The report, called ‘Cyber security in Corporate Finance’ is a joint initiative from the Government and Institute of Chartered Accountants in England and Wales (ICAEW). Produced by a taskforce including KPMG, it demonstrates how the risks of cyber attack are heightened during the process of completing a transaction because the volume of information shared – and number of people involved – is greater than in the course of ‘business as usual’ transactions.
KPMG’s call for a responsible approach to cyber security comes in the wake of the Government launching its ‘Cyber Streetwise’ campaign. It also follows publication of data suggesting the UK is more susceptible to cyber crime than its European neighbours – with 19 percent of British individuals falling victim to email hackers, compared to an average of 12 percent across the EU*.
Martin Tyley says: “Rather than a new start, 2014 has brought with it more tales of cyber espionage, vulnerability and compromised corporate information. We hope that these stories serve as a warning, especially as corporate finance transactions are a rich source of information when it comes to gathering commercial data, intellectual property and sensitive client details. However experience tells us that the flurry of activity as organisations’ books are assessed often means attention is focused on cash flow, not cyber flaws. The fact is that this must change; due diligence isn’t just about understanding the long-term prospects of a business – it should also involve protecting the ‘here and now’.”
In one case study, for example, an international manufacturer with a large and highly-skilled UK workforce was targeted during a challenging negotiation with a foreign government. The company was spammed with phishing emails and, when one was opened, the hackers were able to access account details stored on the network. Another case involved a large energy company attempting to enter a new market in a developing nation. The organisation bid for a high-value project against multiple international competitors. During the bidding process they discovered malware had infected the system of a key employee who was instrumental to the negotiations. It became apparent that their negotiating position had been compromised and it was necessary for the company to take steps to adjust their position and to defend their networks against repeated attacks.
Tyley adds: “It’s vital to recognise that cyber security isn’t about adopting an inward-looking approach and thinking you are safe. The potential reputational risk of a breach for clients, suppliers, customers and the markets mean that cyber security should not be viewed as the domain of the IT room, but as everyone’s business.
“No organisation is immune to the challenges posed by cyber security. As with any risk, the key to effective management is identifying and understanding the threats, understanding the level of the risks involved and putting in place security measures that are appropriate and proportionate. If an individual or organisation is determined and motivated enough, the chances are that they will still be able to compromise security in some way but good defences will deter many attacks and effective cyber-resilience strategies will include plans to reduce the impact of an attack and the time it takes to recover from it.”
Mike Petrook, KPMG Press Office
020 7311 5271 (t), 07917 384 576 (m) or
Notes to Editors:
* Eurobarometer Survey on Cyber Security, European Commission, June 2013
KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and operates from 22 offices across the UK with approximately 11,500 partners and staff. The UK firm recorded a turnover of £1.8 billion in the year ended September 2013. KPMG is a global network of professional firms providing Audit, Tax, and Advisory services. It operates in 155 countries and has 155,000 professionals working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. Each KPMG firm is a legally distinct and separate entity and describes itself as such.