Dealing with cyber threats has become part of the daily routine in the Swiss business world. Many companies are focusing exclusively on their own organizations, however, while recklessly neglecting third-party risks. Swiss companies are also demonstrating a certain amount of reluctance when it comes to planning the integration of digital IDs into their products and services. These are some of the insights offered by KPMG’s latest study “Clarity on Cyber Security”.
Cyber attacks and their consequences have been a reality faced by Swiss businesses for some time now: A survey conducted by KPMG Switzerland shows that nearly half (42%) of the companies that have been the victims of a cyber attack suffered financial losses and disruptions to their business activities as a result. Some 33% of the enterprises reported that confidential information had been leaked to the public while a quarter indicated that the attacks damaged their reputation.
Companies in the banking and insurance industries are particularly frequent targets, with 75% of the successful cyber attacks resulting in financial losses.
Since cybercrime is rampant in an extensively networked environment, a business’s ability to correctly identify the risks posed by its stakeholders has become crucial. Nevertheless, third-party risks are still being neglected on a widespread basis. In this vein, nearly half of those surveyed (44%) responded that they do not have any controls in place for suppliers and 38% of the companies do not have contractually binding terms and conditions related to cyber risks. What’s more, the vast majority (82%) of cyber response plans do not cover incidents such as attacks on suppliers or business partners.
Similarly, the topic of cyber security within the context of M&A activities is still being neglected: Barely 23% of respondents indicated that they have incorporated this aspect into their due diligence concept.
The EU’s new General Data Protection Regulation (GDPR) entered into force just a few days ago and these rules also apply to Swiss companies that process the data of EU citizens. Despite the fact that the GDPR requires businesses to have a process in place in the event of infringements against the regulations governing the protection of personal data, this item is missing in the response plans of 64% of respondents.
Swiss companies still have further room for improvement when it comes to insuring themselves against cyber risks: Fewer than one third (28%) of those surveyed indicated that they had taken out a cyber insurance policy. No need (68%), insufficient coverage (64%) and excessively high costs (64%) were the most commonly cited reasons.
New technologies always go hand in hand with new risks. When asked about blockchain technology, 53% responded that they expect its use to pose new security risks yet only a small minority (8%) has already taken specific steps to manage these risks.
The reluctance surrounding digital IDs is similar: Some 69% of those surveyed consider creating a digital form of identification to be a vital step toward guaranteeing a high level of trust in interactions with customers. Only slightly more than a third of them (35%), however, plans to integrate digital IDs into their products and services.
The fourth KPMG study on how the Swiss business world is dealing with the threats posed by cybercrime shows that while most companies might acknowledge the relevance of cyber security, their efforts to implement corresponding measures still are not systematic or targeted enough. “This stark contradiction looms over the cyber strategies of many Swiss organizations,” states Matthias Bossardt, Head of Cyber Security at KPMG Switzerland. “Many companies only view the topic of cyber security in terms of the threats or risks it presents. Yet if they play their cards right, they can take this opportunity to improve their own company’s resilience and build greater confidence among their relevant stakeholders. That, in turn, would strengthen their competitive position and generate more business,” he goes on to say.
The annual “Clarity on Cyber Security” study by KPMG Switzerland is based on a combination of qualitative interviews with individuals and an online survey of some 60 Swiss companies. Individual interviews were conducted with C-level representatives (CISO, CIO, CTO) from different industries. This edition of “Clarity on Cyber Security” marks the fourth publication of the study.
© 2018 KPMG Holding AG is a member of the KPMG network of independent firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss legal entity. All rights reserved.