Dangerous solo efforts in the fight against cybercrime
Cybercrime is now part of everyday life for the Swiss economy. However, many companies focus exclusively on their own organisation and criminally neglect third-party risks. Swiss companies are also showing restraint when it comes to the future integration of digital ID into products and services. This and more is shown in the current KPMG study "Clarity on Cyber Security".
Cybercrime, or cyberattacks and cyberthreats, have long been a reality for the Swiss economy: as a survey by KPMG Switzerland shows, almost half (42%) of the companies that were victims of a cyberattack suffered financial damage and disruptions to their business activities as a result. Confidential information was leaked by 33% of the companies, and the attacks caused reputational damage for a quarter.
Banks and insurance companies are particularly frequently affected by financial losses. In these industries, 75% of successful cyberattacks resulted in financial losses.
Neglected third party risks
In a highly interconnected environment, cybercrime knows no boundaries. That's why it's critical for companies to properly identify the risks posed by their stakeholders. Yet, in many places, third-party risks are neglected. For example, just under half of respondents (44%) said they had no control tools in place with their suppliers. 38% of the companies refrain from contractually binding conditions with regard to cyber risks. In addition, the vast majority (82%) of cyber response plans do not cover incidents such as attacks on suppliers or business partners.
In M&A activities, too, not enough attention is paid to cybersecurity: only just 23% of the respondents state that they took this aspect into account in their "due diligence" concept.
Poor data protection and lack of cyber insurance
A few days ago, the new EU data protection directives (GDPR) came into force. These also apply to Swiss companies that process the data of EU citizens. Although GDPR requires companies to have an appropriate scenario in place in the event of a breach of personal data protection, this point is missing from the response plan of 64% of the respondents.
There is further potential for improvement among Swiss companies in terms of insurance against cyber risks: Less than a third (28%) of respondents said they had taken out cyber insurance. The most common reasons for this omission are a lack of need (68%), lack of coverage (64%) and too high costs (64%).
Blockchain and digital ID on the horizon
New technologies always bring new risks. With regard to blockchain technology, 53% of respondents expect that its use will bring new security risks. However, only a small minority (8%) have already taken specific measures to address these risks.
Similar reticence can be observed with digital ID: 69% of the respondents see the establishment of digital proof of identity as an important step towards trustworthy interaction with customers. But only a good third of companies (35%) plan to integrate digital ID into their products and services.
Cybersecurity as a growth driver
The fourth KPMG study on how Swiss businesses deal with cybercrime threats shows that while most companies recognize the relevance of cybersecurity, they still fail to implement their measures consistently and in a targeted manner. "This glaring contradiction dominates the cyber strategies of many Swiss organizations," states Matthias Bossardt, Head of Cyber Security at KPMG Switzerland. "Many companies view cybersecurity exclusively through the lens of threats or risks. Yet, if approached correctly, they can increase their company's resilience and create additional trust among relevant stakeholders. This strengthens their competitive position and generates additional business," Matthias Bossardt continues.
