All FTSE 350 companies are making it easy for hackers by leaking data online, claims KPMG

Attackers could gain control of intellectual property, perpetrate fraud and inflict reputational damage on major companies - report

Every single FTSE-350 company is leaking data online, enabling cyber attackers to gain control of their intellectual property, perpetrate fraud and in turn inflict reputational damage, a report by consultancy firm KPMG has found.

The report was put together by KPMG's Cyber Response team, who looked at the initial steps that a cyber-attacker might undertake to get inside a FTSE 350 company.

The firm found that every company on the FTSE 350 was leaking data such as employee usernames, email addresses and sensitive internal file location information online. On average, 41 usernames, 44 email addresses and five sensitive internal file locations were available for each company.

Aerospace and defence sector companies recorded the highest number of leaked internal email addresses, which using phishing emails provide an easy entry route for hackers to then get unrestricted access to a company's network.

Martin Jordan, head of cyber response at KPMG, said that the research shows that the companies do not have full control of their web presence at a time when cyber security has been "turned upside down".

"Our findings send out a clear message to business - while the internet may be a shop window to the world - it can also be a substantial security risk.

"FTSE-350 companies should accept that cyber threats are real. Protecting their networks is not just about self-interest; it is about safeguarding the economy and, in the case of critical national infrastructures, it is also about the safety of the population," Jordan added.

As part of the research, KPMG found that 53 per cent of the FTSE 350 did not have up-to-date security patches or were using old server software, making them more vulnerable to attacks.

Companies in the support services sector, and the software and computer services sector, were, perhaps surprisingly, found to be the most vulnerable.

The report follows similar findings in KPMG's Cyber Vulnerability Index, which found that 78 per cent of organisations in Forbes' Global 2000 are leaking data that could create opportunities for cyber attackers.