Companies eye cybersecurity information

Company audit committee members are concerned about the quality of information that they receive on cybersecurity and believe risk management programs need to become more “dynamic”, according to a KPMG survey.

The survey, based on the results of a survey of some 1,800 audit committee members in 21 countries undertaken by KPMG’s Audit Committee Institute, asked whether they were satisfied with the quality of information they receive from their company on a range of issues. Cybersecurity came out on the bottom of the pile and respondents noted that a broader range of skills on audit committees, including IT, would be welcomed. Only 26 per cent of respondents said they were fully satisfied with information on cybersecurity. In the UK, just one in five respondents said they were satisfied, compared to satisfaction levels of more than 70 per cent on legal and regulatory compliance issues. The results echo those of other studies that have suggested many companies and their boards remain complacent about cybersecurity or lack detailed understanding of the threats they face. It could also help fuel demands that cybersecurity risk assessment should be part of the formal audit procedure or addressed specifically in company annual reports.