Supply Chain Risk Mitigation: Part III

While digital progress has enriched the lives of many supply chain managers and the companies they serve, industry analysts warn that there’s a dark side to our reliance on complex computer systems. Indeed some experts contend that our product pipelines have never been more vulnerable to disruption.

Stealth and malicious code deeply embedded in our networks can shut down a global network in an instant. Chillingly, the IT reaction will probably be too late to repair the damage or even restore the service.

Even the current quality of information on cyber security threats is suspect, says a recent KPMG survey of 1,800 audit committee members across 21 countries.

It is clear from the findings that audit committee members, including external senior non-executives, do not think that they are currently receiving about information about online and social media threats and the risk mitigation programs designed to stop them, with only 26% of the 1800 respondents saying that were “satisfied.” This compares to satisfaction levels of over 70% on legal and regulatory compliance issues. A desire for a broader range of skills on audit committees including IT, treasury or risk expertise, is also evident from the report, says KPMG.

High level directors at numerous corporations around the world are concerned about the quality of information they receive about cyber security threats, says a new KPMG survey The report from KPMG’s Audit Committee Institute should be of interest to corporate treasurers, if they look after the risk function at their firm, traditional information security officers in the IT department, or anyone else interested in educating the boardroom about cyber security threats and the risks that flow from it.

It clear from the findings that audit committee members, including external senior non-executives, do not think that they are currently receiving about information about online and social media threats and the risk mitigation programs designed to stop them, with only 26% of the 1800 respondents saying that were “satisfied.” This compares to satisfaction levels of over 70% on legal and regulatory compliance issues. A desire for a broader range of skills on audit committees including IT, treasury or risk expertise, is also evident from the report, says KPMG.

As the report’s author, Malcolm Marshall, a partner in KPMG’s risk consulting practice, says the survey shows “there are too many examples of complacency and defending an organization cannot be left to IT, alone.”

Nearly half of the survey respondents globally (45%) said their company’s risk management program generally, including cyber security, required “substantial work.”

Meanwhile, anti-bribery laws have become a significant area of attention with over three quarters of the audit committee members questioned in the UK saying that they have increased their focus on the issue. Recent high profile cases involving defense contractors and banks no doubt have something to do with this change in outlook.

“The findings confirm our experience that the level of information that boards’ receive on cyber security is patchy,” adds Marshall. “Defending businesses against the threat needs leadership from the top and audit committees should play a key role in this. The results show that they have an appetite to get more actively involved.”

SC
MR