Failure by firms to understand security adds pressure to channel

KPMG has found that there are still communication issues around security and a result has been for suppliers to come under greater pressure to deal with the issue

Most of the research that came out of the research community last year seemed to be encouraging when it came to charting the progress of security onto the boardroom agenda.


It could have been easy to get the impression that those at the helm of UK companies were fully aware of the increasing cyber threats and were personally ensuring that action was taken it improve their defences.

But that picture appears to be slightly too optimistic with findings from KPMG indicating that in the FTSE 350 there is a lack of communication between boards and management.

The result is that although 74% of firms thought their boards were taking cyber security seriously the results indicated that there were problems and the large firms are still not being proactive enough fending off threats.

KPMG also found that 25% of board members never received intelligence about security from their CIOs or whoever had been put in charge of data protection.

One of the consequences, which could have an impact ion the channel, was a growing trend in FTSE 350 firms to use legal means to try and gain greater protection with many putting cyber risk clauses in their contracts with suppliers.

Just shy of half are now looking to get a contract that covers the ability of a reseller to provide decent security.

Malcolm Marshall, global leader of KPMG’s cyber security practice, said that the issue of cyber security might have been moving up the board agenda but there was still problems caused by a lack of communication.  

“Clear communication between Boards and management remains patchy at best. Regular Board engagement on this issues is critical to ensuring companies remain alert to this growing threat,” he said.
“Alarmingly, just 39% of Board members saw cyber risk as an operational risk when comparing it to other threats their companies face.  This is a clear indication that Boards have some way to go to understanding the consequences that a cyber-attack can have on the brand and bottom-line,” he added.

Read more on Threat Management Solutions and Services