Risk & cyber security | CEO Outlook 2016 | KPMG | KY
Share with your friends

Risk & cyber security

Risk & cyber security

Regulations in every sector continue to increase and are becoming ever more complex.


Related content

Servers in data centre

The regulatory landscape is changing across geographies and regulation is increasing across every type of industry.

In some cases, practices stay the same but the level of reporting has increased; in other cases, businesses must staff large compliance departments and deal with an array of country-by-country regulations. For some smaller organisations, the costs of regulation may even be too high to enter into a foreign market.

Irish CEOs cite regulatory risk as a significant risk concern (36 percent of those surveyed vs 28 percent globally). According to Declan Keane, Head of Regulatory at KPMG, this is to be expected: “Regulatory compliance and governance have been particularly high on the board agenda for many years. Regulations in every sector continue to increase and are becoming ever more complex. While at the same time the consequences of non-compliance are increasing. These trends are likely to continue for the foreseeable future.”

Cyber risk

In keeping with their global counterparts, over half (52 percent) of Irish CEOs see cyber risk in their top risk concerns. It is clear from the research that technological innovation is challenging firms. CEOs voiced concern about their company’s level of data and analytical sophistication, as well as their ability to connect with customers through digital channels.

According to the survey, one in five Irish CEOs lead organisations that “are not where we need to be” in terms of preparedness for a cyber event and only 24 percent consider their company “fully prepared” for a potential cyber issue. However, many Irish CEOs are also very open to sharing their vulnerabilities for the purpose of strengthening defences. 60 percent of Irish CEOs would personally be comfortable sharing experiences about a privacy breach with their peers in the interests of applying collective learnings to reduce risk.

According to Mike Daughton, Head of Cyber at KPMG; “Most CEOs understand that while they may not be experts on cyber security, they will be held accountable if there is a major problem.” Such sentiment is reinforced by the finding that 68 percent of Irish CEOs agree with the statement: “I am personally comfortable with the degree to which mitigating cyber risk is now part of my leadership role”.

Alongside cyber risk, customer privacy is also an issue with 68 percent of Irish CEOs agreeing with the statement that: “our customers may be more concerned about their privacy than our organisation is.”

Meanwhile, a survey of global institutional investors conducted by KPMG last year found that 79 percent of investors would be discouraged from investing in a business that has been hacked.

Mike Daughton says: “Investors view data breaches as a material threat to a company’s value and are reluctant to invest in a business that has had its sensitive information compromised.”

“Following a number of high profile breaches internationally, we are seeing global investors waking up to the issue of cyber security. The ripple effect of this has seen investor appetite for cyber businesses increase, with the survey indicating that 86 percent of investors see it as a growth area.

“This research shows that investors believe that less than half of the boards of the companies that they currently invest in have adequate skills to manage cyber risk. There is an expectation from investors that businesses must increase their cyber capabilities from top to bottom, including at board level. In a world where breaches are common, it is reasonable to expect boards to have prepared themselves. The inability to demonstrate that a business is doing so could make it a less attractive investment proposition.”

Some initial cyber risk considerations

  1. Cyber risk is not solely an IT problem. Board directors need to understand and approach cyber security as a business risk issue. 
  2. Directors need to understand the legal implications of cyber risks as they relate to their company’s specific circumstances. 
  3. Boards should have sufficient cyber security expertise, and discussions about cyber risk management should be on the boardroom agenda. 
  4. Directors should establish a firm wide cyber risk management framework that has adequate scope for staffing and budget.

Environmental risk

In recent years, there has also been a growing realisation and acceptance that good management of non-financial elements of business results in long-term value creation and sustainability. So perhaps it’s not surprising that environmental risk is cited as one of the risks that Irish CEOs are most concerned about (32 percent of those surveyed vs only 23 percent globally).

“The emergence of environmental risk as a significant agenda item shows that the issue is now mainstream for boards in every sector.” says Caroline Pope, Climate Change and Sustainability Lead at KPMG. “A significant, and growing number, of investors utilise ESG (environmental, social and governance) factors to better understand a company’s longterm risk profile and quality of management.”

Climate related risk has had a particularly high profile – for example, last winter saw some of the worst flooding in Ireland in living memory. Meanwhile, in the United States there were 10 weather and climate disaster events in 2015 where losses exceeded US$1 billion. It’s in this context that the WEF Global Risks Report 2016 identified ‘failure of climate change mitigation and adaptation’ as the threat with the greatest potential impact. Caroline Pope says; “This is the first time climate change has topped the WEF risk list. Putting financial value on environmental and social impacts is making real some of the trade-offs between the sometimes conflicting values of people, planet and profit.”

However, Caroline also emphasises that the risk issues are not about climate change alone; “This conversation goes beyond carbon, it relates to physical risk, legal/compliance risk and transitional risk. It also relates to a world of opportunity for those with vision.”

© 2018 KPMG, an Irish partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.

Connect with us


Request for proposal