Insight

Russia-Ukraine war, hybrid work and new tech driving cyber

Talent shortage also puts emphasis on culture and training at technology companies.

Mark Gibson

Mark Gibson

Partner, Advisory, NSL & Teams, KPMG U.S.

+1 206-913-6558

 

The Russia-Ukraine war is driving increased concerns for cybersecurity incidents and the resilience of critical business functions. In fact, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory recommending all organizations—regardless of size—adopt a heightened posture with regards to cybersecurity and the protection of critical assets.

 

77%


say that cyber-security risk will increase in the next 12 months.

Source: KPMG Fraud Outlook 2022

Yet concerns over increasing cyberattacks existed prior to Russia’s invasion of Ukraine. Eighty-three percent of respondents to the 2022 KPMG Fraud Outlook survey say their companies have suffered at least one cyberattack over the past 12 months, and 77 percent believe cybersecurity risk will increase more in the next 12 months. The shift to remote work is identified as a contributing factor. Sixty-one percent of respondents agree this has increased the risk factor due to a reduced ability to monitor and control for bad actors.

In the tech sector, it appears hybrid and remote workforces are here for at least the foreseeable future. Employees have increasing leverage due to the tech industry’s skills shortage coupled with the Great Resignation. The skills shortage means it’s more important than ever for technology companies to not rely solely on their technology solutions and information security engineers for cyber defense. They must mobilize every employee, through culture and training, into a human firewall to protect their organizations.

Digital transformation also accelerated during the pandemic. The rapid adoption of new technologies and integration into legacy systems created the potential for new points of cyber vulnerability. As the world barrels into the digital realm (and soon, the metaverse), technology company leaders name cybersecurity risk as the greatest threat to their organizations’ growth over the next three years.

#1

Cyber security risk is the top threat to growth for technology companies.

Source: KPMG CEO Outlook 2021, n=120 

 

On the regulatory front, the Securities and Exchange Commission (SEC) has proposed new rules related to cybersecurity risk management, strategy, governance, and incident reporting by publicly traded companies. Given the outsize impact that technology companies have on the economy, commerce, and facilitating public discourse, it is imperative they maintain their cyber hygiene and enhance their cyber resiliency. Here are some actions technology companies should consider as 2022 progresses:

  • Develop critical talent and skill sets. Transform the information security team from cyber enforcers into influencers who can activate the entire employee base.
  • Exploit security automation. Gain a competitive advantage through smart deployment of security automation.
  • Place identity at the heart of zero trust. Put identity and access management and zero trust to work in today’s hyperconnected and hybrid workplace.
  • Secure beyond the boundaries. Protect the organization by collaborating with the broader supply chain to increase cybersecurity.