CEOs have been warned not to take their eye off the ball when it comes to cybersecurity following findings from KPMG International’s Global CEO Outlook Survey.
When asked ‘what keeps them up at night,’ CEOs put cybersecurity seventh behind a range of other pressing near–term risks, such as the economy, a potential recession, regulatory issues and disruptive technologies.
“Data breaches can cost organizations millions of dollars, and that's not something most companies can afford in an economic downturn. Keeping company data secure is an investment that will always pay future dividends," said Hartaj Nijjar, partner and national cybersecurity industry leader at KPMG in Canada.
The survey found that a number of CEOs at large Canadian companies who said they were "well prepared" or "very well prepared" for a cyber–attack fell 17 percentage points from 2021, and those who said they were "underprepared" jumped three–fold. They reported an even bigger drop – nearly five–fold – in their level of preparedness against a specific cyber–attack like ransomware.
On whether organizations see cybersecurity as a strategic function and a source of competitive advantage, 75% of large companies agree, down from 82% who agreed in 2021.
"Cybersecurity is not just an information technology issue, it's one of the most critical business issues in any modern economy. A strong cybersecurity ecosystem can help boost the integrity of a company's product or service, its customer experience, regulatory compliance, brand reputation and even investor confidence," said Nijjar.
SMBs react differently
Those at small– and medium–sized businesses (SMBs) said in a separate KPMG in Canada survey they feel more prepared to handle a cyber–attack (up nine percentage points), although more than two–thirds admit their cyber defenses could be "a lot stronger," including raising awareness about cybersecurity among employees.
The reason for the difference, according to Robert Moerman, a cybersecurity partner at KPMG in Canada, is that SMBs went from having little or no digital platforms pre–pandemic to having them today.
The majority of the SMBs KPMG surveyed are described as privately held, and the remaining 15% are publicly traded. Additionally, 57% of the SMBs are family–owned businesses.
Over half of SMBs have said they have been the victims of cybercrime in the past year, and almost 8 in 10 said building a cybersecurity culture is just as important as building technological controls.
In Canada, 62% said geopolitical uncertainty is raising concerns of a cyber–attack in their organizations, which KPMG notes is lower than the global average of 72%.
KPMG in Canada surveyed business owners or executive–level C–suite decision–makers at 503 small– and medium–sized Canadian businesses.