Management accountants can and should rise to the cyber-security challenge, according to Peter Simons, FCMA, CGMA, technical specialist, research and development, at the Association of International Certified Professional Accountants.
“Their roles put them in contact with every aspect of the business,” he says. “As members of a global profession, they also have a broad view of developments across the world and are well-placed to be aware of all the varied cyber-risks. These might include fraud, the theft or misuse of information on stakeholders, and even terrorism.”
He offers the following tips for finance directors, who are generally responsible for maintaining their firms’ risk registers:
- Evaluate the first- and third-party risks relating to IT both within the business and where it interacts with customers, suppliers, and others.
- Identify and assess the processes that could eventuate a first- or third-party risk.
- Prioritise the risks to be managed, giving reputational damage as much consideration as financial loss.
- Form a contingency plan, identifying both the action to be taken if a risk event occurs and whom to engage if the situation escalates.
- Ensure that measures and controls are in place and their performance is tracked. You should also monitor risk events affecting organisations in your industry and similar sectors.
- Review your company’s cyber-security insurance needs. Regular commercial polices won’t necessarily provide adequate cover.
A version of this article appeared in the April 2017 edition of Financial Management magazine.