“I’m a CFO and I’ve Been hacked”: With Cybercrime on the Rise, IMA and ACCA Ask: Does Your Finance Function Have a Plan to Fail?

Cybersecurity is growing too dangerous and powerful to ignore and a head-in-the-sand attitude to this once nascent, now pervasive threat is no longer an option, according to a new study by and IMA® (Institute of Management Accountants) and ACCA (Association of Chartered Certified Accountants).The report can be viewed in full online here or at www.futuretoday.com.

The joint study, “Cybersecurity – Fighting Crime’s Enfant Terrible,” is an assessment of the cyber-threat landscape across the globe, tracks current and future cybersecurity trends and highlights particular areas that are likely to have a direct impact on the future of the accountancy profession.

“Exploitation of the myriad weaknesses within Cybersecurity is now being perpetrated by a rogues gallery of hostile nation states, digitally enabled terrorists, conniving competitors, organized crime syndicates, hacktivists and even the odd disgruntled employee,” said Faye Chua, ACCA’s Head of Business Insights.

“From health records to credit cards, individual pieces of confidential data are fetching up to $45 per unit on the black market. With databases holding millions of records now commonplace the consequences of a breach have become too serious to ignore.”

Added Raef Lawson, Ph.D., CMA, CPA, Vice President of Research and Policy at IMA: “When establishing a plan it is important to be realistic about the resources at your disposal so you can deploy them appropriately. To be effective, implement a ‘layered’ approach to cybersecurity that establishes priorities for your most valuable digital resources.”

Amid escalating cybercrime episodes across the globe, the criminal enterprise is presenting a number of threats for the finance profession – and the theft of financial assets through cyber-intrusions is the second largest source of direct loss from cybercrime, according to one study noted in the report.

Accountants and finance professionals can, and should, play a leading role in defining key areas of a strategic approach to mitigating cybercrime risks. These include:

  • Creating reasonable estimates of financial impact that different types of cybersecurity breaches will cause, so that a business can be realistic about its ability to respond to an attack and/or recover from it;
  • Defining risk management strategy;
  • Helping businesses to establish priorities for their most valuable digital resources, in order to implement a “layered” approach to cybersecurity; and,
  • Closely following the work of government and various regulators, in order to have clear, up-to-date information on adequate legislation and on requirements for adequate disclosure and prompt investigation of cybersecurity breaches.

“Predicting the potential implications of a breach is crucial to enabling a swift recovery should the unthinkable occur. Putting a ‘plan for failure’ in place might feel like an admission of weakness, but it is the best way to accelerate the process of repair after an incident,” Chua said. “Professional accountants possess both industry knowledge and a strategic understanding of the overarching strategy of the organization. In addition, they boast a well-deserved reputation for being fiercely analytical of potential risks to the safety of their clients and employers.”

Ultimately, said Lawson, it is up to finance professionals to keep a watchful eye when it comes to cybercrime. “Above all, professional accountants tend to be cautious in dealing with innovations that have a potential to put safety at risk. These traits make them perfectly placed to hold vigil over potential threats to the cybersecurity of the organization,” he said.

A 2015 survey by IMA and ACCA found that accountants and other finance professionals clearly understand the importance of the issue: 85% of respondents said that management at their respective companies was concerned about cybercrime risks.

Author: Jason Williams

Share This Post On