As businesses continue to digitise their operations, the risks and costs associated with cyber threats have grown exponentially.
The average global cost of a data breach has increased 10% over the last year to $4.88 million, according to the IBM Security® and Ponenom Institute Cost of a Data Breach Report 2024.
The AICPA & CIMA Future of Finance Leadership Group has consistently identified digital transformation as a major challenge for the accounting profession, not just in terms of its impact on operations but also the heightened cyber risks that come with increased reliance on digital infrastructure.
Cyberattacks such as data breaches, ransomware, and phishing scams are increasingly targeting the finance function, where personal and financial data are handled daily. For management accountants, developing cybersecurity skills is no longer optional but a necessity to protect your organisation from malicious threats.
The CGMA® cybersecurity tool was created to guide you in minimising cyber risk and developing response and remediation strategies. Here are a few highlights from the cybersecurity tool, which you can access by registering for a free account.
The rising costs of cybersecurity incidents
Ransomware attacks account for a quarter of all breaches, with an average cost of $5.13 million (excluding the ransom payment itself), according to the CGMA cybersecurity tool. Cloud environments, where many finance functions store sensitive financial data, are especially vulnerable, with 82% of breaches occurring in the cloud.
The costs of investigating and responding to a breach, coupled with the long-term reputational damage, can cripple an organisation. The report points out that well-prepared organisations can mitigate these costs through incident response planning, DevSecOps (development, security, and operations), and the use of AI and automation. Companies with strong preemptive response strategies saved, on average, $1.49 million in breach costs, while those leveraging AI and automation saved up to $2.22 million.
Understanding the cybersecurity landscape
As a finance professional, it’s crucial to understand the most common cyber threats that could impact your organisation. These include:
- Malware. Malicious software that can steal credentials, lock access to systems, or cause general disruption. Botnets are an example of malware involving networks of compromised computers that work together to execute cyberattacks. Ransomware, another type of malware, has seen a significant uptick and involves locking organisations out of their systems until a ransom is paid.
- Phishing. Cybercriminals use fake emails or messages that appear to come from legitimate sources to trick individuals into providing sensitive information or installing malware on their devices.
- Malvertising. The use of legitimate online ads to distribute malware without user interaction, exploiting the trust users place in established advertising networks.
- Application attacks. Attacks like SQL injection, where attackers exploit vulnerabilities in software to gain unauthorised access to systems and data.
The role of finance professionals in cybersecurity
While the IT department traditionally handles cybersecurity, finance professionals play a crucial role in the overall cybersecurity strategy. Here’s how:
- Risk management. Understanding and managing cybersecurity risks should be part of your broader risk management framework. Work with IT to assess vulnerabilities in your organisation’s financial systems and data storage.
- Compliance and reporting. Stay informed about evolving cybersecurity regulations and ensure your organisation’s compliance. In many regions, there are strict data protection laws that require businesses to implement cybersecurity measures and report breaches.
- Incident response planning. Financial leaders need to understand the financial implications of a data breach. Collaborate with IT to ensure your company has a solid incident response plan in place and that all stakeholders know their roles in the event of a breach.
- Cybersecurity budgeting. Investing in cybersecurity tools and resources should be seen as a key part of your company’s financial strategy. Ensure that adequate budget is allocated to cybersecurity initiatives, including training, technology upgrades, and incident response capabilities.
Securing the future of finance
Cybersecurity has become a strategic priority for organisations across all sectors, and as a finance professional, you are in a unique position to drive the conversation within your company. As digital transformation continues to evolve, understanding and mitigating cybersecurity risks will be essential to safeguarding both financial data and organisational integrity.
By staying informed about the latest threats, collaborating with IT teams, and ensuring that cybersecurity is integrated into your company’s risk management framework, you can help build a more secure digital future. Cybersecurity isn’t just an IT concern — it's a business imperative.
Discover more response and remediation strategies by downloading the CGMA cybersecurity tool. And develop your risk management and digital strategy skills by achieving the CGMA designation, which will help prepare you for the future of finance.
