Institutional investors believe the majority of the companies they have invested millions in are not up to the job when it comes to delivering cyber security, according to KPMG research.
KPMG also found that 79 percent of investors would be discouraged from investing in a business that has been hacked. The findings revealed that investors believe less than half of the boards of the companies that they currently invest in have adequate skills to manage cyber risk.
Furthermore, they believe that 43 percent of board members have unacceptable skills and knowledge to manage innovation and risk in the digital world. This sentiment was mirrored in a recent KPMG survey of FTSE 350 businesses, which found that 39 percent of boards and management agreed they were severely lacking in their understanding of the area.
Malcolm Marshall, global leader of KPMG’s cyber security practice, said: “Investors see data breaches as a threat to a company’s material value and feel discouraged in investing in a business that has had its sensitive information compromised.”
He said: “There is an expectation from investors for businesses to increase their cyber capabilities from top to bottom, including the board. In a world where breaches are common, it is reasonable to expect boards to have prepared themselves. But what we are seeing is companies struggling to demonstrate that they are taking cyber risk seriously.”
The survey showed that 86 percent of investors want to see an increase in the time boards spend on cyber security.
Marshall said board directors need to understand and approach cyber security as a business risk issue, not just a problem for IT, and that discussions about cyber risk management should be given regular and adequate time on the boardroom agenda.
The KPMG survey questioned 135 global institutional investors with over $3 trillion of investments under their collective management.