Cyber security should be expanded to other departments other than IT: CII-KPMG report

A joint report by the Confederation of Indian Industry (CII) and KPMG says that cyber security expands to human resources, supply chain, administration and infrastructure.

  • Updated: August 29, 2016 5:05 PM IST

Cyber threats today are no longer restricted to a company’s communications and IT domains, calling for more than just technical controls to avert attacks and protect the business from future risks and breaches, a new report said. According to the joint report of the Confederation of Indian Industry (CII) and KPMG, cyber security today embraces multiple units of an organization like human resource, supply chain, administration and infrastructure. It, therefore, requires governance at the highest levels. “It is vital to keep pace with the changing regulatory and technology landscape to safeguard and advance business objectives. Working backwards by identifying and understanding future risks, predicting risks and acting ahead of competition, can make a company more robust,” said Richard Rekhy, Chief Executive Officer, KPMG, India.

Titled ‘De-risking India in the new age of technology,’ the paper launched at the second CII National Risk Summit 2016 in Mumbai suggested that cyber security has started gaining visibility at the top level and is now an essential part of boardroom discussions. “Well-orchestrated risk management practices help organizations deliver sustainable results by keeping pace with changes in client behavior, staying ahead of competition, identifying emerging technology trends and business model changes early,” added Suresh Senapaty, Chairman, CII National Risk Summit 2016.

Regulators are increasingly holding board members and senior executives of a company accountable for cyber security of their company, often with stiff penalties, including but not limited to, heavy fines and legal consequences. The leadership level, therefore, needs to be aware of the internal and external cyber threats and incidents that can or are affecting their organizations, the report added.

“This white paper is our first step to de-risk India. We explore the challenges that organizations face and then suggest the better risk management practices that can be followed in an accelerated environment of cognitive technologies to harness an organization’s potential to the fullest to balance the risks and opportunities,” added Mritunjay Kapur, Partner and Head, Risk Consulting, KPMG in India. ALSO READ: RBI Governor Raghuram Rajan urges banks to strengthen cyber security

According to the paper, an organization cannot rely solely on technical controls to avert a cyber incident. It needs a combination of the right people, processes and technology to prevent such incidents. “Robotics and cognitive technologies not only support in managing the risks for an organization, but can help eliminate potential operational risks. The new-age disruptive technologies bring much needed controls within an organization,” it added. ALSO READ: India and US discuss closer cooperation on cyber security issues

  • Published Date: August 29, 2016 5:00 PM IST
  • Updated Date: August 29, 2016 5:05 PM IST