Cyber attacks are a reality for most Swiss companies and their awareness of this risk has grown accordingly. New perils are arising in connection with the Internet of Things and advancements in artificial intelligence. These are just some of the insights revealed by KPMG’s latest study entitled “Clarity on Cyber Security” which was conducted for the third time this year.
Companies’ risk of being victimized by a cyber attack is now a reality in the day-to-day operations of most Swiss businesses. Correspondingly, 88% of the companies surveyed have suffered a cyber attack in the past 12 months, a figure which represents a year-on-year increase of 34 percentage points (2016: 54%). These attacks disrupted business processes in more than half of the companies (56%) and more than one third of the respondents (36%) suffered a financial loss as a result.
However the Swiss business world has upped its game in terms of dealing with the threat of cyber attacks: 81% of those surveyed indicated that they have gained a greater awareness of the risks over the last twelve months, 52% have developed a better understanding of the attackers’ motivation, strategy and modus operandi, while 44% said that prediction capabilities have improved.
Many data breaches can be traced back to human error and social engineering (influencing human behavior for the purpose of gaining access to confidential data and information). Yet it’s not just a question of careless users, rather much more a design flaw in cyber defense, with user friendliness all too frequently playing a secondary role in cyber security. That is another of the insights revealed in KPMG’s study: 66% of respondents stated that their organization does not systematically work on cyber security measures that are user friendly and just 11% consult specialists on the topic. “Improving the effectiveness of cyber security measures is imperative, yet it can’t be done without factoring human behavior into the design to a much greater degree. The user friendliness of cyber security is pivotal when it comes to managing cyber threats. The human factor was, is, and will always be the weakest link,” says Matthias Bossardt, Head of Cyber Security at KPMG Switzerland, when summing up the problem.
The Internet of Things isn’t just a vision of the future anymore. It’s already here as a complex world full of interconnected, web-enabled stuff ranging from household appliances and medical devices to industrial production systems and even critical infrastructures. The line between the real world and the virtual world is blurring more and more. Especially with regard to security.
Yet we still have quite a lot of catching up to do: More than half of the study’s respondents indicated that they do not have an overview of all Internet of Things devices deployed in their company. 35% don’t even try to gain this overview and another 17% tried yet failed. Given these figures, it may not be surprising that half of the respondents admit that their cyber security strategy and corresponding policies don’t even cover the Internet of Things.
Artificial intelligence is essentially about smart machines capable of automating complex, comprehensive processes and supporting humans in critical decision making. Attacks on such smart machines may have significant consequences for the resilience of our markets or even entire economies and the systems that govern nation states. Yet the survey shows that this reality is only slowly starting to sink in at companies: Merely 26% of respondents indicated an awareness of the cyber risks that arise through the use of artificial intelligence in their own companies or in products and services.
“While the growing use of artificial intelligence finds us confronted with entirely new cyber security risks, new ways of protecting companies against cyber attacks are being developed at the same time. Still, artificial intelligence is by no means a miracle cure,” clarifies Matthias Bossardt.
The annual “Clarity on Cyber Security” study by KPMG Switzerland is based on a combination of qualitative interviews with individuals and an online questionnaire; around 60 company representatives participated in the study. Individual interviews were conducted with C-level partners (CEO, COO, CIO, CMO) from different industries. The “Clarity on Cyber Security” study has been published for the third time this year.
© 2018 KPMG Holding AG is a member of the KPMG network of independent firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss legal entity. All rights reserved.