- Corporate websites offer easy access to private data
- IT shouldn’t be alone in fight against cyber threats
- Impact of cyber attacks means security should become a Corporate Governance issue
British businesses are not taking the threat of cyber security seriously enough, despite increasing publicity about online security breaches in some of the world’s best known companies, according to KPMG’s Head of Information Protection and Business Resilience.
Stephen Bonner’s warning comes in the wake of the Cyber Security Minister, Chloe Smith, reiterating the Government’s commitment to tackle cyber crime. It also follows publication of data suggesting that 15 percent of organisations in the Forbes 2000 have corporate websites which offer hackers access to private login details.
Bonner says: “The UK’s digital economy accounts for 8 percent of our GDP so why organisations are yet to develop a mature approach to cyber security is a question that must be answered. It does seem that with our economy in a state of sluggish growth cyber crime is the one area bucking the trend as a shady growth industry. My worry is that Boardrooms up and down the country are only slowly wising-up to the threat and understanding the damage that can be inflicted on operations and reputation if they fail to create the appropriate defences.
“I may be tempting to allow IT to dictate cyber strategy, but to do so is to delegate responsibility for the business’s whole security, as well as that of every customer and supplier. To my mind this is a cardinal sin and for Boards it is a dereliction of duty. It’s true that many successful cyber risk frameworks begin within IT, but as these gain momentum and scope they usually take responsibility for broader issues like privacy and data quality. At that point, they should surely become a governance function that needs to be separate from IT. Anything less runs the risk of losing an independent eye ensuring everything remains on track.
There is a sense that the sheer scale of a business’s involvement in the digital space makes cyber threats inevitable and impossible to avoid, but a strong response can inspire confidence in a brand. While many new risks will emerge, boards have to ensure that a safe approach doesn’t stop them adopting the latest technology to remain competitive in the future.”
Mike Petrook, KPMG Press Office
020 7311 5271 (t), 07917 384 576 (m) or
Notes to Editors:
KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and operates from 22 offices across the UK with over 11,000 partners and staff. The UK firm recorded a turnover of £1.7 billion in the year ended September 2011. KPMG is a global network of professional firms providing Audit, Tax, and Advisory services. We operate in 152 countries and have 145,000 professionals working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. KPMG International provides no client services.