Jan 28, 2022
Cybersecurity is at the top of the agenda for most companies, but what role do accountants have to play? Donal Kerr and Dr Caroline McGroary explain how accountants can help.
There are daily reports in the media about large scale cyber-attacks and the devastating impact they can have on various stakeholders, from governments to individuals. Cybercrime has seen unprecedented growth in scale and sophistication, exacerbated by the business interruption caused by the COVID-19 pandemic. For this reason, it has become one of the most significant risks facing management and boards of every type of organisation, both large and small, public and private.
A new era of cybersecurity
However, despite widespread awareness of cybercrime and the need to be better protected, companies continue to suffer cyber-attacks. We are at the dawn of an era when risk assessment, security and data protection go hand-in-hand and have greater regulations placed on them. Cybersecurity is no longer solely an IT issue; it is fast becoming the responsibility of everyone in the organisation, with accountants playing a critical role.
To use a real-world analogy: offices are mandated to carry out fire drills and practice them with regularity so that staff know what to do in the event of an emergency. Fire drills are necessary for protecting individuals in a physical office, but what happens when the same organisation suffers a malware infection, or a ransomware event, or discovers that a contractor has accessed confidential customer and business records? Does everyone know what to do? Have they received the appropriate training? Are they aware that they may have mistakenly contributed to this cyber-attack? Can the company easily recover from this incident?
These are pertinent questions for all organisations to consider. Tony Hughes, Director of ANSEC IA Ltd, a cybersecurity consulting company specialising in advising firms on data protection and security, emphasises how important it is to be prepared. He recommends that “firms should take a holistic approach to cyber risk, build capacity for the long term and with the appropriate budget and plan. Then a cyber-attack will not be a black swan event that could paralyse an organisation. Rather, it can be contained and mitigated in a managed fashion with minimum cost and disruption to the organisation”.
What value can accountants add?
This brings us to the following question – if cybersecurity is the responsibility of everyone in the organisation, where can accountants add the most value? The answer is, of course, in risk management. After all, accountants have extensive experience assessing risk through long-established frameworks such as IFRS and GAAP. By utilising these skills, accountants can bring a unique perspective to the cybersecurity process.
Padraic O’Reilly, Co-Founder of CyberSaint Security, a leading platform developer of cyber risk automation, echoed the important role accountants now have to play in this space. He stated that “the modelling and evaluation of cyber risks is becoming a key focus in many organisations and accountants are at the forefront of this trend, particularly helping to advance automation in the assessment process”.
The future of cybersecurity
While cybersecurity is a complex issue, it requires the attention and commitment of everyone in the organisation. This shared responsibility model must be appropriately resourced through investment in appropriate IT solutions, cybersecurity audits, and regular staff training. As accountants, we also need to consider whether we have the proper skills to deliver quality cybersecurity assurance services to our clients and how we can attract the most appropriate personnel to our teams. However, where there are challenges, there are also opportunities, and we should see this as an opportunity to build cyber-resilience among our clients and our organisations. Therefore, we can act as essential stakeholders helping the cyber eco-system to evolve.
Donal Kerr, Co-Founder of 4Securitas and Dr Caroline McGroary, Chartered Accountant, are currently Fulbright Scholars at Boston College under the direction of Professor Kevin Powers, Founder and Director of the MS in Cybersecurity Policy & Governance Program and Dr Robert Mauro, Executive Director of the Irish Institute and founding Director of the Global Leadership Institute.
