Share with your friends

Cyber security: an urgent business priority

Cyber security: an urgent business priority

Poor cyber security puts revenues and reputations at risk, which is why it should be such a high priority for the whole C-suite.

Paul Taylor

Partner, Cyber Security in Financial Services

KPMG in the UK


Also on

Cyber Security: An Urgent Business Priority - people sleeping in beds

Cyber risk can evolve quickly into regulatory, legal and reputational risk. Following a few key principles, can help boards and C-level leaders gain confidence that their business has the right defences in place.

Business leaders are losing sleep over cyber risk with these issues now sitting at the top of CEOs’ ranking of global risks - with 72% afraid their firms are not fully prepared for cyber events. 

This figure is hardly surprising, every company is now a cyber company. Technology is increasingly embedded in products and customer relationships and is creating endless links with companies’ suppliers and service providers. That level of connectivity will only grow as businesses take advantage of big data, artificial intelligence (AI) and other aspects of the ‘fourth industrial revolution’.  

Cyber security is therefore vital to today’s businesses – both in terms of risks and opportunities. On the downside, cyber risk is contagious and fast-moving. It can evolve rapidly into regulatory, legal and reputational risk. That, in turn, can pose unpredictable threats to a firm’s revenues and strategy and even, at worst, its very survival. Increasing connectivity also widens a firm’s attack surface and can end up reducing security to the lowest common denominator in its supply chain. 

But, there is plenty of upside too. Cyber security is also integral to a company’s growth. Those that manage cyber risks well tend to have greater confidence and ambition. Some 88% of CEOs say they see security as a driver of innovation. And, it is also closely tied to customer loyalty and trust – invaluable assets in a digital world.

Given the scale of these risks and opportunities, cyber security has emerged as a board level issue. In fact, there is probably no other operational matter with the same potential to affect a company’s growth, reputation, innovation and investor relations. Board and C-level leaders don’t need to become technology experts. But, they do need to understand that cyber security is their responsibility and ensure appropriate measures are in place.

When it comes to cyber security, we believe there are four golden rules which companies should follow. 

Scroll down to continue reading...

The four golden rules

  1. Cyber needs a clear owner in the C-suite inner circle, even if it’s not a CEO’s direct responsibility. Cyber security should not be delegated entirely to CIOs or other technology leaders. 
  2. Every major decision – including M&A, marketing campaigns, product development and outsourcing – should be viewed through the lens of cyber security. 
  3. Companies need an intelligence plan. No organisation can defend itself against every single attack, but effective intelligence can allow companies to identify possible attackers and their likely methods.  
  4. Organisations must be able to detect and remedy breaches quickly and successfully. That rapid response capability calls for agile governance just as much as it does technological capability. Cyber security considerations must be built into enterprise-wide risk frameworks. Exactly how you do that is far less important than achieving integration with mainstream risk management. It requires innovative technology, external co-operation and, most importantly, cyber leaders who combine technical skills with proven commercial expertise.

Every single aspect of today’s business environment now relies on powerful cyber security. It’s no longer a purely technological issue and companies should place it at the very top of their business agenda.

© 2020 KPMG LLP a UK limited liability partnership and a member firm of the KPMG global organisation of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organisation please visit

Connect with us


Want to do business with KPMG?


loading image Request for proposal