By Elizabeth Lynch
In an environment of rapid technology changes and increasingly sophisticated cyber threats, cyber security is a top concern for audit committees and boards. A KPMG survey of more than 200 U.S. audit committee members found that the three biggest challenges their companies face in managing cyber security risk are:
Sixty percent of survey respondents said their audit committee has responsibility for oversight of cyber security. Yet, the financial, legal, and reputational implications of a major cyber breach continue to elevate cyber security to a board-level discussion as a broader risk management issue.
As new technology continues to disrupt business models, the growing prevalence of the Internet of Things, along with the convenience and efficiency new mobile apps and devices, are moving organizations toward a whole new level of cyber and data security risk.
“While oversight varies by company and industry, audit committee members should ask for regular updates on cyber strategy, preparedness and response plans,” said Jose R. Rodriguez, leader of KPMG’s Audit Committee Institute. “They can help ensure the board has access to the information and expertise it needs to be comfortable about the company’s efforts to protect its most valuable information and assets.”
The audit committee should work with the chief audit executive to help identify the risks that pose the greatest threat to the company’s reputation, strategy, and operations and help ensure that internal audit is focused on those risks and related controls.
For more information, or to arrange an interview, please contact Elizabeth Lynch.
Webcast Replay – Jose R. Rodriguez hosts a webcast discussion on cyber concerns for audit committees.
Leading with agility and purpose -Insights from the 2019 KPMG Board Leadership Conference, including a discussion of cyber and other risks audit committees face.
On the 2019 audit committee agenda – Key issues for Audit Committees.
What's next: Key cyber security considerations for 2019 – This white paper explores a few of the most pressing cyber security issues at the forefront in 2019.