Alarming findings in KPMG research
WILLEMSTAD – Worldwide almost daily Cyber-attacks are experienced by companies with most of the time severe consequences for the continuity of the business and its services to clients.
The major impact of Cyber-attacks would certainly justify putting Cyber Security high on the boardroom agenda. KPMG Dutch Caribbean & Suriname (KPMG DC&S) advises her clients structurally to incorporate cyber security efforts in annual reports. A benchmark study by KPMG in 800 companies across 28 countries shows however that few companies give Cyber Security the attention it requires.
Investors, governments and global regulators are increasingly challenging Board Members to actively demonstrate diligence in the area of Cyber Security. They expect sensitive information to be protected and systems to be resilient to both cyber incidents as deliberate attacks. Clients expect that services are available and data is protected when it is being stored or processed.
However, the KPMG research shows that 84% of the surveyed companies in the Caribbean pay insufficient attention to Cyber Security. “Taking the recent global and regional cyber-attacks into consideration, one may wonder why the sense of urgency of Boards of Directors and Senior Executives is not much higher” says, Mrs. Elaine Oleana, in charge of the Cyber Security services at KPMG DC&S.
The most important highlights of the KPMG benchmark study results for the Dutch Caribbean and Suriname are:
- Cyber Security as a ‘Board Responsibility’ is reported in only 6% of the cases, which is significantly lower than in the rest of the Caribbean (11%) and in the total of companies surveyed (20%).
- In only 6% of the companies operating in the Dutch Caribbean and Suriname, Cyber Security is mentioned as a sentence or as a full paragraph. In this respect the Dutch Caribbean and Suriname are not keeping pace with the rest of the Caribbean or the rest of the world, with averages of 16% and 44% respectively.
- Security Awareness, Privacy, Security Monitoring, Threat Intelligence and ICS/SCADA are the only Cyber Security topics mentioned in the Dutch Caribbean and Suriname annual reports.
- The Financial Industry in our region is more leading in Cyber Security governance then other industries, but still, the percentage is remarkably lower, compared to the overall average.
Mrs. Oleana points out that “there is much room for improvement on cyber security governance and in the explicit recognition of board level responsibility”. She adds that “It is no longer a question of whether an organization will be attacked, but rather when it will be attacked. Will our companies be ready to respond?”