, technology, retail/consumer markets and energy/utilities). A quarter of the respondents have over US$10 billion in annual revenue, with no responses from companies under US$500 million.
KPMG Capital Limited and KPMG Capital Holding Limited comprise an investment fund for KPMG member firms. The investment fund is not open to third-party investment and will not, itself, provide professional services to clients. KPMG Capital Limited and KPMG Capital Holding Limited are legally distinct and separate from KPMG International Cooperative and each KPMG member firm.
Like every member firm in the KPMG global network, KPMG Capital, and the entities it invests in, is subject to the same rules and regulations promulgated by the regulatory bodies responsible for establishing standards for auditor Independence (for example, the US SEC, PCAOB, AICPA, IESBA and those established by the various countries in which the investments reside). These rules apply to member firms, the individuals at such member firms and the targets for potential joint venture, alliance or acquisition related to the activities of KPMG Capital. All existing Independence protocols apply to KPMG Capital.