Global business influencers 'overconfident' around cybercrime risks

Global business influencers are prone to persistent excess of positivity around their cybersecurity and other technological capabilities. This presents a dangerous blindness to a serious threat – and demands that senior executives think again about their ability to protect their data and their reputations.

Global business influencers 'overconfident' around cybercrime risks

The author(s)

  • Mark McGeoghegan Ipsos Global Reputation Centre
Get in touch

Findings from Ipsos MORI’s Global Business Influencers Barometer 2017, assessing the views of senior executives from large companies across Europe, Asia, and the United States, indicates overconfidence in their businesses’ capacity to tackle the challenges posed by technological advancement and cybersecurity.

Technological advances and cybersecurity top the list of challenges senior executives say their businesses face, and a majority (59%) identify technology as a main area of focus for their business. They are particularly concerned about cybercrime and feel exposed to data security threats, expecting that risk to increase in the coming years. Cybersecurity trails only IT infrastructure among the challenges facing their businesses, and almost nine-in-ten business influencers expect their company’s technology budget to increase in the next 1-2 years.

Senior executives are right to be concerned about cybersecurity. Their colleagues in corporate communications regard a cyber security breach as one of the chief reputational threats facing businesses, and breaches are widespread. Ipsos MORI’s Cyber Security Breaches Survey 2018 – carried out for the UK Government’s Department for Digital, Culture, Media and Sport – found that over two-in-five (43%) UK businesses had experienced a cyber security breach or attack in the past 12 months.

Globally, nearly half of IT and cybersecurity professionals report cyber security breaches as a frequent occurrence, with almost two-thirds saying the volume of breaches has increased in the past twelve months and that the saying the severity of breaches had also increased [IBM (March 2018) The Third Annual Study on the Cyber Resilient Organization. p. 19].

And soon, thanks to the European Union’s General Data Protection Regulation (GDPR), it will become impossible for companies to avoid disclosing breaches (unless they want to face a punishing fine) and firms’ breaches will become public knowledge.

It is something that can affect a company overnight. Poor service, poor products or false claims can have an effect over a period of time. If you have a cyber security breach, your reputation can be in tatters the next day (Ipsos Reputation Council Member)

We have warned of the reputational and business risks posed by cybersecurity breaches in the past, emphasising in our Cybercrime Threat to Corporate Reputation white paper the need to take preventative measures. That need remains clear and senior executives continue to be confident that they are meeting it. Seven-in-ten senior business executives believe that their business is particularly advanced in cybersecurity compared to other businesses, and just under seven-in-ten believe that their business is comparatively advanced in the related areas of IT infrastructure and data compliance.

This confidence continues to be badly misplaced. In the UK, the vast majority of business have no formal cybersecurity incident management processes or plans and – even more worryingly – fewer than two-in-five (37%) UK businesses encrypt personal data. Globally, IBM found that nearly four-in-five (77%) organisations don’t have a formal plan for how to respond to a cyber security breach.

Senior executives need to be realistic about the cybersecurity capabilities of their businesses. The perceptions gap between the belief that they are outpacing their competitors, and the general lack of cybersecurity preparedness among businesses globally, is a dangerous one. It leaves businesses far less vigilant than they should be and far more exposed to reputational risk than they can afford to be.

This gap also raises questions over whether businesses are as advanced on other technological issues as their senior executives think they are. There are only two areas in which under half of business influencers think they lead other companies – automation/robotics and artificial intelligence – but even here just under half think their company is leading. Of course, more than half of businesses cannot be technologically leading their competitors.

Every year since 2013, Ipsos MORI has published Perils of Perception, a study now covering 38 countries. Generally, we find that the global public tends to be pessimistic, overstating the scale of social problems their country faces and understating the positives. This poses problems, leading to politicians and policy-makers chasing ghost issues.

Global business influencers appear to be suffering from the opposite affliction – a persistent excess of positivity around their cybersecurity and other technological capabilities.

This presents its own risks – including a dangerous blindness to genuine reputational threats – and demands that senior executives think again about their ability to protect their data and their reputations.

The author(s)

  • Mark McGeoghegan Ipsos Global Reputation Centre