LONDON (Reuters) - Less than half of company boards have the necessary skills to manage the rising threat of cyber attacks, a survey of global investors showed, with four of five respondents suggesting they might blacklist businesses that have been hacked.
The research from consultancy firm KPMG, which surveyed 133 institutional investors running a total $3 trillion in assets, also showed that 43 percent of investors believe board members of the companies they invest in have a level of skill and knowledge to manage innovation and risk in the digital world that is unacceptable.
“Investors see data breaches as a threat to a company’s material value and feel discouraged in investing in a business that has had its sensitive information compromised,” Malcolm Marshall, global leader of KPMG’s cyber security practice said.
KPMG said global investors were waking up to the issue of cyber security following a number of high profile breaches on companies including Sony Pictures Entertainment.
Recent attacks on U.S. retailers Home Depot and Target have partly inspired the launch a United States sanctions program to target foreign cyber attackers who threaten U.S. foreign policy, national security or economic stability.
Earlier this week, hackers who said they were supporters of Islamic State knocked out channels of French public television station TV5Monde and posted material on its social media feeds to protest against French military action in Iraq.
Technology company IBM also said this month that it had uncovered a sophisticated fraud scheme run by cyber criminals in eastern Europe that uses a combination of phishing, malware and phone calls that has cost large and medium-sized U.S. companies more than $1 million.
KPMG called on directors to approach cyber security as a broader business risk issue, not just a problem for internal information technology teams.
Some 86 percent of those polled said they wanted to see an increase in the amount of time board members spend on protecting their businesses from hackers.
“There is an expectation from investors for businesses to increase their cyber capabilities from top to bottom, including the board. In a world where breaches are common, is reasonable to expect boards to have prepared themselves,” Marshall added.
Reporting By Sinead Cruise. Editing by Jane Merriman