Thu | Jan 20, 2022

Jamaican firms doing better than most on cyber security – report

Published:Thursday | June 1, 2017 | 12:38 PM

A report by international auditing firm, KPMG has found that only 50 per cent of company boards in Jamaica take cyber security seriously, although this is still better than obtains throughout the Caribbean and other countries.

KPMG says it reviewed 800 annual reports of the largest organisations in 28 countries paying attention to cyber security, beyond good information technology practices.

It says it found that board responsibility for cyber security in Jamaica stood at 50 per cent, which is better than the Caribbean where it is 11 per cent.

It was also better than for all companies surveyed, which averaged 20 per cent.

The firm says cyber security as a topic in the annual reports is mentioned as either a sentence or a full paragraph in 50 per cent of Jamaican companies, which is on par with all companies surveyed and higher than the Caribbean.

KPMG says the financial and telecommunications industries led the way in cyber security governance.

The report notes that in the absence of a robust legislative framework and with no specific requirement from regulators, firms are free to determine how they manage and report on cyber security governance. 

It says the increasing cyber security threats in Jamaica, improving awareness of citizens as well as pending legislation on data protection, should drive local organisations, including the Government, to have cyber security as a main governance item on the boardroom agenda.

KPMG highlights that cyber security is a strategic risk for every organisation, and investors, governments, and global regulators are increasingly challenging board members to actively demonstrate diligence in this area.

The report comes against the background of recent cyber-attacks by hackers who held institutions in roughly 80 countries ransom through a type of malicious software called ransomeware.

Such software prevents computer users from accessing their files until specified demands are met.