Nearly one-fifth of CEOs see cybersecurity as the biggest threat to organizations' growth
Few events in the recent decades have impacted how we go about our daily lives or conduct business as much as Covid-19. When the global pandemic hit last year, many were forced to shift to remote work or transfer their business online, bringing about a wave of challenges.
According to the data presented by the Atlas VPN team, nearly one-fifth (18%) of CEOs see cybersecurity risks as the number one threat to their organizations' growth over the next three years.
Concern over cybersecurity risks rose significantly among CEOs compared to last year, when it occupied the fifth spot in the list with 10% of CEOs indicating it poses a threat to their organizations' development.
The data is based on the KPMG 2021 CEO Outlook Pulse survey, conducted from July to August 2020 and again from February to March 2021. KPMG interviewed 500 CEOs of the world's most influential companies from 11 industries in key markets, such as Australia, Canada, China, France, Germany, India, Italy, Japan, Spain, the UK, and the US.
Tax and regulatory risks share the second spot in the list of major concerns for CEOs regarding their companies' growth in the next three years. In total, 14% of CEOs see tax risk as a significant threat — a 10% increase from 4% in 2020. In the meantime, concern over regulatory risk grew by 9%, from 5% last year to 14% in 2021.
Other CEO concerns that made it to the top five include supply chain risk (12%), operational risk (10%), environmental or climate change risk (10%), emerging or disruptive technology risk (6%), and interest rate risk (6%). Meanwhile, talent risk, which occupied the first spot among concerns last year, dropped by a fifth (20%) to a mere 1% in 2021.
To mitigate these risks, companies plan to spend more on digital technologies this year, with 52% prioritizing data security measures.
Cybersecurity beyond the pandemic
With the rollout of Covid-19 vaccines, many expect the pandemic to be nearing its end. However, while we are longing to get back to ‘normal’, challenges brought about by the pandemic have altered our lives permanently. In fact, nearly a quarter (24%) of CEOs believe their business is changed forever due to the Covid-19.
The pandemic has undoubtedly had a massive impact on how companies treat cybersecurity. An increase in cyberattacks and shift to remote work has not only brought about many new challenges for organizations but also highlighted the existing shortcoming.
Therefore if companies want to survive in the post-pandemic world, they must adapt their cybersecurity practices. We believe that three key areas will be of the utmost importance moving forward.
Prioritizing employee training
The responsibility for cybersecurity in companies often falls on the shoulders of IT personnel. However, the increase in phishing attacks and shift to remote work has put more pressure on the employees outside of the IT department to pay attention to cybersecurity, especially as they proved to be one of the weakest links, with 72% of organizations seeing an increase in insider threats last year.
Therefore, companies will need to dedicate more resources to employee cybersecurity awareness training to address insider security incidents if they have not done so already.
Enforcing cybersecurity policies
Organizations should enforce or review their already existing cybersecurity policies to make sure they cover remote work situations and pandemic-triggered challenges.
While each organization's approach to enhancing its cybersecurity practices will depend on its size and industry, among other factors, all companies can benefit from zero trust practices, such as verifying users with multi-factor authentication, single sign-on, and network micro-segmentation for restricting access to resources.
3rd party security monitoring
Companies that provide network access to 3rd party partners should dedicate more resources to observing partner security postures. After all, issues on the contractor end could impact the security of the company itself.
The emphasis on cybersecurity in companies is long overdue. While Covid-19 has brought about a myriad of challenges for individuals and organizations, it has also encouraged us to seek better practices. In the end, those who will be able to adapt to the new normal in the post-Covid world will come out of the situation more robust than before.