In the new ‘Achieving Success Without Managing Disruption' study, which took in the views of 175 CEOs of Banking and Capital Market (BCM) organisations, PwC found that while almost all of these (92 percent) are optimistic about their firm's growth prospects over the next three years, they are also concerned about threats which could harm this growth, such as over-regulation (89 percent), cyber-risks (79 percent), the speed of technological change (63 percent) and new market entrants (53 percent).
The report was published just two days after Kaspersky Lab revealed the actions of the Carbanak hacking group, which is said to have stolen up to US$ 1 billion (£650 million) from 100 banks worldwide over the last two years.
“CEOs are getting more worried about almost all the threats we asked about,” reads the report. “Concerns about cyber-threats have shot up most compared to last year – and, in light of the recent attacks on gaming and entertainment networks, the perceived risk will only increase. The speed of technological change and the availability of key skills are other threats that have seen a marked rise in concern from CEOs.”
Cyber-threats are noted as the number one threat in banking, cited by 79 percent of respondents, compared to 61 percent of CEOs across all sectors, a figure which rose from 48 percent a year ago.
Subsequently, the consultancy says that the CEO must take a greater interest in cyber-security.
“The central role of information places cyber-security squarely on the CEO agenda, particularly given the series of high-profile hacks over the past year. With vast quantities of their information readily accessible around the clock, customers expect a certain amount of privacy and confidentiality. How companies honour this will mean much for their ability to engage with and retain customers, and build brand value,” the report reads.
“But while we expect cyber-security issues to continue to be a growing threat, organisations are adapting to this new reality: CEOs see cyber security technologies as a top-three most strategically important type of digital technology for their organisation. And 53 percent think it's ‘very important' strategically – a higher proportion than for any other type of digital technology we asked about.”
“The real benefit of cyber security isn't just in defending value. It's about creating new value by enabling the trust that's so central to doing business today.”
The survey forms part of PwC's latest annual CEO survey, which also published this week, and suggests that data mining analysis and mobile technologies for customers are front of mind for CEOs across various sectors, although there is a split on whether government collaboration with the private sector can help harmonise cyber-security strategies (43 percent said yes, 36 percent said no).
Investment banker Johannes Hertz, CFO of IT security company Brainloop, told SCMagazineUK.com that the latest figures reflected the concerns he has seen in industry.
“The results of PwC's latest survey reflect my first-hand experience in the industry and what we are hearing from our customers,” he said. “Compliance and regulation is there to help, but it can often be so cumbersome that it stifles innovation. However, technology is playing an increasingly important role in financial services firms as they tackle these complex areas of regulatory compliance and information security.
“For banking and capital markets organisations, the result of sensitive information falling into the wrong hands can be catastrophic. Companies that embrace technology that is both robust and simple for employees to use will be in a stronger position to outsmart the cyber-criminals and satisfy the regulators. However, it is always a constant challenge to stay one step ahead and it's a fine balance between business innovation and protection against risk.”
Rob Norris, director of enterprise and cyber-security at Fujitsu, added in an email that the news came as no surprise, especially in light of the Carbanak report.
“Banking chief executives are right to be concerned about these threats as awareness is the first stage of effectively dealing with these pending fears. This echoes our own research of 176 UK and Ireland IT decision makers which revealed that only a third of financial services organisations are certain they could maintain security in event of IT failure.
“In order to both meet customers' demands whilst remaining secure, banking organisations must first be aware of the risks which will most affect their business and then prepare themselves for a potential breach,” added Norris.
“Once aware of the overarching risks in the landscape they next need to focus on the threat that is relevant to them. It is key that organisations can respond to threats in a well-defined and practiced manner - becoming proactive in their approach to security.”