Finance Plays Critical Role in Mitigating Cyber Security Risks

security leadership responsive default security

December 18, 2015

CFOs and their finance teams are toughening policies on suppliers and increasing insurance coverage as they are asked take on a larger role in defending their companies from emerging cyber risks, according to a new survey of Chartered Global Management Accountant® (CGMA®) designation holders.

More than 95% of CGMAs surveyed said their companies are concerned with the threat of database breaches, distributed denial of service (DDoS) attacks, phishing scams and other cyber attacks. Nearly three quarters, 72%, said their companies have asked the finance function to take on more responsibility to mitigate these risks.

“With today’s businesses facing a heightened risk of cyber attacks, they are in need of strong risk identification and mitigation strategies driven by collaboration between business units across the company,” said Ash Noah, CPA, CGMA, Vice President of CGMA External Relations for the AICPA. “The finance function has a unique view into the complexities of the business as well as an in-depth understanding of the industry, markets and risk climate, yielding important insights for a company’s strategic direction. As the finance function continues to evolve to become more business-centric, it’s critical for finance executives from the CFO down to play a driving role in preparing for and addressing potential cyber risks for the long-term growth of the company.”

Additional findings from the survey include:

30% of respondents said their business fell victim to a cyber attack in the past two years – an increase from 22% in 2014
More than 20% of respondents said cyber threats are worse than what has been reported in the media
Fear of the threat of cyber attacks is increasing, with about 68% of respondents saying their company is moderately or significantly concerned with the threat of cyber attacks, compared to 62% in 2014
As part of cyber risk mitigation tactics, respondents toughened their policies regarding third-party vendors to address potential vulnerabilities (31%) and secured or increased liability insurance in the event of business disruptions due to data breaches or cyber attack (23%), among other strategies.

As the cyber risk climate evolves, it is critical for all organizations to employ an effective risk oversight and mitigation program. Strategic steps organizations can take to protect their businesses include:

Take an assessment of the efficacy of the organization’s current approach to cyber risk oversight in the light of emerging threats.
Consider the extent to which critical risks may occur and not be detected by silo risk managers and implement greater cross-collaboration throughout the organization.
Assess the extent to which cyber risk management is an important input to the strategic planning process and adjust risk management processes as needed.
Implement a structured set of cyber risk identification, assessment and monitoring processes that requires focus and accountability at the board and senior management levels.

For more information visit www.cgma.org.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

Finance Plays Critical Role in Mitigating Cyber Security Risks

Related Articles

Report Abusive Comment