Accountants are in an excellent position to provide guidance on the measures businesses should take to safeguard themselves. Cybersecurity extends beyond just technology and computers—it also encompasses people, information, systems, processes, and organizational culture.”
— John Berriman, PwC
Nearly every week, we hear of another major cybersecurity breach impacting companies worldwide. The frequency of these incidents is growing. According to a recent global survey by PwC, the number of attacks reported by midsize companies—those with revenues between £64.5 million ($100 million) and £645.6 million ($1 billion)—rose by 64% in 2014 compared to 2013.
These attacks are expensive. PwC reports that a single data breach costs U.S. businesses over $500,000 on average. John Berriman, chairman of PwC’s cybersecurity practice, notes that for large organizations, the average cost of a major breach starts at £1.46 million. However, this figure doesn’t account for the damage to an organization’s reputation and its relationships with stakeholders.
PwC research for the UK’s Department for Business, Innovation, and Skills also highlights that smaller businesses are equally vulnerable, with the cost of a serious breach in the UK ranging from £65,000 to £115,000.
Cybercriminals have a strong interest in targeting accountants and financial institutions. According to PwC, financial institutions are nearly 30% more likely to be attacked compared to other businesses.
‘This is due to their regular handling of high-value business data and sensitive financial information,’ explains Frank Morey, CEO of security firm Virtues Risk Management. ‘The industry has faced a series of targeted attacks, the most recent being the Morgan Stanley breach, which exposed the personal details of 900 high-net-worth clients online.
Russian security firm Kaspersky Lab reported the largest-ever coordinated cyber-attack on financial institutions earlier this year. A global gang of cybercriminals breached more than 100 banks and financial institutions in 30 countries, stealing £645.6 million ($1 billion) directly from the banks, rather than their clients.
Auditors and accountants, whether in practice or industry, need to recognize and address cybersecurity threats rather than assuming it’s solely the responsibility of the IT department or relying on company software to shield them from breaches.
‘Although platforms like SAP and Oracle include built-in cybersecurity features that help reduce the risk of data breaches, staying vigilant in your day-to-day work is still essential,’ advises Phil Sheridan, managing director of Robert Half UK.
Cyber Attacks
Matt White, senior manager in KPMG’s cybersecurity division, notes that many hacking and phishing attacks are triggered when an employee clicks on a link in a suspicious email.
Another common method for malware to infiltrate an organization is by opening malicious email attachments. “Word, Excel, and PDF documents can easily contain embedded harmful code that can later be exploited,” explains Greg Sim, CEO of security technology firm Glasswall Solutions.
Although cyber-attacks are becoming more advanced, the leading cause of security breaches continues to be inadequate security awareness among employees. For instance, weak password practices are a major issue. Medium, a password management company, reports that 90% of employee passwords are so predictable they can be compromised within six hours. Furthermore, 18% of employees admit to sharing their passwords with coworkers.
Many employees forward their work emails to their personal accounts. However, since personal email services lack the robust security measures of corporate email systems, hackers often target these personal accounts to access corporate data, which is more easily accessible to them.
Although no company is completely immune to cyber-attacks, there are many measures that can be taken to prevent them.
“Anything related to the storage or transfer of data—how it is protected and accessed, and how its access is controlled—plays a crucial role,” explains White. “Different countries have varying policies and laws regarding data usage, and many ‘internet-related services’ operate across multiple borders, making the situation quite complex,” he adds.
Consultants and accountants can play a key role in assisting their clients with cybersecurity.
“Accountants are uniquely positioned to advise firms on the necessary steps to protect themselves—cybersecurity involves not just technology but also people, information, systems, processes, and organizational culture,” adds Berriman.
PwC is working to increase awareness and help businesses prepare.
For instance, our Breach Aid event response service helps organizations prepare for and handle major incidents, including the legal and regulatory repercussions of a breach,” Berriman explains. “We also provide monitoring, analysis, and response services for threats affecting our clients’ networks and systems through our London-based cybersecurity labs.
Chartered accountants can also implement measures to safeguard themselves and their firms.
To be ready for various risks, accountants need to be familiar with their firm’s IT security policies, including those related to safe online practices and procedures for reporting and handling breaches,” Brown writes.
Accountants and auditors might also need further cyber awareness training. As with many issues, preventing problems is far better than addressing them after they occur.
You Can Count On Us!
Office 1106, Burlington Tower, Business Bay
09:00 AM – 06:00 PM
Monday – Saturday
Phone: (+971) 4 583 7001
Email: dubai.office@hmaa.ae