Corporate finance teams increasingly are on the front line in fighting cyberattacks, according to a recent survey of Chartered Global Management Accountants (CGMAs) by the American Institute of CPAs (AICPA).
Sixty-eight percent of respondents indicated their organizations were significantly to moderately concerned about data breaches, phishing scams, and other types of attacks – up from 62 percent in 2014. And 72 percent said they were asked to take on more responsibility to mitigate cyber-risks.
“With today’s businesses facing a heightened risk of cyberattacks, they are in need of strong risk identification and mitigation strategies driven by collaboration between business units across the company,” Ash Noah, CPA, CGMA, vice president of CGMA external relations for the AICPA, said in a prepared statement. “The finance function has a unique view into the complexities of the business, as well as an in-depth understanding of the industry, markets, and risk climate, yielding important insights for a company’s strategic direction.”
As finance become more “business-centric,” CFOs and their teams will be drivers in preparing for cyberattacks, Noah added.
Other survey findings include:
- Thirty percent of respondents’ organizations had faced cyberattacks in the past two years, an increase from 22 percent in 2014.
- Forty-eight percent indicated media coverage of cyber-risks has been accurate, while 22 percent said the risks were worse than reported. Eight percent said the risk has been overstated.
- Companies are taking action to prevent data breaches, with 78 percent making employees more aware and accountable, 56 percent are increasing data-protection spending, 31 percent are vetting third-party vendor vulnerabilities, 23 percent are buying or increasing liability insurance for business interruptions connected to breaches, and 12 percent have added staff to handle threats. Twelve percent have not taken any action, according to the survey.
The AICPA survey report recommends these four proactive tactics to handle cyber-risks:
- Determine how effective the current prevention program is in relation to emerging threats.
- Can risks occur without detection by silo risk managers? Increase collaboration throughout the firm.
- Determine the importance of cyber-risk management to strategic planning.
- Put in place a process of cyber-risk identification, assessment, and monitoring that puts accountability on the board and senior managers.