Half of CEOs Believe a Data Breach Is a Matter of ‘When,’ Not ‘If’

Reading time: 4 min
Share this Share on email Share on twitter Share on linkedin Share on facebook

Nuclear power plants, energy grids, urban water supplies, transportation and traffic control systems, healthcare facilities – these verticals differ in almost every sense, but they do have one thing in common: they are all “critical” infrastructures.

Critical infrastructures are systems, facilities, and services essential to the well-being and safety of citizens, as well as for the effective functioning of government. In recent years, bad actors (including state-sponsored entities) have taken aim at critical infrastructures in key locations on the globe, causing disruption and incapacitation. One example is the infamous NotPetya ransomware contagion, designed not to make profits for its operators, but to cause severe disruption in targeted countries. Such attacks can even lead to human casualties.

According to a Bitdefender survey, 16.7% of IT security decision makers in the UK cite “loss of life” as a severe yet realistic possible consequence of an advanced persistent threat (APT) deployed on critical infrastructures. Nearly 30% of German IT executives and 20 percent of US executives share their concern.

Power & Utilities (PU) CEOs are prepared to lead their organizations through a transformation to remain competitive, but they are becoming increasingly aware of a few caveats.

Research by KPMG shows that while technological disruption and innovation is imperative in today's digital economy, emerging technology is also a top threat to organizational growth, followed by climate change and cyber-security risk.

48% of CEOs expect their organization to fall victim to a cyber-attack sooner or later, saying that breaches have become a matter of “when,” not “if.” And, according to the research, not all CEOs are well prepared to manage such an event.

“As CEOs navigate around these cyber issues, they are starting to see the importance of new workforce capabilities in supporting their organizations’ future growth,” KPMG analysts say.

59% of respondents identify “cyber security specialist” as the most important new role in this respect. 57% say the second-most important role is “data scientist.” The third-most important role, according to 54% of CEOs, is “digital transformation manager.”

Employer demand for cybersecurity professionals across the United States is soaring, according to data sourced by Burning Glass Technologies. Private and public sector employers posted an estimated 313,735 job openings for cybersecurity workers between September 2017 and August 2018. The figure adds to 715,000-plus cybersecurity workers currently employed around the country, resulting in a total of 1,028,735 jobs in cybersecurity. Based on a national population of 325.7 million people as of 2017, the U.S. could employ 0.31% of its population in cybersecurity alone.