CFOs and their finance teams are toughening policies on suppliers and increasing insurance coverage as they are asked take on a larger role in defending their companies from emerging cyber risks, according to a new survey of Chartered Global Management Accountant® (CGMA®) designation holders.

More than 95% of CGMAs surveyed said their companies are concerned with the threat of database breaches, distributed denial of service (DDoS) attacks, phishing scams and other cyber attacks. Nearly three quarters, 72%, said their companies have asked the finance function to take on more responsibility to mitigate these risks.

“With today’s businesses facing a heightened risk of cyber attacks, they are in need of strong risk identification and mitigation strategies driven by collaboration between business units across the company,” said Ash Noah, CPA, CGMA, Vice President of CGMA External Relations for the AICPA. “The finance function has a unique view into the complexities of the business as well as an in-depth understanding of the industry, markets and risk climate, yielding important insights for a company’s strategic direction. As the finance function continues to evolve to become more business-centric, it’s critical for finance executives from the CFO down to play a driving role in preparing for and addressing potential cyber risks for the long-term growth of the company.”

Additional findings from the survey include:

  • 30% of respondents said their business fell victim to a cyber attack in the past two years – an increase from 22% in 2014
  • More than 20% of respondents said cyber threats are worse than what has been reported in the media
  • Fear of the threat of cyber attacks is increasing, with about 68% of respondents saying their company is moderately or significantly concerned with the threat of cyber attacks, compared to 62% in 2014
  • As part of cyber risk mitigation tactics, respondents toughened their policies regarding third-party vendors to address potential vulnerabilities (31%) and secured or increased liability insurance in the event of business disruptions due to data breaches or cyber attack (23%), among other strategies.

As the cyber risk climate evolves, it is critical for all organizations to employ an effective risk oversight and mitigation program. Strategic steps organizations can take to protect their businesses include:

  • Take an assessment of the efficacy of the organization’s current approach to cyber risk oversight in the light of emerging threats.
  • Consider the extent to which critical risks may occur and not be detected by silo risk managers and implement greater cross-collaboration throughout the organization.
  • Assess the extent to which cyber risk management is an important input to the strategic planning process and adjust risk management processes as needed.
  • Implement a structured set of cyber risk identification, assessment and monitoring processes that requires focus and accountability at the board and senior management levels.

For more information visit