The IT people may well say that cyber crime is an important issue -- but when the accountants tell you it is, then you know you really have to worry.
The US Institute of Management Accountants (IMA) and the UK's Association of Chartered Certified Accountants (ACCA) have jointly published a report, Cybersecurity - Fighting Crime's Enfant Terrible, to offer practical advice on how organisations can come to terms with and beat cyber crime.
The report argues that accountants and finance professionals "can, and should, play a leading role in defining key areas of a strategic approach to mitigating cybercrime risks".
These areas are:
- Creating reasonable estimates of the financial impact that different types of cybersecurity breaches will have, so that a business can be realistic about its ability to respond to an attack and/or recover from it.
- Defining a risk management strategy.
- Helping businesses establish priorities for their most valuable digital resources, in order to implement a layered approach to cybersecurity.
- Closely following the work of government and various regulators so as to have clear, up-to-date information on adequate legislation and on requirements for adequate disclosure and the prompt investigation of cybersecurity breaches.
As Faye Chua, the ACCA's head of business insights, puts it: "The exploitation of the myriad weaknesses within cybersecurity is now being perpetrated by a rogue's gallery of hostile nation states."
But as Chua sees it, there is a "push/pull element" needed. "While people are aware of [cybersecurity] as an issue, we need to push it as well", she told ZDNet. "People tend to see it as a very big issue, but they need to know some of the practical things that they can do in their own organisations."
She continues: "Predicting the potential implications of a breach is crucial to enabling a swift recovery should the unthinkable occur." This can mean putting 'a plan for failure' in place which might feel like an admission of weakness, "but it is the best way to accelerate the process of repair after an incident," she said.
Accountants are as well-placed as most and better-placed than many to deal with the issue, she said. "Professional accountants possess both industry knowledge and a strategic understanding of the overarching strategy of the organisation," she explained. In addition, accountants have "a well-deserved reputation for being fiercely analytical of potential risks to the safety of their clients and employers".
The free report is available for download here.