Main menu


Cybersecurity: The new security reality in the 'new normal'

Cybersecurity: The new security reality in the 'new normal'

Cyber security: The new security reality in the 'new normal'

According to the results of the KPMG Global CEO Survey 2021 , a survey of 1,325 CEOs conducted by KPMG , rather than keeping cyber threats on the back of their minds as a “coming” risk, they will It turns out that I have come to see it head-on as an impediment.

We now consider cyber security to be a top business priority.

We need to prepare for cyber incidents today, not tomorrow.

To be trusted by stakeholders and to truly benefit from the supply chain, a cyber security culture that includes a “Secure by Design” mindset must be in place.

Priority issues to be addressed now

Survey results suggest that executives see cyber security as a top business priority.

Cyber security risks rank alongside environmental and supply chain issues as the biggest threats to organizational growth over the next three years.

79% say they see information security as a strategic function and a source of potential competitive advantage.

Cyber security resilience is in the top three operational priorities for the next three years.

Such a shift in perspective, given the frequent news reports of devastating cyberattacks in the midst of digitizing and functionally interconnecting businesses and governments. makes sense.

Change to pessimistic perception

It is also encouraging to see a more pessimistic view of threat preparedness:

The percentage of respondents who say they are “very well prepared for cyberattacks” has dropped from 27% in 2019 to 10% in 2021.

The percentage of respondents who said they were “well prepared for cyberattacks” also dropped from 68% to 58%.

This decline is likely a reflection of a growing awareness that cyber security measures are not a one-off but require ongoing investment. They are also susceptible to ransomware attacks. 57% say they have a plan to respond to ransomware attacks, but only 8% say they have a good plan, and 11% candidly admit they don't.

Efforts required in the future

Nearly half (46%) of CEOs say they will work to improve cyber security skills and strengthen governance for faster recovery from major incidents over the next three years, with 79% of CEOs Protecting our top trading partners is just as important as improving our organization's cyber defenses.” 72% of CEOs also said that an industry-wide approach is needed to successfully address the threat of ransomware.

In this way, there is a growing recognition that the idea of ​​"protecting only one's own side" is not sufficient. Taking a “community-wide protection” approach can enhance collaboration with industry peers and law enforcement agencies. In the future, I hope that companies will disclose information on cyber incidents with a higher level of transparency. Over the years, the banking industry has had great information sharing and collaboration. We are also seeing a more open attitude in critical infrastructure industries such as telecommunications and oil and gas.

Fostering a cyber security culture

It's also worth noting that 81% of CEOs say that creating a cyber security culture is just as important as technical security measures. We know that a central cyber security team alone to address all vulnerabilities in products, channels and systems is no longer sustainable.

Imagine an organizational culture where cyber security is as embedded in the development process as quality management, where all executives and managers are accountable for its achievement. With that kind of culture, you don't have to hit-and-miss with problems discovered later, and secure-by-design ensures that security measures are built into new products and services.

CISOs are no longer just to explain cyber security issues to C-level executives. There are also best practices such as instilling strong values ​​in each business unit by ensuring security guidelines, resources and processes make good habits in day-to-day business decisions. However, only 19% of respondents said they plan to incorporate security and resilience principles into the design of future systems and services to deal with digital risks, indicating that there is still much work to be done to create a culture. I can see something.

From ghostly enemies to business reality

In business, we collect information about our competitors, identify weaknesses, develop our strengths and undermine competitors' business models, and continuously improve. Even in cyber security, it is necessary to "reconstruct" from technology problems and take such steps.

Cybercriminals may feel like one of your business competitors rather than a mysterious “ghostly enemy.” They come from the world of organized crime, who take pleasure in taking risks using illegal tactics, and are just one of many shrewd competitors who want a return on investment at the expense of your company.

Adopting this mindset will give you the confidence to face this threat in a more strategic and integrated manner. Findings from the KPMG Global CEO Survey 2021 suggest companies are ready to face fear, gain footing and manage ever-growing cyber security risks.