Institutional investors shy away from hacked businesses

Institutional investors shy away from hacked businesses

According to new figures revealed today, a cyber attack could cost a business its investor backing

Also on

A cyber attack could cost a business its investor backing, according to new figures revealed today.  A survey of Global institutional investors by KPMG found that 79 percent of investors would be discouraged from investing in a business that has been hacked.  The research surveyed 133 Global institutional investors with USD$3+ trillion under management.

The findings reveal that investors believe less than half of the Boards of the companies that they currently invest in have adequate skills to manage cyber risk.  Furthermore, they believe that 43 percent of Board members have unacceptable skills and knowledge to manage innovation and risk in the digital world. This sentiment was mirrored in a recent KPMG survey of FTSE 350 businesses which found that 39 percent of boards and management agreed they were severely lacking in their understanding of this area.

Malcolm Marshall, global head of KPMG’s cyber security practice, says: “Investors see data breaches as a threat to a company’s material value and feel discouraged in investing in a business that has had its sensitive information compromised.”

“Following a number of high profile breaches, we are seeing Global investors waking up to the issue of cyber security.  The ripple effect of this has seen investor appetite for cyber businesses increase, with the survey revealing that 86 percent of investors see it as a growth area.

“There is an expectation from investors for businesses to increase their cyber capabilities from top to bottom, including the board.  In a world where breaches are common, is reasonable to expect boards to have prepared themselves.  My personal experience of working with organisations that have been breached is that businesses that are generally well run and understand risk, are better prepared for future risks.  A serious breach brings the competence and team work of senior executives and the board into sharp focus.  What we are seeing is companies struggling to demonstrate that they are taking cyber risk seriously to their existing and potential investor base. The inability to demonstrate that a business is doing so could make it a less attractive investment proposition.

“A good start would be for Boards to elevate cyber higher up on the agenda and invest more time towards it.  Our survey reveals that 86 percent of investors want to see an increase on the time Boards spend on cyber compared to last year.”

Malcolm Marshall suggests that boards need to consider the following to be cyber secure:

  • Board directors need to understand and approach cyber security as a business risk issue, not just a problem for IT.
  • Directors need to understand the legal implications of cyber risks as they relate to their company’s specific circumstances.
  • Boards should have sufficient cyber security expertise, and discussions about cyber risk management should be given regular and adequate time on the boardroom agenda.
  • Directors should set the expectation that management will establish a firm wide cyber risk management framework that has adequate scope for staffing and budget.
  • Discussions of cyber risk should include identification of which risks to avoid, accept, mitigate, or transfer, as well as specific plans associated with each approach.




For media enquiries, please contact:

Nahidur Rahman, KPMG Press Office

T: 020 7694 8812

M: 0788191 6975


Follow us on twitter: @kpmguk

KPMG Press Office: +44 (0) 207 694 8773



The research was conducted by FTI Consulting on behalf of KPMG.  The research surveyed 133 Global institutional investors with USD$3+ trillion under management.  The surveyed investors work for the following organisations: private banks, wealth management, investment and mutual funds, hedge funds, pension funds, insurance funds, sovereign wealth funds and endowment funds.

About KPMG

KPMG LLP, a UK limited liability partnership, operates from 22 offices across the UK with approximately 12,000 partners and staff.  The UK firm recorded a turnover of £1.9 billion in the year ended September 2014. KPMG is a global network of professional firms providing Audit, Tax, and Advisory services. It operates in 155 countries and has 162,000 professionals working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity.  Each KPMG firm is a legally distinct and separate entity and describes itself as such.

This article represents the views of the author only, and does not necessarily represent the views or professional advice of KPMG in the UK.

Connect with us


Request for proposal



KPMG’s new-look website

KPMG has launched a state of the art digital platform that enhances your experience and provides improved access to our content and our people, whatever device you are on.