Log In

Reset Password

Bermuda ahead of Cayman on cybersecurity

Chris Eaton of KPMG

Bermuda is ahead of the game on cybersecurity compared to Caribbean countries — but only slightly.

A multi-regional survey by professional services firm KPMG found that the island was “slightly more prepared” against cyberattacks, with 15 per cent of Bermudian-based companies defining cybersecurity as a boardroom responsibility compared to 11 per cent across the region.

The survey found that the degree of attention given to cybersecurity in the annual reports from Bermuda is greater than in the Caribbean — with competitor the Cayman Islands producing the lowest results.

But Chris Eaton, co-leader of KPMG’s islands group and IT advisory lead for Bermuda, said that, although the island outstripped the Caribbean, mentions of cybersecurity in reports were lower than in places like western Europe.

He added: “The survey makes it clear that Bermuda companies still have ground to cover to increase the dialogue around cybersecurity at the board level, but I’m pleased to see Bermuda companies following the global trend towards making it an important part of their overall strategy.”

Mr Eaton said: “There is a growing awareness at the top end of organisations that this is something that needs to have a seat at the risk management table.

“That’s not a battle that is won quickly — it’s a gradual thing.”

He added: “We are a decent distance ahead of the competition in the Caribbean, but there’s no avoiding the fact that we’re not as far ahead as western Europe, for example.”

The report looked at results from organisations that have listings on the Bermuda Stock Exchange and did not include companies with Bermuda offices and listings elsewhere.

“We have to be a little bit careful in drawing too many conclusions about what we’re seeing in the report from that perspective.”

But he said: “There is good progress being made and it’s encouraging that the conclusion we can reach is there is an increasing amount of awareness that cybersecurity is an important topic for boards — there is, however, some work to be done.”

Mr Eaton added: “It is being taken seriously. There is a historical challenge between the language spoken by the technologists who appreciate the risk and what needs to be done about it and risk management language.

“But we’ve certainly seen in the last couple of years the emergence of people who are in that intermediate role and I think that’s very encouraging.”

The KPMG cyber benchmark survey compared the state of cybersecurity risk reporting based on 800 annual reports in 28 countries, including Bermuda, the Cayman Islands and five other Caribbean jurisdictions.

The survey showed that security awareness was the top discussion point for Bermuda companies.

Mr Eaton said: “Bermuda companies should implement a top risk assessment approach that addresses information security as well as cyber-risk.

“Boards must consider the risks associated with external vendors who may be connected to their IT systems.

“Cybersecurity is a first line of defence, supported by risk management and comprehensive audit.”

He added: “What will be really interesting to see is how it changes over time. We’re now seeing cybersecurity firmly established in the overall risk management approach of organisations in Bermuda.”