The Overlooked Corporate Data Breach

Shutterstock

When a company is hit with a data breach that leads to the leak of consumer information, the event will make headlines. Not so much, however, when a breach results in the compromise of sensitive corporate data, like information on M&A plans or intellectual property.

But according to a new report from KPMG and Forbes Insights, about a third of all data breaches result in the leak of corporate data.

“Such attacks can be very impactful on the ability to execute business strategy,” explained Greg Bell, co-leader of global cybersecurity at KPMG International, alongside the report, “Now or Never,” which was released last week. “We’re seeing losses in billions of dollars. When unique intellectual property, the basis of competitive advantage, disappears overnight, the outcomes can be disastrous.”

Executives haven’t ignored the issue. According to researchers, 30 percent of CEOs surveyed said cybersecurity is their top risk over the next three years, more so than risk from regulation or disruptive technology.

CEOs have cybersecurity in their line of sight for sure. But the report describes attacks that lead to the compromise of corporate data as “beneath the covers” attacks that rarely land in the news or become the topic of public debate. Further, 72 percent of CEOs surveyed for the report admitted that they are not prepared for a cyberattack.

According to analysts, part of the issue is that, when a corporate cybersecurity event occurs, the event under investigation often involves market-sensitive, proprietary information that cannot be released to the public. That fact also limits the ability for corporates to discuss the cyberevent with their peers. Still, 82 percent of CEOs said they are willing to share their experiences with cyberbreaches with their peers.

“Until we get more transparency about the breaches of corporate data, we’ll continue to have these surprises happen,” Bell said, highlighting potential consequences, like loss of market share or customer dissatisfaction that can result from a data breach. “Companies are just not aware of the nature of these attacks. The knowledge-sharing is a lot better now than it has been in the past, but it’s still not where we need to be.”

An Innovative Future

With many of the cyberbreaches attacking corporate data being swept under the rug of public discussion, researchers warn that cyberattacks will continue to threaten the ability for a business to succeed in an ever-changing business climate.

At least 80 percent of CEOs surveyed said they have confidence in global economic growth, their own industry growth, national economic growth and the growth prospects for their own companies over the next three years. This widespread optimism for the near future occurs as executives continue to acknowledge the challenges of changing environments.

For instance, 41 percent of CEOs said they expect their company to be “significantly transformed” over the next three years, and 72 percent of CEOs say the next three years will be critical for their perspective industries, more so than the last three years. More than a fifth said fostering innovation is their top strategic priority for the rest of the decade, and 77 percent agreed that it is important to include innovation in their business strategies.

These executives are also paying close attention to industry disruption, with the majority noting that new market entrants are disrupting their current business models, and more than half saying their own companies aren’t disrupting industry business models enough.

“This period will be even more challenging, as it will take place in an environment that is still characterized by significant economic, geopolitical and regulatory uncertainty,” reflected John Scott, deputy chairman at KPMG International, in the report. And while CEOs appear to be ready for market shifts, Bell highlighted the risk of cybersecurity — including the need to acknowledge and address corporate data attacks, not just consumer ones — as a potential roadblock to corporates’ plans for growth, disruption and evolution.

“Cybersecurity cannot be the last thing on the checklist,” he warned.