The quality of information received by UK companies about the cyber security risks they face is of major concern, according to a report by a top five accountancy firm.
According to KPMG – which surveyed 1,800 audit committee members beetween August and October 2012 – 45% of respondents considered that their firms' risk management programme required "substantial work", with only 25% confident that their companies are looking "far enough into the horizon" to identify risk.
56% of the UK's 280 respondents said that apart from financial reporting risk, Government regulation or the impact of public policy initiatives are the greatest risk challenges facing their companies. 12% said that cyber security posed the greatest risk challenge – including data privacy and protection of intellectual property.
But 22% of all respondents expressed dissatisfaction with the quality of the information they receive about cyber security risk – the lowest level of satisfaction recorded for the quality of information in any risk category included in the survey.
To quote from the report: "The quality of risk-related information – particularly about cyber risk, global systemic risk, and the pace of technology change – as well as hearing dissenting views from middle management and others about critical risks facing the company continue to be areas of concern."