Business Finance: Anthony Cox on why cyber security is a job for directors

Anthony Cox of KPMG.

Anthony Cox of KPMG. - Credit: Archant

As businesses increasingly turn to new technology in their every day operations, the issue of cyber crime is rising to the top of their agendas.

Europol’s European Cybercrime Centre recently released the findings of a study which suggests cyber attacks will escalate over the next decade. But where should the fight against cyber crime sit within a business?

Given recent experience, it would be naive to think that cyber attacks will not continue to grow in scale and sophistication. With the UK’s digital economy accounting for more than 8% of GDP the potential impact of cyber attacks means that business owners and management boards must treat cyber security as a priority. The internet brings massive potential for business, but of course where there is business crime will follow.

The increasing number of cyber attacks against businesses is now also on the Government’s agenda and just a few months ago the Department of Business, Innovation & Skills (BIS) wrote to the chairman of the UK’s biggest companies inviting them to undertake a cyber governance health check. What’s increasingly clear is that cyber-security should be a board level responsibility and concern; it may be tempting to delegate cyber strategy to IT, but to do so is to delegate responsibility for the business’s whole security, as well as that of every customer and supplier.

Business owners, chairman, financial directors and even non-executive directors should scrutinise and challenge what they are being told by their teams about cyber defences, questioning how robust their defences are and whether they have been actively tested. This requires the people at the very top of their organisation to have in-depth understanding of both the threats and the countermeasures.

New technologies such as mobile devices, cloud computing and big data bring real opportunities, but they also bring new risks. Companies need to strike a balance between technology opportunity and cyber threats. Good practice such as anti-virus systems and firewalls are commonplace, but what’s required is a more nuanced intelligence-led approach which helps an organisation to tailor its security posture to the changing threat, as well as making sure the organisation is well placed to handle the consequences of a cyber incident. This approach can only be instituted at board-level.

: : Anthony Cox is part of KPMG’s information protection practice in the East of England.