Businesses still not taking cyber threats seriously enough

Wednesday 21 November 2012

UK businesses are still not taking the threat of cyber security seriously enough, one industry expert has claimed.

Stephen Bonner, head of information protection and business resilience at KPMG, said that despite increasing publicity about online security breaches in some of the world’s best known companies, firms are failing to take the necessary precautions.

He was commentating after a report revealed that 15 per cent of organisations in the Forbes 2,000 have corporate websites which offer hackers access to private login details.

Mr Bonner noted that the UK's digital economy accounts for eight per cent of gross domestic product. And as such, it remains a mystery why organisations are yet to develop a mature approach to cyber security.

"It does seem that with our economy in a state of sluggish growth, cybercrime is the one area bucking the trend as a shady growth industry," Mr Bonner stated.

"My worry is that boardrooms up and down the country are only slowly wising up to the threat and understanding the damage that can be inflicted on operations and reputation if they fail to create the appropriate defences."

Boards 'should retain control of security policy'

Mr Bonner said it may be tempting to allow IT to dictate cyber strategy, but to do so is to delegate responsibility for the business’s whole security, as well as that of every customer and supplier.

"To my mind this is a cardinal sin and for boards it is a dereliction of duty," he claimed.

"It's true that many successful cyber risk frameworks begin within IT, but as these gain momentum and scope they usually take responsibility for broader issues like privacy and data quality."

At that point, they should surely become a governance function that needs to be separate from IT, Mr Bonner claimed.

He said that anything else runs the risk of losing an independent eye ensuring everything remains on track.

There is a sense that the sheer scale of a business’s involvement in the digital space makes cyber threats inevitable and impossible to avoid," Mr Bonner noted.

"But a strong response can inspire confidence in a brand."

He said that while many new risks will emerge, boards have to ensure that a safe approach does not stop them adopting the latest technology to remain competitive in the future.

Posted by Alex Boardman