Twelve percent of banking CEOs say they do not have insight into whether their institution’s security has been compromised by a cyber attack in the past two years, according to KPMG. Their survey also shows that there is a clear disconnect between how the C-Suite views cyber security versus the next tier of executives.
KPMG surveyed 100 bank executives – representing banks in excess of $20 billion in assets – and found disparities around the awareness of hacks, company vulnerabilities and top concerns in the event of a breach at the bank.
While 12 percent of CEOs don’t know if they’ve been hacked in the past two years, the lack of awareness only grows when compared to the next level of executives. Approximately 47 percent of banking executive vice presidents and managing directors reported that they didn’t know if their bank had been hacked, and 72 percent of senior vice presidents and directors stated that they didn’t know.
“Banks are under an onslaught of attacks from bad actors, so the fact that 12% of banking CEOs reported that they don’t know if they’ve been compromised is troublesome. Cyber is a business bottom-line issue: a true CEO issue,” said Charlie Jacco, Financial Services Cyber Leader at KPMG. “While CEOs may be more privy to information regarding the exact number of cyber technology deployment and hack attempts, all employees should know and be in lock-step on their bank’s greatest vulnerabilities and concerns as it pertains to how that bank views cyber security. The data shows, on a leadership level, a strong difference in opinions.”
“A disconnect around cyber strategy among senior executives, can create great gaps in protections and deprioritize important tasks exposing banks to increased cyber risks,” says Jitendra Sharma, KPMG’s Advisory Line of Business Leader for Financial Services. “Naturally, banks are the top industry attacked by hackers due to the amount of funds flowing through the institutions. Since banks are under increased security pressures, it’s more important than ever that they employ a strong, top-down internal strategy to better protect themselves against bad actors.”