A KPMG REPORT shows that audit committees believe poor quality data is hampering cybe protection efforts across businesses.
The KPMG UK Audit Committee Institute finds that the number of auditors with concerns about cyber security has doubled in the last year and businesses are losing the battle against cyber crime as a result, Accountancy Age’s sister title Computing reports.
The survey of audit committee members found the quality of information provided to auditors is becoming increasingly unsatisfactory, raising fears that cyber safety has taken a step back and making the task of minimising risk much more difficult.
Almost half (47%) of auditors believe they need better information about cyber risks, a figure that has doubled from 24% the previous year.
Additionally, half of the audit committee members surveyed said it is “increasingly difficult” to oversee the risks of cyber security in addition to the rest of their reporting. It’s a trend Stephen Bonner, partner at KPMG, is concerned about.
“Given the rapidly growing public, political and media profile of the cyber threat, it is very worrying that audit committee members feel more concerned now about the issue than they did a year ago,” said Bonner, head of information protection and business at the Big Four firm.
“It shows that either companies are losing the battle against cyber criminals, or they are still not yet fully engaging with the threat.
“It is a difficult issue that takes many executives and non-executives out of their comfort zone. However, it is simply too big and fast-growing a risk for companies to tackle half-heartedly,” Bonner added.
Timothy Copnell, head of KPMG’s UK Audit Committee Institute, pointed out that auditing is a difficult enough task in itself, even without businesses withholding information about cyber threats.
“Audit committee agendas are not getting any lighter. Overseeing financial reporting and audit, and ensuring those activities have the right resources and talent, is a job in itself,” he said, adding that if things continue the same way, auditing might not even be possible.
“This survey suggests that many audit committee agendas may be reaching a tipping point, and that it’s time to step back and assess whether audit committees are able to exercise even their fundamental responsibilities in an appropriate manner”, Copnell concluded.
KPMG’s survey was conducted amongst approximately 1,500 audit committee members in 34 countries between September and November 2013.
A previous KPMG report, released last month, suggested that government, businesses and consumers all need to think more carefully about cyber threats because 2014 will see the most advanced attempts at hacking and cyber crime yet.
Driving opportunity for all and empowering businesses for success are the key themes for the Sage Summit UK this year, which takes place on 5-6 April
The partnership will see PwC have 'physical presence' at CodeBase in Edinburgh
Unincorporated businesses under the VAT threshold given an extra year to prepare before MTD becomes mandatory
Simon Wright of CareersinAudit.com discusses how an effective cyber defence force is critical to businesses worldwide and how internal auditors can make the transition to a new career in cyber security