• Register
Return to: Home > Comments > Comment: Cybersecurity and the role of the 21st Century Accountant

Comment: Cybersecurity and the role of the 21st Century Accountant

By the Association of International Certified Professional Accountants' technical manager of management accounting, Ken Witt


We are living in times of unprecedented risk, none more evident than the risk of cyber-attacks. Their affects can be crippling to both the general public and businesses alike. The recent WannaCry and Petya attacks, with significant breaches within the NHS and businesses like advertising giant WPP respectively, emphasise the need for a greater resilience to such cyber raids.

Breaches in cybersecurity cost business a hefty sum. According to the 2017 Ponemon Institute Cost of Data Breach Study, the average total cost is around $3.6 million (£2.7 million) per breach, and that’s just the financial impact. The biggest consequence can sometimes be intangible, with some companies still acting as the reference point for cyber fragility two years later, in terms of lost trust and impact on long-term reputation.

Tech specialists and IT consultants are often the first choice when assembling a cybersecurity team. It’s a logical link to make, but when it comes to crafting the best team to tackle cybersecurity risks, management accountants and finance professionals can play a central role. They are experts in risk management, and handle a huge amount of data and sensitive information. Their work is integral to successfully preventing and mitigating cyber-attacks, and can perfectly complement the work of IT professionals.

Both groups directly feed into the CFO – the role under which risk management, business continuity and asset protection and control usually lies – making them a natural team to deal with these increased threats.

Management accountants have a critical role to play in the development of an integrated approach to risk, ensuring that appropriate measures are in place to identify potential cyber threats and implement best practices to deal with them. Once they have embraced their role as protectors of their businesses, the crucial first step for winning the war against this new breed of corporate criminals is to understand the threats inside out.

According to a new CGMA cybersecurity resource, these can be categorized into two main areas – common threats and bad actors.

Threats that are most common include malware, ransomware, botnets, malvertising, phishing and application attacks. The latter is particularly on the rise, as application development is moving more and more online. 

When it comes to ‘bad actors’, the most common way of thinking of them is as computer hackers. However, they can be anyone from criminals to business competitors or nation states. They can also be insiders, such as disgruntled employees with a score to settle. This all shows that cyber risks can come from any direction.

But if these threats are simultaneously coming from everywhere and nowhere, how can you actually tackle them? And is it even possible in today’s interconnected economy to do so effectively?

The short answer to this is yes, absolutely.

One of the most effective ways to shore up sensitive information is to have an effective cybersecurity risk management programme in place. To do this, organisations need to establish cybersecurity objectives as part of their overall business objectives. This is where management accounting can help organisations assess and communicate about the processes and controls in place to mitigate threats against a company’s sensitive information and systems.

These objectives can be achieved by implementing effective controls within the cybersecurity risk management programme, such as secure identification procedures, clearly demarked levels of access, and encrypted sensitive data to protect, detect and act on malicious activity.

Another critical control is to have centralised management in place. Companies that can control security protocols and software updates, with all of the appropriate firewalls and protection products in place, will be much better prepared to repel and respond appropriately to such threats.

Lastly, it is vital to make sure these objectives are met. A framework, such as this one from the Association of International Certified Professional Accountants, can help organisations address and mitigate cybersecurity-related risks and help determine the effectiveness of their existing risk management programs.

By taking this objective-driven approach, it’s clear that cybersecurity is no longer an issue that’s exclusively tackled by IT. Management accountants need to be armed with insight and tools to ward against breaches, both before and after the fact. They need to embrace their role in advocating effective cybersecurity risk management to address and mitigate cybersecurity-related risks.

For organisations across the UK to develop true resilience to these increased risks, they need to realise that management accountants have an increasingly important role to play, so that they can roll up their sleeves and put effective measures in place.

Top Content

    2018 Digital Accountancy forum and awards: Digital transformation

    The Accountant presents highlights from The Digital Accountancy Forum & Awards 2018 panel discussions

    read more

    2018 Digital Accountancy Forum and Awards: Tech deep dive

    The second panel session of the day saw experts discuss how new technologies should not just be seen as a threat, and could be used to improve accounting.

    read more

    Digital Accountancy Forum and Awards: The power of data

    The third panel discussion of the day saw panellists discuss some of the worries their clients have had, how to overcome them, and how data and technology are providing real business opportunities.

    read more

    Digital Accountancy Forum and Awards: The next generation

    With young people more mobile, and technology changing the industry rapidly, the final panel session of the Digital Accountancy Forum looked at how firms would need to adapt to the new reality

    read more
Privacy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.