KPMG: Investors Turned Off By Poor Cybersecurity

Nearly 80% of investors would be put off investing in a business if it has been hacked or has an ineffective cybersecurity strategy, according to new research from KPMG.

The business consultancy interviewed over 130 global institutional investors responsible for more than $3trn of funds.

The research revealed that 79% would be discouraged from investing in a hacked company, while 86% said they wanted to see an increase in focus on cybersecurity from boards.

However, those surveyed said they believe that 43% of board members do not have the requisite skills to manage innovation and risk.

KPMG advised board members to approach cybersecurity as a business risk rather than a solely IT-related problem, and to better understand the legal implications of cyber-risk.

Discussion of that risk should revolve around identifying which risks to avoid, which to accept and which to mitigate or transfer.

Matthew Martindale, director at KPMG, argued that appointing a CISO to work closely with the board can help ensure they have a thorough understanding of cyber-threats and risk mitigation.

“There should be clear ownership and accountability for cyber-security risk to a board member and there is an expectation that the individual should be able to talk competently about the organization’s approach to managing and mitigating cybersecurity risk,” he told Infosecurity.

However, despite the study’s findings, he revealed that many organizations have begun to strengthen their threat detection and response capabilities and are now running cyber simulation exercises to test defenses.

“Investors are looking for cyber-resilient organizations as a means to gain comfort around the growing concern of their business and to protect their investment,” he added.

“With this comes an expectation that an organization will be identifying and assessing their strategic risks and then implementing a layered defense approach to mitigate these risks. This will include investing in prevention, detection and response capabilities supported with a cultural change program to drive the right behavior in employees and business partners.

What’s Hot on Infosecurity Magazine?