Академический Документы
Профессиональный Документы
Культура Документы
| 1
2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
memberfirms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
Printed inthe U.S.A. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of
KPMGInternational. NDPPS 259750
44
86%
There has been some increase in our focus on cyber security
42
Dont know
increased
their focus
KPMG insights: Cyber security is an important concern for every organization, and
consumer businesses are ideal targets for hackers trying to capture cardholder data
and steal customer identities. Clearly, the recent cyber breaches were a wakeup call for the industry. The majority of retailers and consumer packaged goods
companies have elevated cyber security to the top of their agendas.
Daily occurrences demonstrate the risk posed by cyber attackersfrom individual,
opportunistic hackers, to professional and organized groups of cyber criminals with
strategies for systematically stealing intellectual property and disrupting business.
The management of any organization faces the task of ensuring that its organization
understands the risks and sets the right priorities. While this is no easy task, it
is essential that leaders take control of allocating resources to deal with cyber
security, actively manage governance and decision making over cyber security, and
build an informed and knowledgeable organizational culture.
2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
memberfirms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
Printed inthe U.S.A. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of
KPMGInternational. NDPPS 259750
{Respondents: 107}
46
27
18
Dont know
1
{Respondents: 111}
KPMG insights: Most consumer companies are not being driven by fear, uncertainty, or
doubt. They see the potential that rapidly advancing technology has and continue to explore
new ways of doing business, new ways of running a business, and new ways to better
understand and engage with consumers. However, technology does not come without
challenges. Companies must balance a relentless pursuit of innovation with assessing and
effectively managing risk.
Cyber crime risks can be controlled. The key is to embed security and risk management
processes in technology and related initiativesright from the
get-go. By treating cyber security as business as usual and balancing investment
between risks and potential impacts, an organization can be
well-prepared to combat cyber crime.
2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
memberfirms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
Printed inthe U.S.A. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of
KPMGInternational. NDPPS 259750
20
36
16
Yes
Not yet, but in the process of defining the plan
No
Dont know
33
KPMG insights: The majority of consumer companies are not yet considering
how they will respond to a data breach before it occurs. When companies do not
have a formal cyber incident response plannow considered a standard of care
across industriesthey are forced to rely on the ad hoc action of their people,
leaving the outcome unpredictable and unreliable. Mishandling an incident is a
major liabilitypotentially costing billions of dollars and having the potential to
destroy a brand virtually overnight. In some cases, not having a plan may even be
perceived as negligence and become a legal liability.
Additionally, should an incident occur, organizations need to ensure that they
are evaluated in such a way that lessons can be learned. In practice, however,
actions are driven by real-time incidents and often are not recorded or evaluated.
This destroys the ability of the organization to learn and put better security
arrangements in place in the future.
{Respondents: 105}
2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
memberfirms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
Printed inthe U.S.A. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of
KPMGInternational. NDPPS 259750
44%
19%
16%
8%
Other
7%
6%
Dont know
{Respondents: 105}
KPMG insights: Across the marketplace, we are seeing chief information security officers
taking on much more prominent roles. Survey results reveal that consumer companies
are moving slower in adopting this approach than other industries. Given the complexity
and multidisciplinary nature of the problem, cyber security demands direct management
attention. Companies should be evaluating their leadership models to ensure effective
oversight of security operations and support of risk and compliance functions.
High-profile data breaches of retail and CPG companies exposed the massive drop
in shareholder value which can result from ineffective cyber security. In other words,
defending against cyber crime became a board problem. As a result, cyber security
initiatives in the consumer industry are being driven from the top down. From boards, to
audit and risk committees, to CEOs, CFOs, CIOs, and CISOs, leadership is under immense
pressure to show progress in securing systems and managing risk and compliance, and they
are seizing control of cyber.
2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
memberfirms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
Printed inthe U.S.A. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of
KPMGInternational. NDPPS 259750
45
40
<1
1-2
2-3
3-4
4-5
Don't know
30
22
22
20
10
9
5
0
{Respondents: 107}
KPMG insights: Cyber security has historically been a neglected area in consumer
companies. Its no wonder that only five percent of organizations believe they have
industry-leading levels of cyber maturity. With the growth of omni-channel retailing
exposing new risksand regulatory watchdogs sharpening their teeththe industry
needs to play catch-up. Now is the time to increase the focus on cyber security.
At KPMG, we consider six key dimensions that together provide a wide-ranging and
in-depth view of an organizations cyber maturity.
Leadership and governance
Is the board demonstrating due diligence, ownership, and effective management
ofrisk?
Human factors
What is the level and integration of a security culture that empowers and ensures the
right people, skills, culture and knowledge?
Information risk management
How robust is the approach to achieve comprehensive and effective risk
management of information throughout the organization and its delivery and
supplypartners?
Business continuity
Have we made preparations for a security event and the ability to prevent or minimize
the impact through successful crisis and stakeholder management?
Operations and technology
What is the level of control measures implemented to address identified risks and
minimize the impact of compromise?
Legal and compliance
Are we complying with relevant regulatory and international certification standards?
2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
memberfirms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
Printed inthe U.S.A. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of
KPMGInternational. NDPPS 259750
kpmg.com
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual
or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is
accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information
without appropriate professional advice after a thorough examination of the particular situation.
2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved. Printed in the
U.S.A. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of KPMG International.
NDPPS 259750