With technology viewed as the key swing factor in business success (it being seen as an enabler of innovation, efficiency, ability and speed of adaptation) it comes as no surprise that almost half of all multinationals surveyed in our second Risk and Confidence survey are investing in technology.
Furthermore, over 40% of multinationals are investing in Research and Development such as new products, services or processes, making both hardware and software two areas believed to hold massive potential for multinationals. But whilst there are many up sides to this technological development, cyber and technology risks are also increasing.
It is therefore unsurprising that cyber and technology are the risks multinationals predict to increase the most in the next 6 months, with 48% of multinationals predicting cyber risk to rise and 39% predicting technology risk would increase.
With a series of high profile cyber-attacks such as WannaCry and Petya, and increasing reputational damage for data loss and systems breakdowns such the series of systems failures British Airways experienced this year, it is clear that the problems posed when technology and cyber are affected are not to be ignored.
Yet the recent cyber-attacks have actually increased multinationals level of confidence in their ability to survive a cyber incident, with 24.4% saying they were more confident as opposed to the 11.3% who were now less confident.
Confidence in their ability to handle a cyber-attack could be part of the reason only 13.6% of multinationals saw cyber risk as the risk that concerned them the most, but it could also mean that despite recognising cyber risk as growing they are not taking it seriously enough. Similarly only 18% saw technology risk as the most concerning risk facing their business, which is odd considering how much most multinationals are investing in it for business success.
With the introduction of the GDPR in May 2018 UK multinationals will also have to contend with stricter legislation and harsher penalties if they do not protect or regulate their potential technology and cyber risks. But with these risks increasing at such a rapid pace this could be viewed as a positive development, encouraging multinationals to treat these risks with the caution they deserve.
For technology and cyber risk to be better managed by multinationals going forward, behavioural and governance changes need to be made:
• Technology and Cyber risks must be taken more seriously: processes and protocols need to be constantly reviewed to ensure that protection is up to date, relevant information in the public domain must be reviewed and warnings from hackers should not be ignored.
• Lessons must be learned from each attack: fixes and patches should be immediately installed, and with each new attack vector introduced systems should be updated.
• Plans need to be made before an attack occurs: GDPR means customers must be informed of breaches, and improvements made to ensure it won’t happen again, and security reviews undertaken as a matter of course.
• Businesses must review their cover in case of a cyber-attack: and this should include support with any response and remediation required as much as cover for financial loss.
Jason Beelders, Head of Multinational
These findings come from our Risk and Confidence Survey, for more insights download your copy here www.cnahardy.com/pulse.