CFOs and finance leaders are aware of cyber security—almost 60% of those surveyed by ACCA rank it as the most important tor top business risk.
However, the challenge facing these finance leaders is that they have no clue if their organizations had been attacked (one-third of respondents)—the traditional gap between security and finance remains though the latter’s use of technologies increases.
According to ACCA, it has teamed up with Chartered Accountants Australia and New Zealand (CA ANZ), Macquarie University and Optus to launch the report Cyber and the CFO, which is based on a survey of 1500 ACCA and CA ANZ members.
“The finance community cannot stand by and leave cyber security to others in the business to manage,” said Clive Webb, ACCA’s head of business management. “It’s very complex, but it’s essential for finance leaders to familiarise themselves with the issue.
Other highlights of the report
- Few survey responses showed a recovery plan that included much beyond the hardware.
- More than 20% of finance professionals admitted they had no involvement whatsoever in cyber security within their company.
- 10% of respondents did not know who in the business was responsible day-to-day for cyber security.
- Larger business placed a higher priority on cyber risks (8%), but small business were marginally (5%) less concerned or aware of such security risks.
- Only 19% of survey respondents said that they regularly audited their supply chains though cyber-risk is becoming ever more complex with the integrated nature of supply chains.
Beware of the tactic of targeting employees
While new cyber threats and technical vulnerabilities are emerging at a very fast rate, targeting employees is still a very effective way for cyber criminals to attack an organisation, pointed out Christophe Doche, executive director of the Optus Macquarie University Cyber Security Hub, associate professor
“Given the rapidly evolving and pervasive nature of cyber threats, an important component of managing cyber risk is to prepare for what seems inevitable,” he advised. "Indeed, organizations should make sure that a well developed and tested incident response plan is in place to build cyber resilience and ensure business continuity in case of a cyber breach.”