Cyber security must rise up the Boardroom agenda, says KPMG

Further to the release earlier this week of KPMG’s review of the FTSE 350’s cyber security, the Government has today announced the launch of its Cyber Governance Health Check whereby the chairmen and chairs of audit committees will be asked to complete a questionnaire to assess the cyber awareness of their businesses. KPMG has issued the following response to the announcement:

– Cyber security is central to long-term economic growth

– Government initiative should be grasped with both hands by FTSE 350

25 July 2013 – An increase in attacks on corporate websites should focus attention on the actions businesses should take to reduce the impact of cyber crime.

The word of caution comes in the wake of the Government announcing the launch of its ‘Cyber Governance Health Check’ – a programme designed to assess the extent to which FTSE 350 Boards and audit committee chairmen understand and oversee risk management measures addressing cyber security threats to their business.  It also follows the publication of data suggesting that hacking of information held by businesses has jumped globally from only 8% of total incidents in 2010 to a shocking 52% in 2012*.

Simon Collins, UK Chairman at KPMG, comments: “The Government’s initiative is a welcome and timely addition to the fight against cyber crime.  It will raise the profile of the risks and highlight that all of us, as part of UK plc, need to plug gaps in our security before leaks become a flood.”

Malcolm Marshall, Global Head of Information Protection and Resilience at KPMG, who worked on KPMG’s own research into the cyber vulnerability of the FTSE 350, added: “The UK’s digital economy accounts for 8 percent of our GDP – a figure which reflects the importance of organisations developing a robust approach to their cyber security.  It’s no exaggeration to suggest that data central to national security and economic growth is at risk of exposure, meaning that Boardrooms – not the IT team – must take responsibility for their cyber security levels.   It may be tempting to delegate cyber strategy to IT, but to do so is to delegate responsibility for the business’s whole security, as well as that of every customer and supplier.”

KPMG has agreed to support the Government’s initiative by helping FTSE 350 companies identify potential flaws in their cyber security procedures.  The aim is to assess the nature of threats faced by organisations and provide a benchmark for the FTSE 350 to use and ascertain the best approach to improve cyber security.

Marshall adds: “The Government’s initiative is an integral part of the fight against cyber crime.  By building an understanding of UK plc’s cyber defences, organisations will be in a better position to make the decisions and take the actions necessary to prevent data theft and ensure Britain is not just open, but safe, for business.”

KPMG released its own Cyber Vulnerability Index** earlier this week which found that companies across the FTSE 350 are inadvertently leaking data by leaving employee usernames, email addresses and sensitive internal file location information online, and therefore able to be used by hackers.

* KPMG Data Loss Barometer, Dec 2012

** As part of the process KPMG also conducted a review of its own website

About KPMG

KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and operates from 22 offices across the UK with over 11,000 partners and staff.  The UK firm recorded a turnover of £1.7 billion in the year ended September 2011. KPMG is a global network of professional firms providing Audit, Tax, and Advisory services. We operate in 152 countries and have 145,000 professionals working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity.  KPMG International provides no client services.