When it comes to cyber security, far too many executives are missing the ‘big picture.’ It’s a blind spot that threatens to cost their companies billions.
Virtually every business competing in today’s dynamic market environment – regardless of size, sector, or past success – is on a transformation journey. Customer behaviors and expectations, and a multitude of technologies are forcing senior executives to re-think their organizations’ traditional business and operating models. At KPMG, Cyber Security professionals working in member firms around the globe believe that cyber security must be front and center.
The introduction of disruptive technologies and the evolution of customers’ expectations mean that the extent of connectivity and the volume of sensitive data accessible about your business and your customers are growing at an exponential rate – leading to great opportunities and risks
for your organization. When you hear the term ‘cyber security’, there’s a very good chance that, like many executives, you immediately think of one thing: an IT infrastructure challenge.
Of course, a strong IT security infrastructure is a critical part of any cyber security program. However, it is not the only part. In a 2017 world, this traditional ‘defense-first’ mindset is too limited and can actually hinder your company’s long-term growth prospects. Indeed, there is another important element at play and that is the potential impact of cyber under-preparedness to your company’s future business growth. This is particularly true in a business environment in which so many companies are undertaking ambitious customer-focused transformation programs amid widespread technological disruption and competitive threats.
KPMG’s Cyber Security professionals are confident that tomorrow’s leading businesses will ultimately wield their cyber security capabilities as competitive advantages. Cyber security solutions are a core value proposition to customers to drive growth, and a necessity for management
teams, board members, and investors to continue making investments in
technology-enabled transformations. Without confidence in cyber security
solutions from all of these stakeholders, organizations limit their ability to
innovate business and operating models, leading to current customer defection and poor growth prospects.
KPMG’s 2016 Global CEO Outlook study confirmed that the next three years are going to be incredibly transformative for global companies. A majority of CEOs (77 percent) said that ‘innovation’ will be a core component of their business strategies over that period. Perhaps most surprising of all; however, was the finding that 68 percent of CEOs who describe their companies as being ‘less prepared for a cyber event’ stated that they thought the next three years would be more critical for their businesses than the previous 50.
The pace of change continues to accelerate as the fourth industrial revolution ushers in an era of machine learning, cognitive computing, artificial intelligence and a world in which virtually everything is connected through the internet of things. Amid these rapid technological advances, the associated security risks are also increasing exponentially. In October 2016, the world caught a glimpse of those risks when hackers used tens of thousands of compromised internet of things devices (e.g. cameras, routers and DVRs) to launch distributed denial of service attacks that caused widespread internet problems and disrupted access to a host of popular online services*.
We’re living in a world in which technological change is taking place at lightning speed, companies are transforming and everything is connected. The bottom line for CEOs of transforming companies is that they and their leadership teams need to act now to implement a strategic, holistic approach to cyber preparedness that will not only protect their valuable data, but also enhance the company’s agility and better position it for growth down the road.
Most companies have some perception of the risk side of the cyber equation. In other words, if we don’t do this and we have a breach, we will lose customers, it will negatively impact our brand, etc. But there’s also a positive aspect to this equation. Cyber preparedness can actually enable your company for new opportunities for revenue growth. That should be the message that more CEOs are listening to today.
Many executives and directors have anxiety around adopting new technologies to gain a competitive advantage. Every week I have conversations with board members who say they’re concerned about putting their information ‘in the cloud’ and that they think it means they
can get attacked more easily. What I tell them is that number one, most cloud service providers understand security is a priority and they build
their systems accordingly. And number two, I remind them that sometimes not moving to the cloud is a bigger risk than putting your information there. If all of your competitors are in the cloud, they’re able to be faster and more agile. By staying with your legacy, slow-moving IT infrastructure, you can be putting your company at a distinct competitive disadvantage. In other words, the value you can provide to your customers can be limited by your technology stack.
One of the other major blind spots for executives is viewing cyber security as an IT risk only, when it should really be viewed as a strategic part of the company’s holistic business strategy. The question shouldn’t be ‘how much of my IT budget are we spending on cyber’. The question should be ‘how much of my business change or innovation budget are we spending on cyber security?’ When you treat cyber security as an IT risk only, you risk missing opportunities and inflection points that could help fuel business growth
© 2019 KPMG Services (Pty) Limited, a South Africa private company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
KPMG International Cooperative (“KPMG International”) is a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.