Press release by ACCA and IMA – Cybersecurity is growing too dangerous and powerful to ignore and a head-in-the-sand attitude to this once nascent, now pervasive threat is no longer an option, according to a new study by IMA (Institute of Management Accountants) and ACCA (Association of Chartered Certified Accountants).
The joint study, "Cybersecurity – Fighting Crime’s Enfant Terrible," is an assessment of the cyber-threat landscape across the globe, tracks current and future cybersecurity trends and highlights particular areas that are likely to have a direct impact on the future of the accountancy profession.
"Exploitation of the myriad weaknesses within Cybersecurity is now being perpetrated by a rogues gallery of hostile nation states, digitally enabled terrorists, conniving competitors, organized crime syndicates, hacktivists and even the odd disgruntled employee," said Faye Chua, ACCA’s head of business insights.
"From health records to credit cards, individual pieces of confidential data are fetching up to $45 per unit on the black market. With databases holding millions of records now commonplace the consequences of a breach have become too serious to ignore."
Raef Lawson, Vice President of Research and Policy at IMA added:
"When establishing a plan it is important to be realistic about the resources at your disposal so you can deploy them appropriately. To be effective, implement a ‘layered’ approach to cyber security that establishes priorities for your most valuable digital resources."
Amid escalating cybercrime episodes across the globe, the criminal enterprise is presenting a number of threats for the finance profession – and the theft of financial assets through cyber-intrusions is the second largest source of direct loss from cybercrime, according to one study noted in the report.
Accountants and finance professionals can, and should, play a leading role in defining key areas of a strategic approach to mitigating cybercrime risks. These include:
– Creating reasonable estimates of financial impact that different types of cybersecurity breaches will cause, so that a business can be realistic about its ability to respond to an attack and/or recover from it;– Defining risk management strategy;– Helping businesses to establish priorities for their most valuable digital resources, in order to implement a "layered" approach to cybersecurity; and, – Closely following the work of government and various regulators, in order to have clear, up-to-date information on adequate legislation and on requirements for adequate disclosure and prompt investigation of cybersecurity breaches.
"Predicting the potential implications of a breach is crucial to enabling a swift recovery should the unthinkable occur. Putting a ‘plan for failure’ in place might feel like an admission of weakness, but it is the best way to accelerate the process of repair after an incident," Faye Chua said.
"Professional accountants possess both industry knowledge and a strategic understanding of the overarching strategy of the organisation. In addition, they boast a well-deserved reputation for being fiercely analytical of potential risks to the safety of their clients and employers."
Ultimately, said Raef Lawson, it is up to finance professionals to keep a watchful eye when it comes to cybercrime. "Above all, professional accountants tend to be cautious in dealing with innovations that have a potential to put safety at risk. These traits make them perfectly placed to hold vigil over potential threats to the cybersecurity of the organisation," he said.
The study found that accountants and other finance professionals clearly understand the importance of the issue. 85% of respondents said that management at their respective companies was concerned about cybercrime risks.