Proportion of UK audit committee members dissatisfied with cyber information doubles

Audit committee members are becoming increasingly concerned by cyber threats according to a new survey by KPMG.  The firm’s latest research also suggests that the quality of information given to Audit Committees has declined over the past 12 months, making their ability to minimise risk that much harder.

Cyber safety takes a backward step, survey of audit committees shows
Cyber safety takes a backward step, survey of audit committees shows

KPMG’s Audit Committee Institute survey of nearly 1500 audit committee members worldwide, including over 120 in the UK, found that cyber is one of the areas audit committees feel least comfortable about.  Globally, 45 percent of respondents did not feel that their committee devoted enough agenda time to the issue. But this rose to nearly six in ten (58 percent) in the UK.

Indeed, KPMG’s survey found that concern about cyber has doubled amongst UK audit committees in the last year.  Whereas a year ago a quarter of UK respondents (24 percent) were not satisfied with the quality of information received about cyber risks, now nearly half (47 percent) believe that cyber information needs improvement.

About half of UK audit committee members (insert percent) said that it is “increasingly difficult” given the audit committee’s expertise and heavy agenda, for the committee to oversee major risks such as cyber in addition to financial reporting.

Stephen Bonner, partner at KPMG, commented:

“Given the rapidly growing public, political and media profile of the cyber threat, it is very worrying that audit committee members feel more concerned now about the issue than they did a year ago.  It shows that either companies are losing the battle against cyber criminals, or they are still not yet fully engaging with the threat.  It is a difficult issue that takes many executives and non-executives out of their comfort zone.  However, it is simply too big and fast-growing a risk for companies to tackle half-heartedly.”

KPMG’s survey found that cyber was not the only non-financial risk that audit committees are concerned about.  High on their list also were innovation risks and tracking the non-financial ‘leading indicators’ of a company’s performance such as talent management and brand perception.

“Audit committee agendas are not getting any lighter,” said Timothy Copnell, head of KPMG’s UK Audit Committee Institute. “Overseeing financial reporting and audit, and ensuring those activities have the right resources and talent, is a job in itself. This survey suggests that many audit committee agendas may be reaching a tipping point, and that it’s time to step back and assess whether audit committees are able to exercise even their fundamental responsibilities in an appropriate manner.”

A copy of KPMG’s 2014 Global Audit Committee Survey is available at

Related Articles