January 30, 2013 - High level directors at numerous corporations around the world are concerned about the quality of information they receive about cyber security threats, says a new KPMG survey of 1,800 audit committee members across 21 countries.
The report from KPMG's Audit Committee Institute should be of interest to corporate treasurers, if they look after the risk function at their firm, traditional information security officers in the IT department, or anyone else interested in educating the boardroom about cyber security threats and the risks that flow from it.
It clear from the findings that audit committee members, including external senior non-executives, do not think that they are currently receiving about information about online and social media threats and the risk mitigation programmes designed to stop them, with only 26% of the 1800 respondents saying that were "satisfied". This compares to satisfaction levels of over 70% on legal and regulatory compliance issues. A desire for a broader range of skills on audit committees including IT, treasury or risk expertise, is also evident from the report, says KPMG.
As the report's author, Malcolm Marshall, a partner in KPMG's risk consulting practice, said the survey shows, "there are too many examples of complacency and defending an organisation cannot be left to IT, alone."
Nearly half of the survey respondents globally (45%) said their company's risk management programme generally, including cyber security, required "substantial work".
Meanwhile, anti-bribery laws have become a significant area of attention with over three quarters of the audit committee members questioned in the UK saying that they have increased their focus on the issue. Recent high profile cases involving defence contractors and banks no doubt have something to do with this change in outlook.
"The findings confirm our experience that the level of information that boards' receive on cyber security is patchy," added Marshall. "Defending businesses against the threat needs leadership from the top and audit committees should play a key role in this. The results show that they have an appetite to get more actively involved."
