Media contributions
1Media contributions
Title Cyber and the CFO Country/Territory United Kingdom Date 1/07/19 Description Cyber risk is one of the most talked-about business risks. In our increasingly disrupted world
it is at the forefront of our minds.
There are frequent major news stories
about the theft of personal data from
large organisations. There is continued
debate about the use of our data by
social media organisations and how this
should be regulated (and whether
regulation itself can keep pace with the
evolving technology). Many cyber-attacks
go unreported but can be just as
significant to the organisations and
individuals affected by them.
Yet how many of us really understand the
nature of the risk and the full business
implications of it? From the results of
a survey conducted by ACCA and CA
ANZ, it appears that the answer for
most members is ‘few’. Yet it is a risk
that has significant financial and
reputational implications.
One estimate of the cost of cyber-crime
globally is that it will reach US$6 trillion by
2021 (Cyber Ventures 2018). Regulators
are increasingly taking a tougher stance
on organisations that fail to address the
risk adequately, whether through penalties
imposed after data theft or through other
compliance requirements. As finance
professionals we need to be aware of
these impacts (Clifford Chance, 2018).
Organisations frequently comment that
cyber security is one of the most
significant threats that they face, yet the
respondents to the survey of their
members conducted by ACCA and CA
ANZ showed that 54% of them were
either not aware of whether their
organisation had suffered an attack or
thought that they had not been.
Many see cyber security as somebody
else’s problem, and one that does not
have financial implications. This may in
part be owing to a reliance on IT
specialists to provide a level of technical
and operational assurance. In a fastmoving
and interconnected world this is
no longer the case. The traditional
boundary of the organisation represented
by the firewall is being replaced by one
where authenticating the user is more
important. The weakest link may well be
in the connected supply chain, yet our
survey results suggest that many do not
take an active role in addressing this risk.
As organisations increasingly integrate
supply chains, in a ‘24/7’ world our
responses to actions and reputational
damage are also a significant factor.
This can affect share prices and
company valuations. It is also an issue
for mergers and acquisitions as well as
for day-to-day trading.
This report considers the level of
understanding of these risks by the
members of the two bodies and
contrasts this with the level of risk that
organisations face.
One thing that can be said about the
cyber threat is that it is evolving.
Chapter 6 of the report provides an
overview of the threats. Understanding
these is an important step in ensuring
that an organisation understands cyber
risk and has an appropriate level of
cyber governance.
Being prepared for the inevitable attack
is essential. But it is not only a question
of mitigating the attack, it is also one
of leading the way out of the aftermath.
Successful organisations recognise the
need to maintain contact with customers
and suppliers in the hours, rather than
the days, ahead.
The finance community cannot stand
by and leave the issue to other people.
It is a significant business-wide risk. It
should be treated as such and regularly
appraised and acted upon. As individuals,
we need to take personal steps to ensure
that we are fully aware of the threat –
organisations need to do more than
isolated activities to address these issues,
as outlined in this report. This starts with
strong governance involving educating
individuals who would otherwise be too
passive in their reactions and would
thereby expose the organisation to
significant financial risk. It also includes
having robust plans for managing, and
recovering from, the inevitable.URL https://www.charteredaccountantsanz.com/-/media/a82de353ba15474ead28028e53b5b416.ashx Persons Vladlena Benson
Keywords
- cybersecurity
- risk management
- CFO