Cyber Security: What's it got to do with Finance?
In analysis / By Lydia Cooper / 23 July 2019
It’s a common misconception that cyber security should be left to the technical teams within an organisation, when in fact it is everyone’s responsibility to be vigilant. Security cannot be left to the information technology professionals alone.
A successful cyber-attack has many implications for an organisation, the majority of which have financial impacts. These could include fines from regulators, reputational loss leading to loss of revenue, as well as the costs associated with remediation and recovery from an attack. Therefore, it is essential that professionals in the finance sector understand and play a full role in managing cyber risk within their organisations.
According to a recent ACCA survey of over 1,500 Association of Chartered Certified Accountants and Chartered Accountants ANZ members, 57% of respondents rated cyber security as a top business risk, yet 54% thought that their organisation had either not been subject to an attack or were not aware. More worryingly, only 11% said it was the most significant risk to their business and 10% admitted that they did not know who had day-to-day responsibility for cyber security. If cyber security is such a significant risk, what role should the finance community be playing?
What is the Risk?
Cyber-attackers can target many areas of an organisation, but the dangers are ultimately measured in financial terms. Finance professionals already possess the skills and oversight to take a broad and long-term view of the financial implication of an attack and can therefore quantify both the cyber risk and the organisation’s risk to ensure that resources are deployed effectively.
As natural custodians of data, finance professionals are becoming increasingly responsible for managing and analysing the value of data as it flows throughout an organisation. Not only that, but these professionals are also responsible for handling and reporting on some of the most sensitive and valuable data within an organisation and therefore will play an important role in identifying the information that needs to be protected.
The finance community should not be overlooked when it comes to implementing measures that can prevent cyber-attacks. Finance professionals have a range of useful skills which should be capitalised on including the ability to oversee audit, inventory, testing and compliance. On the other hand, financial organisations are often seen as the front line of attack for many cyber criminals; not only is financial data under attack, but cyber attackers will also often target finance people in particular, in an attempt to steal and defraud them. Even more reason for the finance community to take note of the risk of cybercrime.
More and more financial services firms are using technology to create competitive advantage and optimise processes; however, this inevitably increases the cyber risk. As firms become more connected and the amount of valuable data held increases, so too does the risk profile. The nature of risk is also changing rapidly and as firms look to utilise technology advances to propel business growth, they are inadvertently supporting the evolution of cyber threat.
The financial services firm of today is experiencing a tricky dichotomy. Firms need to adopt mobile working to drive efficiencies, client satisfaction, employee satisfaction and profit, however they also need to keep data safe, deliver enhanced data protection, cybercrime countermeasures and robust security process to safeguard against losing its data. Successful firms need to find a way of leveraging technology to deliver secure mobility whilst keeping the digital gates tightly bolted.
Cyber shouldn’t just be an issue for the IT department, many finance professionals now demand access to technology wherever we are, using our preferred device. Technology is now a key part of the way we do business and requires support from all sectors and all areas of an organisation.