The next wave of challenges in Cyber Security

in Advisory, 30.05.2016

Swiss companies are underestimating the cyber risks associated with the Internet of Things. They are still not working together enough on digital security and lack a complete understanding of the threats involved, as illustrated in KPMG’s latest study, “Clarity on Cyber Security”.

Change is a constant factor in today’s world. That may be a cliché, but it is also the challenging truth when it comes to Cyber Security.

No one can ignore Cyber Security

The march of digitization is continuing apace. As well as bringing opportunities for companies, however, this trend also poses some major risks to Swiss business: in the past 12 months, for instance, over half (54%) of all the companies included in the study have been the victim of a cyber attack. The graph below shows the aftermath of these attacks:

Clarity on Cyber Security

These attacks severely disrupted the business processes at 44 percent of the companies affected, with a quarter fearing that they had suffered reputational damage as a result. With the basics still not mastered – only 19 percent believe employees are sufficiently aware of the cyber risk (2015: 36%) – new challenges are already emerging at the horizon.

Little experience regarding the Internet of Things

The fourth industrial revolution and the increasing interconnectedness of businesses and devices also mean a significant increase of the attack surface and hence a major shift of the  security risk. The study shows that many Swiss companies are paying far too little attention to the security aspects of Industry 4.0. For example, over half of those surveyed (53%) admitted lacking a basic overview of the risks that the Internet of Things posed to them, preventing any effective protection against cyber attacks.

No proper insider threat management

Many attacks and fraud cases involve insiders, such as employees, contractors, suppliers or business partners. A large majority of the company representatives interviewed (80%) are dissatisfied with how their business handles these insider risks: 60 percent lack an adequate setup for monitoring suspicious internal activity, 51 percent do not analyze the relevant data and 49 percent lament insufficient coordination between departments (e.g. Security, HR, Operations). One of the major challenges will be to walk the fine line between full trust and Orwellian surveillance.

It takes a network to defeat a network

In last year’s survey, 95% of the respondents indicated the wish to have better collaboration with peers. Their wishes have at least partially been fulfilled: 66 percent of the respondents state that the level of collaboration has increased in the past 12 months. The main arguments in favor of doing so are to share threat intelligence (named by 88%) and to share lessons learned from attacks (83%).

Clarity on Cyber Security

However, the collaboration is still basic, often bilateral and based on individual trust. Obstacles to better collaboration include company policies – the competitor is not seen as trustworthy, not even in the context of fighting cyber crime – but also cultural issues or the lack of a platform to share information in a more scalable manner.

Further information: