Australian companies making higher investment in cyber security
Cyber security is front of mind for Australian CEOs, with investment in cyber defence seen as a top priority, according to the latest Global CEO Outlook study from KPMG.
Four out of five Australian companies have made “high investment” in cyber over the past twelve months (80% vs 66% globally), and are also planning higher investment over the next three years. “Strengthening organisational resilience” against cyber-attacks is Australian CEOs’ second highest priority for investment overall, with 71% of companies preparing to invest compared to 53% of CEOs globally. Nearly half (48%) said they are concerned about combatting cyber security “fatigue” within their organisations.
Despite this, Australian companies feel no more prepared than their global counterparts for a cyber-attack, with over half, 57% (and 57% globally) not fully prepared.
“It’s clear that Australian CEOs are awake to the threat represented by cyber-attacks, and are investing in defences accordingly. They’re more likely to admit they’re not where they need to be, and recognise that work needs to be done. In the current environment, following major high profile global and local attacks, this is a commendable approach,” said Gordon Archibald, a partner in KPMG Australia’s Cyber Security Services practice.
Australia’s attitude towards different types of cyber threats varies from global concerns, with more confidence amongst Australian CEOs in their preparation against social media issues or data theft, but less feeling fully ready for ransomware or DDOS attacks.
|% fully prepared against:||Australia||Global|
|Employee-led data breach||44%||45%|
|Social media hacking||52%||42%|
|Business data theft||54%||47%|
|Customer data theft||52%||49%|
Source: KPMG 2017 Global CEO Outlook
Leading from the front
Australian CEOs are more likely than their global counterparts to see mitigating cyber risk as an embedded part of their leadership role (94% vs 72% globally), but less likely to see it as a disruptive growth opportunity (59% vs 71%).
However, Australian leaders are more likely to see security as prompting innovation in products and services (69% vs 53% globally). And they are more conscious that the impact of cyber security investment should be tracked, with 50% saying that companies “need to be smarter” in tracking, vs 42% globally.
Human capital is seen as the key challenge in tackling cyber security (for 65% of Australian firms vs 47% globally).
“It is very good to see Australian CEOs stepping up to take responsibility for cyber security. There’s definite recognition globally that investment and innovation in cyber security can encourage innovation across an organisation. But in Australia, even if cyber defences aren’t seen as leading to direct ROI, the investment still need to be justified,” Gordon Archibald said.
“The number one hurdle is finding qualified and experienced talent to both address the risks and grasp the opportunities, so it’s important that industry, government and academia continue to work together to foster the Australian cyber security sector.”
About KPMG’s 2017 Global CEO Outlook survey
The survey covers 1,261 CEOs in 10 key markets (Australia, China, France, Germany, India, Italy, Japan, Spain, UK and US) and 11 key industry sectors (automotive, banking, infrastructure, insurance, investment management, life sciences, manufacturing, retail/consumer markets, technology, energy/utilities and telecom). A third of the companies surveyed have more than US$10B in annual revenue, with no responses from companies under US$500M. The survey was conducted between 21 February and 11 April 2017.
About KPMG International
KPMG is a global network of professional services firms providing Audit, Tax and Advisory services. We operate in 152 countries and have 189,000 people working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. Each KPMG firm is a legally distinct and separate entity and describes itself as such.