Cyber attack is now a case of ‘when’ and not ‘if’ for many UK CEOs
Four in 10 UK CEOs believe becoming a victim of a cyber attack is a case of ‘when’ and not ‘if’ for their organisation, according to a survey of CEOs from some of Britain’s biggest businesses.
KPMG surveyed 150 UK leaders and a further 1,150 CEOs from across the world about future investment plans and the challenges and opportunities facing their companies.*
With reports of cyber attacks and breaches almost daily, 39 percent of UK CEOs surveyed believe they will be targeted by a cyber attack. While disheartening, this view is optimistic in comparison to global counterparts, where 49 percent said they envisioned a cyber attack on their business.
Neil Coutts, head of cyber security and technology risk for KPMG in Scotland, said: “The seeming inevitability of a cyber attack crosses all borders and is increasingly a standing board agenda item. We are seeing business investing in both protecting themselves from a cyber attack and planning for the response to and recovery from an attack.”
With General Data Protection Regulation (GDPR) affecting all global companies interacting with EU businesses and customers, worryingly only 40 percent of UK CEOs view customer data protection as one of their most important personal responsibilities in enabling long-term growth of the customer base. However, the survey also found UK business leaders believe a strong cyber security strategy is critical to engender trust with key stakeholders, with 74 percent agreeing it is an enabler of trust, in comparison to only 55 percent of global CEOs.
Mr Coutts added: “It is reassuring that UK CEOs see the value in having a robust cyber security strategy which enables trust. The reality is that without trust, customers are more likely to be resistant to sharing personal information, potentially undermining business models and strategies. Businesses need to turn privacy into a source of competitive advantage which will enable long-term growth of the customer base.”
Nevertheless cyber awareness amongst UK leaders is changing, with four in 10 (39 percent) believing their organisations are either ‘very well’ or ‘well’ prepared for a future cyber attack. Cyber security specialists are also seen as an effective part of the business, with 45 percent of UK CEOs seeing their value, coming second to data scientists who are seen as being effective by 62 percent of the CEO cohort.
Mr Coutts concluded: “It’s encouraging to see that CEOs are developing a more mature understanding of what cyber security actually means. Helped by non-executive directors (NEDs), they are beginning to ask more awkward and searching questions of their IT teams: what are the challenges that face us specifically, what risks are we carrying, what do we need to be resilient to a cyber-attack? Organisations are spending more time planning for worst case scenarios, running simulations and planning in detail about how they would deal with the consequences of a cyber attack.”