• Register
Return to: Home > Comments > Comment: Cybersecurity and the role of the 21st Century Accountant

Comment: Cybersecurity and the role of the 21st Century Accountant

By the Association of International Certified Professional Accountants' technical manager of management accounting, Ken Witt


We are living in times of unprecedented risk, none more evident than the risk of cyber-attacks. Their affects can be crippling to both the general public and businesses alike. The recent WannaCry and Petya attacks, with significant breaches within the NHS and businesses like advertising giant WPP respectively, emphasise the need for a greater resilience to such cyber raids.

Breaches in cybersecurity cost business a hefty sum. According to the 2017 Ponemon Institute Cost of Data Breach Study, the average total cost is around $3.6 million (£2.7 million) per breach, and that’s just the financial impact. The biggest consequence can sometimes be intangible, with some companies still acting as the reference point for cyber fragility two years later, in terms of lost trust and impact on long-term reputation.

Tech specialists and IT consultants are often the first choice when assembling a cybersecurity team. It’s a logical link to make, but when it comes to crafting the best team to tackle cybersecurity risks, management accountants and finance professionals can play a central role. They are experts in risk management, and handle a huge amount of data and sensitive information. Their work is integral to successfully preventing and mitigating cyber-attacks, and can perfectly complement the work of IT professionals.

Both groups directly feed into the CFO – the role under which risk management, business continuity and asset protection and control usually lies – making them a natural team to deal with these increased threats.

Management accountants have a critical role to play in the development of an integrated approach to risk, ensuring that appropriate measures are in place to identify potential cyber threats and implement best practices to deal with them. Once they have embraced their role as protectors of their businesses, the crucial first step for winning the war against this new breed of corporate criminals is to understand the threats inside out.

According to a new CGMA cybersecurity resource, these can be categorized into two main areas – common threats and bad actors.

Threats that are most common include malware, ransomware, botnets, malvertising, phishing and application attacks. The latter is particularly on the rise, as application development is moving more and more online. 

When it comes to ‘bad actors’, the most common way of thinking of them is as computer hackers. However, they can be anyone from criminals to business competitors or nation states. They can also be insiders, such as disgruntled employees with a score to settle. This all shows that cyber risks can come from any direction.

But if these threats are simultaneously coming from everywhere and nowhere, how can you actually tackle them? And is it even possible in today’s interconnected economy to do so effectively?

The short answer to this is yes, absolutely.

One of the most effective ways to shore up sensitive information is to have an effective cybersecurity risk management programme in place. To do this, organisations need to establish cybersecurity objectives as part of their overall business objectives. This is where management accounting can help organisations assess and communicate about the processes and controls in place to mitigate threats against a company’s sensitive information and systems.

These objectives can be achieved by implementing effective controls within the cybersecurity risk management programme, such as secure identification procedures, clearly demarked levels of access, and encrypted sensitive data to protect, detect and act on malicious activity.

Another critical control is to have centralised management in place. Companies that can control security protocols and software updates, with all of the appropriate firewalls and protection products in place, will be much better prepared to repel and respond appropriately to such threats.

Lastly, it is vital to make sure these objectives are met. A framework, such as this one from the Association of International Certified Professional Accountants, can help organisations address and mitigate cybersecurity-related risks and help determine the effectiveness of their existing risk management programs.

By taking this objective-driven approach, it’s clear that cybersecurity is no longer an issue that’s exclusively tackled by IT. Management accountants need to be armed with insight and tools to ward against breaches, both before and after the fact. They need to embrace their role in advocating effective cybersecurity risk management to address and mitigate cybersecurity-related risks.

For organisations across the UK to develop true resilience to these increased risks, they need to realise that management accountants have an increasingly important role to play, so that they can roll up their sleeves and put effective measures in place.

Top Content

    Accountancy Europe: the winner takes it all

    Jonathan Minter spoke to Olivier Boutellis-Taft, chief executive officer at Accountancy Europe, about how technology could change the industry, and how training needs to keep up to enable the profession to develop

    read more

    Embracing global technology trends

    Accountancy Europe’s Digital Day 2018 found the European accounting profession looking to tackle the challenges presented by new technologies head on. Jonathan Minter reports from the day

    read more

    IMA Conference: automation of the audit

    At the annual conference of the Institute of Management Accountants (IMA) in Indianapolis, Deloitte partner Alex Smith gave a presentation on digital transformation in the profession. Joe Pickard spoke to Smith following the presentation to find out more about his views on the future of audit

    read more

    IMA Conference: technology and the human effect

    The annual conference of the Institute of Management Accountants (IMA) took place in Indianapolis this year. Members of the profession gathered to hear the latest from the institute and other market players, covering some of the challenges and opportunities the profession faces.

    read more

    The Caribbean: a digital paradise

    The ICAC hosted its 36th annual conference in June this year – very much looking to the future following a tough 2017 for the Caribbean. Jonathan Minter spoke with chief executive officer Misha Lobban Clarke

    read more
Privacy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.