Less than 40% of UK CEOs believe a successful cyber-attack on their company is inevitable, far fewer than their global counterparts, according to new research from KPMG.
The global consulting firm polled 1300 CEOs of “many of the world’s largest and most complex businesses,” including 150 UK business leaders.
It found that 39% of UK CEOs now believe a cyber-attack on their firm is a case of “when” not “if.” This reveals considerably more optimism than the 49% of global CEOs who claimed the same.
While the stats indicate a growing awareness among business leaders of the scale of the cybersecurity challenge facing organizations today, the figure would ideally be higher.
Most experts are agreed that a well-resourced and determined attacker will always have the upper hand over IT security teams.
Dean Ferrando, systems engineer manager at Tripwire, argued that the first step towards improving cyber resilience is for business leaders to understand that attacks are inevitable.
“With cyber defence, getting the basics right counts for a lot and the majority of successful attacks can be prevented with foundational security controls, like ensuring systems are securely configured and managing and patching vulnerabilities,” he added.
“Organizations should also have visibility into the devices and software they have on their networks as this will give a clear indication of what assets need to be protected effectively."
The KPMG research also threw up some strange contradictions. Only 40 percent of UK CEOs claimed that customer data protection was one of their most important personal responsibilities in driving long-term growth of the customer base. That’s despite the huge uptick in boardroom-level awareness that the GDPR has helped create.
However, the survey also revealed an overwhelming majority (74%) of those same CEOs believe that a strong cybersecurity strategy is critical to building trust with key stakeholders, compared to just 55% of global CEOs. A sizeable number (45%) also claimed to see the value in cybersecurity staff.
KPMG UK vice chair, Bernard Brown, claimed that CEOs are developing a more mature understanding of cybersecurity.
“Helped by non-executive directors (NEDs), they are beginning to ask more awkward and searching questions of their IT teams: what are the challenges that face us specifically, what risks are we carrying, what do we need to be resilient to a cyber-attack?” he added.
“Organizations are spending more time planning for worst case scenarios, running simulations and thinking in detail about how they would deal with the uncertainties that arise during a cyber breach.”