Cyber Attack is Now a Case of ‘When’ and Not ‘if’ for UK CEOs
Four in 10 UK CEOs believe becoming a victim of a cyber attack is now a case of ‘when’ and not ‘if’ for their organisation, according to a survey of CEOs from some of Britain’s biggest businesses.
KPMG surveyed 150 UK leaders and a further 1,150 CEOs from across the world about their future investment plans and the challenges and opportunities facing their companies.*
With reports of cyber-attacks and breaches almost daily, 39 percent of UK CEOs surveyed believe they will be targeted by a cyber attack. Though disheartening, this view was quite optimistic in comparison to their global counterparts, where 49 percent said they envisioned a cyber attack on their business.
Bernard Brown, vice chair at KPMG UK said:
“The seeming inevitability of a cyber attack crosses all borders and has now crossed firmly over the threshold for board-level discussions. Protecting the business from a cyber-attack has jumped further up the boardroom agenda and we are seeing businesses making their defences the best that they can be.”
With the General Data Protection Regulation (GDPR) affecting all global businesses interacting with EU businesses and customers, it is worrying that only 40 percent of UK CEOs view customer data protection as one of their most important personal responsibilities in enabling long-term growth of the customer base. However the survey also found that UK business leaders believe that a strong cyber security strategy is critical to engender trust with key stakeholders, with 74 percent agreeing that cyber security is an enabler of trust, in comparison to only 55 percent of global CEOs.
“It is reassuring that UK CEOs see the value in having a good cyber security strategy which enables trust. The reality is that without trust, customers are likely to be increasingly resistant to sharing personal information, potentially undermining business models and strategies. Businesses need to turn privacy into a source of competitive advantage which will no doubt enable long-term growth of the customer base,” added Brown.
Nonetheless cyber awareness amongst UK leaders is changing, with four in 10 (39 percent) believing that their organisations are either ‘very well’ or ‘well’ prepared for a future cyber-attack. Cyber security specialists are also seen as an effective part of the business with 45 percent of UK CEOs seeing their value, coming second to data scientists who are seen as being effective by 62 percent of the CEO cohort.
“It’s encouraging to see that CEOs are developing a more mature understanding of what cyber security actually means. Helped by non-executive directors (NEDs), they are beginning to ask more awkward and searching questions of their IT teams: what are the challenges that face us specifically, what risks are we carrying, what do we need to be resilient to a cyber-attack? Organisations are spending more time planning for worst case scenarios, running simulations and thinking in detail about how they would deal with the uncertainties that arise during a cyber breach,” concluded Brown.