Cyber attacks are rising up investors' priority list and could even cost a business its investor backing, according to a survey of global institutional investors by KPMG.

The survey found that 79% would be discouraged from investing in a business that has been hacked.

“Following a number of high profile breaches, we are seeing global investors waking up to the issue of cyber security," said Malcolm Marshall, global leader of KPMG’s cyber security practice. 

“Investors see data breaches as a threat to a company’s material value and feel discouraged in investing in a business that has had its sensitive information compromised.” 

The research suggested that investors believe less than half of the boards of the companies that they currently invest in have the skills required to adequately deal with a cyber attack. 

They also believe that two in five (43%) board members do not have acceptable skills and knowledge to manage innovation and risk in the digital world. 

A separate KPMG survey of FTSE 350 businesses supports this view. It found that 39% of boards and management agreed that they were severely lacking in their understanding of digital.

“There is an expectation from investors for businesses to increase their cyber capabilities from top to bottom, including the board. In a world where breaches are common, is reasonable to expect boards to have prepared themselves," said Marshall.

"My personal experience of working with organisations that have been breached is that businesses that are generally well run and understand risk, are better prepared for future risks. A serious breach brings the competence and team work of senior executives and the board into sharp focus." 

However he said that some companies struggle to demonstrate that they are taking cyber risk seriously to their existing and potential investor base and that this inability to demonstrate that a business is doing so could make it a less attractive investment proposition.

Marshall suggests that boards need to understand and approach cyber security as a business risk issue, not just a problem for IT and understand the legal issues associated. He says that more time should be spent by boards on cyber risk management and directors should set the expectation that management will establish a firm wide cyber risk management framework.

“A good start would be for boards to elevate cyber higher up on the agenda and invest more time towards it. Our survey reveals that 86% of investors want to see an increase on the time boards spend on cyber compared to last year,” added Marshall.

Bad news for many boards is good news for cyber security focused companies. Investor appetite for cyber businesses has increased, with 86% of the 133 global institutional investors surveyed viewing the sector as a growth area.