Fewer than 50 percent of boards have skills needed to deal with cyber-security, KPMG study shows
Almost four in five investors would be discouraged from investing in a company that has been hacked in a cyber-attack for fear that compromised information would lower its value, according to research by KPMG.
In a survey of 133 global institutional investors with more than $3 tn in assets under management, 79 percent say they would be ‘discouraged’ from investing in hacked companies, while 86 percent of investors see cyber-security as a growth area.
‘Investors see data breaches as a threat to a company’s material value and feel discouraged in investing in a business that has had its sensitive information compromised,’ says Malcolm Marshall, global head of KPMG’s cyber-security practice, in a press release. ‘Following a number of high-profile breaches, we are seeing global investors waking up to the issue of cyber-security.’
The survey also shows that fewer than 50 percent of the boards shareholders currently invest in have the skills needed to deal with cyber-security, while 43 percent of respondents say boards do not have the skills needed to manage risk and innovation in the digital world. A recent KPMG poll of boards of FTSE 350 companies shows similar results, with 39 percent of the boards saying they are ‘severely lacking’ in their understanding of cyber-risks.
To ease investors’ concerns and better address growing cyber-security risks, Marshall suggests companies start approaching cyber-security as a business risk issue and not just as a matter for the IT department. He says boards should also ensure they have cyber-security expertise and devote time regularly to the discussions of online security.
Individual directors, Marshall says, should develop an understanding of the legal risks to their company posed by potential cyber-attacks and set an expectation that management develop a company-wide cyber-risk management framework and devote sufficient staffing and budget to it.
