Media Release – 7 December 2015
Cyber Security: A Failure of Imagination by CEOs
KPMG report reveals only half of global execs prepared for a future cyber event
In a major study released by KPMG International, which tracks insights on the coming three years, chief executives of
global businesses said that despite the risks associated with cyber breaches, only half (49 percent) are fully prepared
for a future cyber event. One notable exception was the United States, where nearly nine in ten (87 percent) say their
companies are well-prepared. Their European and Asia Pacific counterparts were more cautious with 31 and 32 percent
respectively saying they aren’t where they need to be.
According to the 2015 KPMG CEO Outlook Study
of more than 1,200 CEOs, one out of five indicated that information security is the risk they are most concerned about.
“Collectively we sleepwalked into a position of vulnerability when it comes to cyber,” said Philip Whitmore, Head of
Cyber Security at KPMG New Zealand. “This combination of lack of preparedness and concern, from those organisations that
are among the best equipped to deal with risks of this magnitude, clearly illustrates cyber security challenges remain
Security also a strategic opportunity to connect with customers
The survey revealed that CEOs are grappling with escalating competitive pressures. In particular are concerns about the
loyalty of their customers, keeping pace with new technologies and the relevance of their product or service in the next
there years (86, 72 and 66 percent respectively).
According to Whitmore, “The most innovative companies have recognised that cyber security is a customer experience and
revenue opportunity, not just a risk that needs to be managed or a line item in the budget. They are finding ways to
turn cyber preparedness into a competitive advantage.”
A perfect storm for cyber talent on the horizon
CEOs who said they were not prepared for a future cyber event are more likely to be increasing their headcount over the
next three years, and half of them expect skills gaps to worsen over the same period.
There is also a question of who is ultimately responsible for cyber security within the organisation. In the survey,
four out of ten CEOs say they expect the role of the CIO will become more important in the years ahead, but many CIOs
are neither part of the C-suite inner circle nor are they respected as business partners.
Other key findings:
• Cybersecurity was seen as being the issue having the biggest impact on their company for nearly a third of the CEOs
• Yet only half of the respondents had appointed a cyber security executive or team and two in ten (21 percent) with no
plans to do so.
• Only 37 percent have upgraded current technologies.
“Many companies that suffer serious breaches think they were adequately prepared,” said Whitmore. “The root cause is
often a failure of imagination. A failure to imagine the sophistication and persistence of their attackers.”
In the past 15 months KPMG firms have five significant cyber acquisitions around the world. KPMG’s global investment
fund, KPMG Capital recently took an equity stake in Norse Corp., a leader in live attack intelligence which helps
companies pre-emptively block cyber-attacks, track emerging threats and detect compromises.
To view the infographic and for additional information about the CEO Outlook Study, please visit kpmg.com/CEOoutlookCyber
. You can also follow the conversation on Twitter, using the hashtag: #CEOoutlook.