Less than half (49%) of CEOs of global businesses polled are fully prepared for a future cyber event, although in the U.S. 87% said they are well-prepared, according to a study by KPMG International.
The European and Asian Pacific counterparts were more cautious, with 31% and 32% respectively saying they aren’t where they need to be.
Nevertheless, the study offers important information for U.S. business leaders.
The study of more than 1,200 CEOs found that one out of five indicated that information security is the risk they are most concerned about.
“Collectively we sleepwalked into a position of vulnerability when it comes to cyber,” says Malcolm Marshall, global head of Cyber Security at KPMG. “This combination of lack of preparedness and concern, from those organizations that are among the best equipped to deal with risks of this magnitude, clearly illustrates that cyber security challenges remain severely unaddressed.”
Beyond the security risks
The survey revealed that CEOs are grappling with escalating competitive pressures. In particular are concerns about the loyalty of their customers, keeping pace with new technologies, and the relevance of their product or service in the next three years (86%, 72%, and 66% respectively).
“The most innovative companies have recognized that cyber security is a customer experience and revenue opportunity, not just a risk that needs to be managed or a line item in the budget,” says Marshall. “They are finding ways to turn cyber preparedness into a competitive advantage.”
CEOs who said they were not prepared for a future cyber event are more likely to be increasing their headcount over the next three years, and half of them expect skills gaps to worsen over the same period.
“Finding good talent is a particular challenge for any project that involves embedding technology into the customer experience,” says Greg Bell, cyber leader for KPMG in the US. “The skills shortage is most acute when we look for cyber security professionals who blend broader business, management, risk, or social sciences skills along with technical savvy.”
Who is “it” in cyber game?
There is also a question of who is ultimately responsible for cyber security within the organization. In the survey, four out of ten CEOs say they expect the role of the CIO will become more important in the years ahead, but many CIOs are neither part of the C-suite inner circle nor are they respected as business partners.
Other key findings:
• Cybersecurity was seen as being the issue having the biggest impact on their company for nearly a third of the CEOs (29%).
• Only half of the respondents had appointed a cyber security executive or team and two in ten (21%) with no plans to do so.
• 37% have upgraded current technologies.
“Many companies that suffer serious breaches think they were adequately prepared,” says Marshall. “The root cause is often a failure of imagination. A failure to imagine the sophistication and persistence of their attackers.”