View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Leadership
  2. Strategy
April 15, 2015

No investment hope for hacked businesses, KPMG reveals

Survey also reveals lack of confidence in company boards to deal with cyber risk.

By Ellie Burns

Highlighting the importance of robust cyber security, 79% of institutional investors would shy away from investing in a business that has been hacked.

The figures, revealed in a KPMG survey today, also reveal that investors believe less than half of the Boards of the companies that they currently invest in have adequate skills to manage cyber risk.

The 133 Global institutional investors surveyed for the research also believed that 43% of Board members have unacceptable skills and knowledge to manage innovation and risk in the digital world.

These findings mirror a recent KPMG survey of FTSE 350 businesses, which found that 39% of boards and management agreed they were severely lacking in their understanding of this area.

Malcolm Marshall, global leader of KPMG’s cyber security practice, says: "Investors see data breaches as a threat to a company’s material value and feel discouraged in investing in a business that has had its sensitive information compromised."

"Following a number of high profile breaches, we are seeing Global investors waking up to the issue of cyber security. The ripple effect of this has seen investor appetite for cyber businesses increase, with the survey revealing that 86 percent of investors see it as a growth area.

"There is an expectation from investors for businesses to increase their cyber capabilities from top to bottom, including the board. In a world where breaches are common, is reasonable to expect boards to have prepared themselves. My personal experience of working with organisations that have been breached is that businesses that are generally well run and understand risk, are better prepared for future risks.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

"A serious breach brings the competence and team work of senior executives and the board into sharp focus. What we are seeing is companies struggling to demonstrate that they are taking cyber risk seriously to their existing and potential investor base. The inability to demonstrate that a business is doing so could make it a less attractive investment proposition.

"A good start would be for Boards to elevate cyber higher up on the agenda and invest more time towards it. Our survey reveals that 86 percent of investors want to see an increase on the time Boards spend on cyber compared to last year."

Marshall goes on to suggest that boards need to consider the following to be cyber secure:

1. Board directors need to understand and approach cyber security as a business risk issue, not just a problem for IT.

2. Directors need to understand the legal implications of cyber risks as they relate to their company’s specific circumstances.

3. Boards should have sufficient cyber security expertise, and discussions about cyber risk management should be given regular and adequate time on the boardroom agenda.

4. Directors should set the expectation that management will establish a firm wide cyber risk management framework that has adequate scope for staffing and budget.

5. Discussions of cyber risk should include identification of which risks to avoid, accept, mitigate, or transfer, as well as specific plans associated with each approach.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.