Cyber security remains a critical business challenge and a growing concern with a potentially devastating impact on company brands and bottom lines. Despite these damaging ramifications, many cybersecurity executives indicate that information protection may not be the strategic corporate imperative that it should be.
In surveying 403 CIO, CISO, CTO and CIOs in the automotive, banking, technology and retail sectors, KPMG found that 81 percent of executives admitted their companies had been compromised by cyber-attacks in the past 24 months – ranging from malware, botnet to other attack vectors. Retail cyber executives reported the most breaches in the past 24 months, with 89% reporting yes, followed by automotive at 85% and banking and technology companies reporting 76%.
Investing in information security
Despite these alarming admittances, 49% of these same executives said they have invested in information security in the past year. Banks appear to be most proactive when it comes to investments in information security, with 66% of execs reporting investments made, followed by technology at 62%, retail at 45% and automotive at 32%.
“Cyber-attacks are affecting nearly every single company we encounter, but we’re not seeing those attacks drive enough proactive business action as evidenced by the rate of investment made in information security,” said Greg Bell, KPMG Cyber US Leader. “We’re still seeing companies taking a passive or reactive approach toward cybersecurity, when in fact cyber should be a top-line business issue thought about and practiced company-wide.”
Why organizations need a security leader
The report also found that some industries are more equipped to handle cyber-attacks because they have an executive whose sole responsibility is information security. Industry-wide, 69% of companies reported having a leader in place. However, there is a vast discrepancy – 85% of both banks and technology companies reported having a leader with retail and automotive lagging at 58% and 45% respectively.
“There is a cyber-awareness maturity curve for industries that have been providing Internet-enabled products and services for longer periods of time, versus relatively new products like personalized shopping and connected cars,” said Bell. “Hackers go after the weakest systems, not often the most traditionally lucrative like banks. However, as products evolve to use more connectivity and data, companies can’t afford to get this wrong and let the maturity model hold them back.”
Security executives acknowledged the ramifications of a breach citing reputation (53%), financial loss (50%) and job security (49%) as the top concerns associated with falling victim to cyber-attacks.
Bell added “Consumers have so many options, so there isn’t much patience or loyalty for a company that is lax in its security.”