The fourth industrial revolution is both enabling vast business innovation and also creating sizable cyber security risks. KPMG’s 2016 Global CEO Outlook presents CEO views on their actions and readiness to mitigate business cyber risks.
“When we went through the third industrial revolution, we failed to secure the Internet effectively, but have we learned our lessons?” asks Malcolm Marshall, Global Head of Cyber Security, KPMG International.
The fourth industrial revolution, the age of the Internet of Things, machine learning, cognitive computing and artificial intelligence increases the security risks exponentially. If not secured from the beginning, the consequences may be measured in lives lost, not just money lost.
According to KPMG’s 2016 Global CEO Outlook, the world’s leading CEOs are beginning to learn the lessons from the third industrial revolution and, going forward, they recognize the risks of the new wave of technologies.
Cyber security is the top risk named by CEOs this year (30 percent), while last year only one in five (22 percent) named this as a top area to which they are devoting significant investment/resources.
But CEOs enter this new era with some trepidation. Eighty-five percent are concerned about having to consider the integration of basic automated business processes with artificial intelligence and cognitive processes.
Seventy-two percent of CEOs are not fully prepared for a cyber event, significantly higher than in 2015 (50 percent). In interviews CEOs frequently said: “We are as prepared as we can be” or “You can never be fully prepared.”
Marshall thinks that the level of CEO apprehension highlighted by the KPMG survey shows understanding of the complexity and unpredictability of cyber security. “The CEOs we speak to increasingly understand that while they might not personally be the expert, they will be held accountable if there is a major problem. They recognize the need for senior people they trust to equip their organization to withstand the cyber-test.
”How to prepare? By practicing the ability to respond to cyber events. Companies need an ability to be agile and deal with the unexpected. Often organizations that can deal with the unexpected in a business sense and have more effective governance are better prepared for cyber events. Being agile enough to respond to a cyber event often depends as much on an organization's governance and peoples’ capability to respond to technology.
© 2017 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.