Story image

Cyber security: do CEOs need to step up?

08 Dec 2015

Despite the risks associated with cyber breaches less than half (49%) of CEOs around the world are fully prepared for a future cyber event, according to a new study from KPMG International.

The United States were a notable exception, where nearly nine in ten (87%) CEOs say their companies are well prepared. On the contrary, Asia Pacific CEOs were more cautious with 32% saying they aren’t where they need to be.

According to the study, one out of five CEOs indicated that information security is the risk they are most concerned about.

“Collectively we sleepwalked into a position of vulnerability when it comes to cyber,” says Philip Whitmore, head of cyber security at KPMG New Zealand.

“This combination of lack of preparedness and concern, from those organisations that are among the best equipped to deal with risks of this magnitude, clearly illustrates cyber security challenges remain severely unaddressed,” he says.

Security also a strategic opportunity to connect with customers

The survey revealed that CEOs are grappling with escalating competitive pressures. In particular are concerns about the loyalty of their customers, keeping pace with new technologies and the relevance of their product or service in the next there years (86, 72 and 66% respectively).

“The most innovative companies have recognised that cyber security is a customer experience and revenue opportunity, not just a risk that needs to be managed or a line item in the budget,” says Whitmore.

“They are finding ways to turn cyber preparedness into a competitive advantage.”

A perfect storm for cyber talent on the horizon

According to Whitmore, CEOs who said they were not prepared for a future cyber event are more likely to be increasing their headcount over the next three years, and half of them expect skills gaps to worsen over the same period.

There is also a question of who is ultimately responsible for cyber security within the organisation, he says. In the survey, four out of ten CEOs say they expect the role of the CIO will become more important in the years ahead, but many CIOs are neither part of the C-suite inner circle nor are they respected as business partners.

Other key findings:

• Cybersecurity was seen as being the issue having the biggest impact on their company for nearly a third of the CEOs (29%).

• Yet only half of the respondents had appointed a cyber security executive or team and two in ten (21%) with no plans to do so.

• Only 37% have upgraded current technologies.

“Many companies that suffer serious breaches think they were adequately prepared,” says Whitmore. “The root cause is often a failure of imagination. A failure to imagine the sophistication and persistence of their attackers.”

Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”