26 June 2017News

KPMG survey claims Bermuda more cyber-aware than neighbours

A new survey by KPMG has indicated that Bermuda is slightly more prepared against cyber security threats in relation to its Caribbean counterparts.

According to the analysis found that 15 percent of Bermuda based companies defined cyber security as a boardroom responsibility, compared to 11 percent across the region, and 20 percent globally.

KPMG’s Cyber Benchmark Survey compared the current state of cyber security risk reporting based on 800 annual reports in 28 countries including Bermuda, the Cayman Islands and five other Caribbean nations.

Some of the surveyed topics included: responsibility assumed at boardroom level for cyber security risks; the differences between regions and industries; and the cyber security topics which are discussed in the annual reports.

The survey indicates that the degree of attention given to cyber security in the annual reports from Bermuda is greater than the rest of the Caribbean, with companies in the Cayman Islands producing the lowest result.

Chris Eaton, cyber security lead at KPMG in Bermuda said that although Bermuda’s result is encouraging, it should be kept in mind that as an average, mentions of cyber security in the Island’s reports are lower than the rest of the world.

“Annual reports are a good indicator of how seriously businesses approach cyber security,” said Eaton, “Since such reports send a message to shareholders about the company’s priorities. The survey makes it clear that Bermuda companies still have ground to cover to increase the dialogue around cyber security at the board level, but I’m pleased to see Bermuda companies following the global trend toward making it an important part of their overall business strategy.”

The survey indicated security awareness as the leading discussion point for Bermuda companies.

“Bermuda companies should implement a top risk assessment approach that addresses information security as well as cyber risk,” Eaton concluded. “Boards must consider the risks associated with external vendors who may be connected to their IT systems. Cyber security is a first line of defence, supported by risk management and comprehensive audit.”