Amid escalating cybercrime episodes across the globe, the criminal enterprise is presenting a number of threats for the finance profession – and the theft of financial assets through cyber intrusions is the second largest source of direct loss from cybercrime.
According to the “Cybersecurity – Fighting Crime’s Enfant Terrible” report, accountants and finance professionals can, and should, play a leading role in defining key areas of a strategic approach to mitigating cybercrime risks.
“Professional accountants possess both industry knowledge and a strategic understanding of the overarching strategy of the organization," says Faye Chua, ACCA’s head of business insights. "In addition, they boast a well-deserved reputation for being fiercely analytical of potential risks to the safety of their clients and employers.”
The study was released by the Association of Chartered Certified Accountants (ACCA), in conjunction with the Institute of Management Accountant (IMA).
“When establishing a plan, it is important to be realistic about the resources at your disposal so you can deploy them appropriately," adds Raef Lawson, Vice President of Research and Policy at IMA. "To be effective, implement a ‘layered’ approach to cybersecurity that establishes priorities for your most valuable digital resources.”
Key areas of a strategic approach
Key steps finance executives should take when developing a plan include creating reasonable estimates of financial impact that different types of cybersecurity breaches will cause, so that a business can be realistic about its ability to respond to an attack and/or recover from it.
The risk management strategy should also be defined. Finance executives should also help businesses establish priorities for their most valuable digital resources, in order to implement a “layered” approach to cybersecurity.
Another key step is closely following the work of government and various regulators, in order to have clear, up-to-date information on adequate legislation and on requirements for adequate disclosure and prompt investigation of cybersecurity breaches.
“From health records to credit cards, individual pieces of confidential data are fetching up to $45 per unit on the black market. With databases holding millions of records now commonplace the consequences of a breach have become too serious to ignore,” says Chua.
“Predicting the potential implications of a breach is crucial to enabling a swift recovery should the unthinkable occur. Putting a ‘plan for failure’ in place might feel like an admission of weakness, but it is the best way to accelerate the process of repair after an incident.”
Ultimately, notes Lawson, it is up to finance professionals to keep a watchful eye when it comes to cybercrime. “Above all, professional accountants tend to be cautious in dealing with innovations that have a potential to put safety at risk. These traits make them perfectly placed to hold vigil over potential threats to the cybersecurity of the organization,” he said.
The study found that accountants and other finance professionals clearly understand the importance of the issue. Eighty-five percent of respondents said that management at their respective companies was concerned about cybercrime risks.