In the midst of COVID-19, the KPMG 2020 CEO Outlook report finds that CEOs are showing decisive leadership to transform their organizations to embrace new working models, changing patterns of demand and remain resilient in the face of supply chain disruption.
As they do, Cyber risk has stubbornly remained in the top 5 threats to corporate growth over 2019 and into 2020, even topping the list of concerns for CEOs in the automotive and infrastructure sectors, thus indicating that cyber-attacks are pervasive across all industries. We have seen organized crime be ruthless in exploiting COVID-19 to make money through sophisticated ransomware, through exploitation of the rapid shift to e-commerce and remote working, and through highly creative scams exploiting fear uncertainty and doubt over the virus.
Eighty percent of CEOs we surveyed say that the pandemic has accelerated digital transformation of their firms, in some cases putting them years ahead of where they expected to be. While digital transformation has picked up pace, the fact that more CEOs feel unprepared about tackling cyber risk is a matter of concern. Nevertheless, with the transformation came a new and pragmatic partnership between Chief Digital Officer and CISO, as both worked together to enable rapid shifts in working practices and to do so securely. That partnership formed in the heat of the moment needs to become a way of working for the future.
As the pandemic turns working from home into the new normal, the shift to remote working has exposed the vulnerabilities in the organizations’ security infrastructure to cyber attackers. Employees are connecting via home wireless routers, which mostly have elementary security. Hence adapting and keeping a focus on cyber security in all settings is critical. We see that more than 67 percent of the CEOs we surveyed said that they are placing more capital investment into technology, even in these difficult financial times. Cyber security must be an integral part of that investment, not seen as an overhead and costly risk reduction measure, but a fundamental component of building the new digital future.
Realization of the inevitability of cyber attacks is growing, with over 61 percent of CEOs agreeing that becoming a victim of a cyber attack is now a case of ‘when’ and not ‘if’, up from 52 percent last year. A quarter (25 percent) of CEOs were frank enough to admit that they felt under-prepared to deal with a future cyber-attack, that figure is up from 18 percent last year perhaps showing greater awareness of the scale of the challenge ahead.
Over two-thirds of CEOs agreed that more needs to be done to embed cyber security into the culture of their organization and beyond into their supply chains and partner ecosystem. This time of transformation, is also a time of opportunity to address these issues as firms look to create a new working reality which supports secure and flexible working, and as they act to build resilient flexible supply chains for the future. Embed cyber security into your change initiatives and consider it as a strategic driver, rather than seeing it as a discrete and separate discipline.
Resilience has become a key theme during COVID-19 and has been tested in so many ways. For me part of being resilient is the ability to recover from a cyber-attack on the operating system (be it technology or supply chain) we have come to depend on in this new reality, and to do so quickly with minimal impact on stakeholders. My advice is, consider how you would deal with a major cyber-attack now and test those plans before it does happen, building confidence and credibility.
I have come to think differently about cyber security over the years, for me it is part of our collective digital future, integral to our transformation programs, and at the heart of ensuring we remain resilient in this new reality.
Throughout this website, “we”, “KPMG”, “us” and “our” refer to the network of independent member firms operating under the KPMG name and affiliated with KPMG International or to one or more of these firms or to KPMG International.