As digital transformation continues to accelerate, organisations are becoming increasingly vulnerable to cyber threats. Worryingly, 72% of respondents to the World Economic Forum’s Global Cybersecurity Outlook 2025 survey reported an increase in organisational cyber risks, with ransomware remaining one of the top concerns. And according to IBM and Ponemon Institute’s Cost of a Data Breach Report 2025, the average global cost of a data breach is around £3.3 million in 2025, albeit a decrease from 2024.
The ramifications of a cyberattack extend far beyond financial losses. Organisations may also face severe reputational damage, legal penalties, and operational disruption. If recent cyber incidents have taught us anything, it’s that a single incident can have cascading effects across an organisation’s entire ecosystem.
Finance teams handle and manage large amounts of valuable financial data and assets, making them prime targets for cyber criminals. While IT teams have traditionally been responsible for cybersecurity, finance professionals must now actively participate in shaping and supporting their organisation’s cyber resilience strategy.
Here’s how:
- Risk management: Cyber risks should be part of the organisation’s broader risk management framework. The finance team needs to work closely with the IT team to identify and assess vulnerabilities in financial systems and data storage, ensuring that cyber risks are proactively managed.
- Compliance and reporting: Staying on top of cybersecurity regulations and ensuring organisational compliance is crucial. The finance team has a critical role to play in ensuring that organisations comply with data protection laws. They include those requiring businesses to implement cybersecurity measures and report breaches in a timely manner.
- Incident response planning: The finance team must understand the financial implications of a cyber incident. It should work in partnership with the IT team to devise a solid incident response plan, ensuring that all stakeholders know their roles and that the organisation can respond swiftly and effectively.
- Cybersecurity budgeting: Investing in cybersecurity tools and resources should be a strategic priority. Finance needs to ensure that sufficient financial resources are allocated to cybersecurity initiatives, including training, technology upgrades, and incident response capabilities, to help strengthen the organisation’s cyber resilience.
By taking a frontline role in their organisation’s cybersecurity planning and decision-making, finance professionals can help safeguard its sensitive financial data, uphold stakeholder trust, and ensure long-term business continuity.
In an increasingly volatile digital world, cybersecurity is no longer a technical footnote — it’s a fundamental pillar of business resilience. For more assistance and information, check out the CGMA cybersecurity tool.
Andrew Harding, FCMA, CGMA, is chief executive–Management Accounting at the Association of International Certified Professional Accountants.
