Thursday 26th September, 2013

KPMG comments on the Europol’s European Cybercrime Centre study that suggests cyber attacks will escalate over the next decade. KPMG’s head of cyber security says that; “to succeed, the fight against cyber crime can no longer be regarded as a problem for IT”.

Malcolm Marshall says: “Given recent experience, it would be naive to think that cyber attacks will not continue to grow in scale and sophistication. With the UK’s digital economy accounting for over 8 percent of our GDP the potential impact of successful cyber attacks means that Boards must treat cyber security as a priority. The internet brings massive potential for business, but of course where there is business – crime will follow.

“Government recognises this and only two months ago the Department of Business, Innovation & Skills (BIS) wrote to the chairman of all FTSE 350 companies inviting them to undertake a cyber governance health check. What’s increasingly clear is that cyber-security should be a Board level responsibility and concern; it may be tempting to delegate cyber strategy to IT, but to do so is to delegate responsibility for the business’s whole security, as well as that of every customer and supplier.”

Malcolm’s comments follow publication of KPMG’s Data Loss Barometer which revealed an almost 50% increase in hacking incidents recorded by organisations between 2010 and 2012.

He adds: “New technologies such as mobile devices, cloud computing, big data and social media bring real opportunities, but they also bring new risks and potential attack techniques. Companies need to strike a balance between technology opportunity and cyber threats. Good practice such as anti-virus systems and firewalls are common place, but what’s required is a more nuanced intelligence-led approach which helps an organisation to tailor its security posture to the changing threat, as well as making sure the organisation is well placed to handle the consequences of a cyber incident. This approach can only be instituted at Board-level.”

As the recent attacks at Santander and and other banks have shown, the threat is very real, determined and ongoing.