The hacker attacks just keep on coming with Sony Corp., Lockheed Martin Corp., and Google Inc. all reporting in recent days various degrees of damage inflicted by the digital diaspora.
That has the issue of cyber risks rising on the agendas of the audit committees of boards of directors of all sorts of companies, says KPMG L.L.P.
Every six months, the accounting and consulting firm's Audit Committee Institute conducts a survey of board members about the risks they are seeing.
Thirty-one percent of the 78 Philadelphia-area respondents to the May 24 survey cited "economic and financial risk" as their top worry. That's been so since the financial crisis detonated in 2008.
But cyber risk was No. 2, picked by 16 percent of those surveyed, followed by supply-chain risk (14 percent), geopolitical risk (11 percent), and infrastructure risk (10 percent).
Now remember, these are the board members that serve on audit committees. They're paid to worry. And they tend to spend time asking questions of the chief financial officer and general counsel, not the chief information officer, or CIO.
That may need to change, said Jerry Maginnis, KPMG's Philadelphia managing partner, based on the lively discussion he heard at the May meeting that generated the survey results.
Companies are now so dependent on their information-technology systems that their vulnerability has "the potential to disrupt their operations," Maginnis said.
That goes not only for companies for whom IT is their business model, but also for manufacturers, distributors, and other industry sectors that have sunk significant capital investment into enterprise resource planning systems to become more efficient. Those ERP systems contain all of their competitive information.
While external data breaches make the headlines, the wildfire spread of social media has increased concern over potential threats from inside the organization. Audit committees need to know what controls the CIO has put in place and what issues have been flagged as potential sources of concern, Maginnis said.
After all, lots of companies who'd used a security system made by a division of EMC Corp. believed that would prevent unauthorized access of their computer networks. However, hackers apparently compromised the SecurID system leading to the data breaches at Lockheed Martin and L-3 Communications Corp., both defense contractors.
Boards might not speak geek, but they know what expensive risks sound like.
Shares of Pep Boys - Manny, Moe & Jack swerved Tuesday, falling 17 percent, or $2.30, to $11.20, as investors reacted to first-quarter earnings per share missing analyst estimates.
About 8.2 million shares were traded - more than 13 times the average daily volume for the last 52 weeks.
The Philadelphia auto-parts retailer reported net earnings of $12.4 million, or 23 cents per share, compared with $12.0 million, or 23 cents per share, for the first quarter of 2010.
According to Bloomberg News, analysts had been looking for 30 cents per share.
Sales were basically flat - up just 0.7 percent to $513.5 million for the 13 weeks ended April 30 from $510.0 million for the same period ended May 1, 2010. That happened even though Pep Boys' store count rose 7 percent to 630 as of the end of April compared with 590 a year ago.
"It's a challenging environment as evidenced by our deceleration in sales growth," Pep Boys' president and CEO, Michael Odell, said on a conference call with financial analysts.
Odell said the company did not intend to alter its current strategy, which includes making small acquisitions.
As Odell said: "We think the future is bright and we're going to put this quarter behind us."