close
Share with your friends

Embedding cyber in technology-fueled growth decisions

The majority of U.S. CEOs believe that cyberattacks are a matter of “when” and not “if.”

Aligning cyber and enterprise risk

Continuing technology-driven disruption fueled by advanced technologies, such as artificial intelligence, blockchain or cloud, creates more fertile ground for cyber security breaches and attacks. These threats require an integrated approach, embedding cyber in all technology-fueled growth decisions. It is thus reassuring that U.S. CEOs view cyber risk very much as part of technology risk. In fact, 44 percent of those who see emerging or disruptive technology risk as the greatest threat to their organization’s growth classify cyber security risk as its cause.

“CEOs are no longer looking at cyber risk as a separate topic. More and more they have it embedded into their overall change programs and are beginning to make strategic decisions with cyber risk in mind. It is no longer viewed as a standalone solution,” says Tony Buffomante, Global Co-Leader, Cyber Security Services at KPMG. He notes that boards of directors are changing the way they perceive cyber risk. In particular, there is a movement to move the cyber risk topic out of the audit committee and into a technology committee, or, even better, a risk committee. “This helps us align cyber with enterprise risk, as it should be,” says Buffomante.

CEOs are no longer looking at cyber risk as a separate topic. More and more they have it embedded into their overall change programs and are beginning to make strategic decisions with cyber risk in mind.

Tony Buffomante
Principal, Advisory, Cyber Security Leader
KPMG LLP

Cyber threat level rises

He warns about the new threats created by technologies such as AI, and the need to protect AI from making decisions based on misinformation. While the wide-ranging promise of artificial intelligence and techniques such as deep learning is truly exciting, the technology underlying these advances is now also available to those who would use it for mischief and worse.

That’s the blessing and the curse: adaptive, intelligent bots can learn to do remarkably precise and reliable work designed to illuminate or deceive. From an enterprise perspective, the questions in relation to artificial intelligence, machine learning and deep learning are around augmenting existing systems to respond to these threats and malicious software attacks in a near-automated fashion. Deep learning represents an opportunity for organizations to augment and build out security capabilities to protect, enable and sustain the business.[1]

CEOs also recognize the importance of cyber security for maintaining the reputation of their companies with their stakeholders. Companies must better position themselves to seize the opportunities arising from consumer trust agendas, which have gained priority against the backdrop of new cyber threats to both organizations and consumers who use their products.

72% of U.S. CEOs agree this year that “strong cyber security is critical to engender trust with our key stakeholders,” compared with 15% last year
68% of U.S. CEOs consider their companies prepared for a cyberattack this year, compared with 77% last year

And while more CEOs recognize the importance of cyber security, fewer feel prepared for cyberattacks, as the increased complexity of digital transformation driven by advanced technologies also increases the complexity of the potential fallout from cyberattacks. The adoption of an integrated approach to cyber risk is thus a very welcome development.  

[1] Fighting cyber with cyber, Deep learning threats demand deep learning solutions; KPMG 2018