Our Wired World

12% of Banking CEOs Don't Know if Their Bank has Been Hacked

Survey: Disconnect between banking CEOs and their top-level executives about cyber vulnerabilities

NEW YORK, May 26, 2016 /PRNewswire/ — Twelve percent of banking CEOs surveyed say they do not have insight into whether their institution’s security has been compromised by a cyber attack in the past two years, according to KPMG, the audit, tax and advisory firm.

KPMG’s 2016 Banking Outlook Survey also shows that there is a clear disconnect between how the C-Suite views cyber security versus the next tier of executives.

The full report: “The Need For Speed,” can be accessed here.

KPMG surveyed 100 bank executives — representing banks in excess of $20 billion in assets – and found disparities around the awareness of hacks, company vulnerabilities and top concerns in the event of a breach at the bank.

While 12 percent of CEOs don’t know if they’ve been hacked in the past two years, the lack of awareness only grows when compared to the next level of executives.

Under attack

Approximately 47 percent of banking executive vice presidents and managing directors reported that they didn’t know if their bank had been hacked, and 72 percent of senior vice presidents and directors stated that they didn’t know.

“Banks are under an onslaught of attacks from bad actors, so the fact that 12% of banking CEOs reported that they don’t know if they’ve been compromised is troublesome. Cyber is a business bottom-line issue: a true CEO issue,” said Charlie Jacco, Financial Services Cyber Leader at KPMG. “While CEOs may be more privy to information regarding the exact number of cyber technology deployment and hack attempts, all employees should know and be in lock-step on their bank’s greatest vulnerabilities and concerns as it pertains to how that bank views cyber security. The data shows, on a leadership level, a strong difference in opinions.”

Greatest Vulnerabilities in Your Organization’s Data Security

Top Vulnerability

Second Vulnerability


– Sharing Data with Third Parties (49%)

– External Attackers (47%)


– Sharing Data with Third Parties (59%)

– External Attackers (56%)

SVP – Directors

–  External Attackers (72%)

– Sharing Data with Third Parties (28%)


Top Concerns in the Event of a Breach

Top Concern

Second Concern

Third Concern


– Financial Loss (26%)

– Reputation (21%)

– Litigation (21%)

– Job Security (21%)

– Regulatory Enforcement (12%)

EVP – MDs   

– Reputation (53%)

– Financial Loss (25%)

– Regulatory Enforcement (13%)

SVP – Directors   

– Reputation (60%)

– Financial Loss (24%)

– Regulatory Enforcement (4%)

– Job Security (4%)

– Litigation (4%)


“A disconnect around cyber strategy among senior executives can create great gaps in protections and deprioritize important tasks exposing banks to increased cyber risks,” says Jitendra Sharma, KPMG’s Advisory Line of Business Leader for Financial Services. “Naturally, banks are the top industry attacked by hackers due to the amount of funds flowing through the institutions. Since banks are under increased security pressures, it’s more important than ever that they employ a strong, top-down internal strategy to better protect themselves against bad actors.”




KPMG LLP, the audit, tax and advisory firm (www.kpmg.com/us), is the U.S. member firm of KPMG International Cooperative (“KPMG International”). KPMG International’s member firms have 174,000 professionals, including more than 9,000 partners in 155 countries.