Burgess COMMENTARY

Peter Burgess

Accounting And Finance Professionals Play Increasing Role In Cybersecurity

Accounting and finance professionals are increasingly finding themselves on the forefront of their organization’s cybersecurity efforts, according to a new survey. As cyber criminals continue to target sensitive financial data, those who deal with this information day-in and day-out have been called on to play a role in their organization’s efforts to protect and improve their cybersecurity posture.

“The growth of cybercrimes across our nation and world has risen to astronomic and unprecedented levels in recent years,” said Warner Johnston, head of the Association of Chartered Certified Accountants (ACCA). “As technology advances, so has the threat of silent attacks that strike at the core of our technological infrastructure.”

Johnston continued, “An initial step to implementing stronger controls is first understanding the seriousness of such cyberthreats, existing weaknesses in our infrastructures, and remedies that represent more than stopgap measures.”

The ACCA’s second annual cybersecurity best practices survey, undertaken by the Seidenberg School of Computer Science and Information Systems at Pace University, revealed accounting and finance professionals are adapting to meet the challenges of the ever-evolving cybersecurity landscape. The increasing number of damaging cyber attacks is prompting concern over how to respond to sophisticated threats.

Survey respondents included chief financial officers, managing directors, senior vice presidents and practicing accountants.

The ACCA and Pace University unveiled the new survey at a recent cyber crime symposium and panel discussion, “Cybercrime in the World Today 2015: Emerging Threats,” held earlier this month. The event aimed to provide business leaders and law enforcement officials with a clearer understanding of the technologies, methods, and origins behind the growing threat to our nation’s cybersecurity.

“I’d like to thank the Association of Chartered Certified Accountants for co-sponsoring this Symposium and working with us to raise the visibility of this very important issue,” said Pace President Stephen J. Friedman. “We don’t discuss it enough – and the uncertainty and lack of confidence that secrecy engenders transforms the impact of crime into a form of terror. A lack of public discussion is highly unwise; it impedes our ability to protect ourselves and diminishes our confidence in our leaders.”

The past few years have seen a number of high profile security breaches, including this year’s attack on the Office of Personnel Management, which compromised the sensitive personal information of millions of individuals. As cyberattacks continue to increase, it is now a widely-held belief that data breaches are inevitable—a matter of when rather than if—for organizations in both the public and private sectors.

The number and severity of damaging cyberattacks has brought to the forefront the importance of providing the finance profession with the tools they need to protect the personal and corporate financial information they handle. With the amount of sensitive information they handle, accounting professionals are at the center of the fray, making it critical that they are prepared to prevent and respond to cyber threats.

“For accountants, measures must be taken to ensure that the sensitive personal and corporate financial information they handle is safe: accountants need to be at the forefront of cybersecurity,” said the report’s author, Dr. Jonathan Hill, Interim Dean at Pace’s Seidenberg School of Computer Science and Information Systems. “This is particularly true today, as clients and consumers are more aware than ever of the cyber vulnerability of all businesses.”

The survey featured a number of key findings:

• Nearly 50 percent indicated it was somewhat or very likely that consultants would be hired after a breach;

• Nearly 70 percent said they had a high or very high level of awareness of their company’s cyber risk management policies and procedures;

• 57 percent said their IT systems were well-protected against cyber threats;

• 32 percent had no knowledge of company policy on data encryption in transit or in storage;

• Auditors are more concerned about cybercrime today than a year ago (58 percent for auditors compared with 48 percent for accountants); and

• 27 percent of accountants felt their firms adhered to Control Objectives for Information and Related Technologies (COBIT 5) standards whereas 43 percent of auditors believed their firms followed the standards.

“This survey generated data that is reflective of a profession that is adapting to a serious external attack on its processes and systems,” Johnston said. “The responses and needs of the main stakeholder groups – the financial profession, the IT profession and concerned government regulatory and law enforcement bodies – are evolving in response to progressing, ever more sophisticated threats.”