• Register
Return to: Home > Comments > Comment: Cybersecurity and the role of the 21st Century Accountant

Comment: Cybersecurity and the role of the 21st Century Accountant

By the Association of International Certified Professional Accountants' technical manager of management accounting, Ken Witt

We are living in times of unprecedented risk, none more evident than the risk of cyber-attacks. Their affects can be crippling to both the general public and businesses alike. The recent WannaCry and Petya attacks, with significant breaches within the NHS and businesses like advertising giant WPP respectively, emphasise the need for a greater resilience to such cyber raids.

Breaches in cybersecurity cost business a hefty sum. According to the 2017 Ponemon Institute Cost of Data Breach Study, the average total cost is around $3.6 million (£2.7 million) per breach, and that’s just the financial impact. The biggest consequence can sometimes be intangible, with some companies still acting as the reference point for cyber fragility two years later, in terms of lost trust and impact on long-term reputation.

Tech specialists and IT consultants are often the first choice when assembling a cybersecurity team. It’s a logical link to make, but when it comes to crafting the best team to tackle cybersecurity risks, management accountants and finance professionals can play a central role. They are experts in risk management, and handle a huge amount of data and sensitive information. Their work is integral to successfully preventing and mitigating cyber-attacks, and can perfectly complement the work of IT professionals.

Both groups directly feed into the CFO – the role under which risk management, business continuity and asset protection and control usually lies – making them a natural team to deal with these increased threats.

Management accountants have a critical role to play in the development of an integrated approach to risk, ensuring that appropriate measures are in place to identify potential cyber threats and implement best practices to deal with them. Once they have embraced their role as protectors of their businesses, the crucial first step for winning the war against this new breed of corporate criminals is to understand the threats inside out.

According to a new CGMA cybersecurity resource, these can be categorized into two main areas – common threats and bad actors.

Threats that are most common include malware, ransomware, botnets, malvertising, phishing and application attacks. The latter is particularly on the rise, as application development is moving more and more online. 

When it comes to ‘bad actors’, the most common way of thinking of them is as computer hackers. However, they can be anyone from criminals to business competitors or nation states. They can also be insiders, such as disgruntled employees with a score to settle. This all shows that cyber risks can come from any direction.

But if these threats are simultaneously coming from everywhere and nowhere, how can you actually tackle them? And is it even possible in today’s interconnected economy to do so effectively?

The short answer to this is yes, absolutely.

One of the most effective ways to shore up sensitive information is to have an effective cybersecurity risk management programme in place. To do this, organisations need to establish cybersecurity objectives as part of their overall business objectives. This is where management accounting can help organisations assess and communicate about the processes and controls in place to mitigate threats against a company’s sensitive information and systems.

These objectives can be achieved by implementing effective controls within the cybersecurity risk management programme, such as secure identification procedures, clearly demarked levels of access, and encrypted sensitive data to protect, detect and act on malicious activity.

Another critical control is to have centralised management in place. Companies that can control security protocols and software updates, with all of the appropriate firewalls and protection products in place, will be much better prepared to repel and respond appropriately to such threats.

Lastly, it is vital to make sure these objectives are met. A framework, such as this one from the Association of International Certified Professional Accountants, can help organisations address and mitigate cybersecurity-related risks and help determine the effectiveness of their existing risk management programs.

By taking this objective-driven approach, it’s clear that cybersecurity is no longer an issue that’s exclusively tackled by IT. Management accountants need to be armed with insight and tools to ward against breaches, both before and after the fact. They need to embrace their role in advocating effective cybersecurity risk management to address and mitigate cybersecurity-related risks.

For organisations across the UK to develop true resilience to these increased risks, they need to realise that management accountants have an increasingly important role to play, so that they can roll up their sleeves and put effective measures in place.

Top Content

    Choosing the right location can have cast-iron benefits

    As Game of Thrones, one of the biggest television shows of all time, comes to an end, Joe Pickard looks at how tax incentives offered to television and film production companies help the wider economy.

    read more

    Primary financial statements: a game changer in reporting?

    International Accounting Standards Board chair Hans Hoogervorst delivered a speech at the Seminario International sobre NIIF y NIF, organised by the Consejo Mexicano de Normas de Información Financiera in Mexico. The Accountant presents the highlights.

    read more

    FASB readies standards for the netflix generation

    The US Financial Accounting Standards Board (FASB) has updated its accounting standard for entertainment, with a specific eye on keeping up to date with how episodic content, such as television programmes, is consumed in the modern world. Jonathan Minter reports.

    read more

    Brexit: why it takes two to tango

    Former TA editor Vincent Huck, now editor of Insurance Asset Risk, looks at why Brexit might unleash geopolitical intrigue in Europe’s accounting standard-setting scene – and why IFRS 17 will be an incredible source of opportunity for firms in the coming years.

    read more
Privacy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.