The word of caution comes in the wake of the government announcing the launch of its ‘Cyber Governance Health Check’ – a programme designed to assess the extent to which FTSE 350 Boards and audit committee chairmen understand and oversee risk management measures addressing cyber security threats to their business.
It also follows the publication of data suggesting that hacking of information held by businesses has jumped globally from only 8% of total incidents in 2010 to a shocking 52% in 2012.
Simon Collins, UK Chairman at KPMG, comments: “The government’s initiative is a welcome and timely addition to the fight against cybercrime. It will raise the profile of the risks and highlight that all of us, as part of UK plc, need to plug gaps in our security before leaks become a flood."
Malcolm Marshall, Global Head of Information Protection and Resilience at KPMG, who worked on KPMG’s own research into the cyber vulnerability of the FTSE 350, added: “The UK’s digital economy accounts for 8 percent of our GDP – a figure which reflects the importance of organisations developing a robust approach to their cyber security. It’s no exaggeration to suggest that data central to national security and economic growth is at risk of exposure, meaning that boardrooms – not the IT team - must take responsibility for their cyber security levels. It may be tempting to delegate cyber strategy to IT, but to do so is to delegate responsibility for the business’s whole security, as well as that of every customer and supplier.”
KPMG has agreed to support the government’s initiative by helping FTSE 350 companies identify potential flaws in their cyber security procedures. The aim is to assess the nature of threats faced by organisations and provide a benchmark for the FTSE 350 to use and ascertain the best approach to improve cyber security.
Marshall adds: “The government’s initiative is an integral part of the fight against cyber crime. By building an understanding of UK plc’s cyber defences, organisations will be in a better position to make the decisions and take the actions necessary to prevent data theft and ensure Britain is not just open, but safe, for business.”