Despite the risks associated with cyber breaches, only half (49 percent) of chief executives of global businesses are fully prepared for a future cyber event.
In a global study released by KPMG International, one notable exception was the United States, where nearly nine in ten (87 per cent) claim companies are well-prepared.
European and Asia Pacific counterparts however were more cautious, with 31 and 32 per cent respectively saying they aren’t where they need to be.
According to the 2015 KPMG CEO Outlook Study of more than 1,200 CEOs, one out of five indicated that information security is the risk they are most concerned about.
“Collectively we sleepwalked into a position of vulnerability when it comes to cyber,” says Philip Whitmore, Head of Cyber Security, KPMG New Zealand.
“This combination of lack of preparedness and concern, from those organisations that are among the best equipped to deal with risks of this magnitude, clearly illustrates cyber security challenges remain severely unaddressed.”
The survey revealed that CEOs are grappling with escalating competitive pressures.
In particular are concerns about the loyalty of their customers, keeping pace with new technologies and the relevance of their product or service in the next there years (86, 72 and 66 per cent, respectively).
“The most innovative companies have recognised that cyber security is a customer experience and revenue opportunity, not just a risk that needs to be managed or a line item in the budget,” Whitmore adds.
“They are finding ways to turn cyber preparedness into a competitive advantage.”
Perfect storm?
Whitmore says CEOs who are not prepared for a future cyber event are more likely to be increasing their headcount over the next three years, with half of them expecting skills gaps to worsen over the same period.
There is also a question of who is ultimately responsible for cyber security within the organisation.
In the survey, four out of ten CEOs say they expect the role of the CIO will become more important in the years ahead, but many CIOs are neither part of the C-suite inner circle nor are they respected as business partners.
“Many companies that suffer serious breaches think they were adequately prepared,” Whitmore adds.
“The root cause is often a failure of imagination. A failure to imagine the sophistication and persistence of their attackers.”
Whitmore claims cybersecurity was seen as being the issue having the biggest impact on their company for nearly a third of the CEOs (29 percent), yet only half of the respondents have appointed a cyber security executive or team, with two in ten (21 percent) currently having no plans to do so.
In addition, only 37 percent of businesses have upgraded current technologies.