Cybersecurity for Accountants: Evaluating and Managing Cyber Risk

In the ever-changing digital world, accountants are playing a larger part in managing cybersecurity risks.

Accountants aren't just number crunchers, they're strategic advisors. They hold a comprehensive view of an organization's financial health, making them uniquely positioned to serve an important role in identifying and assessing cyber risk.

As cybersecurity risk grows more significant, its impact on strategy becomes increasingly noticeable, and the importance of accountants understanding cyber risk becomes more critical. Understanding these risks is essential to protecting an organization's assets, maintaining its reputation, and ensuring its long-term viability.

The Accountant's Role in Identifying and Assessing Cyber Risk

Accountants provide value by understanding potential cyber threats and supporting the assessment of the risk cyber threats pose to an organization.

A chief information security officer (CISO)—or someone serving in the equivalent role—may lead the exercise of identifying threats relevant to an organization. A cyber risk assessment usually involves assessing the likelihood and impact of negative events caused by threats.

Accountants with understanding of various cyber threats, such as phishing attacks, ransomware, and insider threats, and how they impact an organization are better prepared to measure threats’ impacts in financial terms. Including the financial impact of threats in risk assessments can be critical to making informed decisions about how to respond to risk.

Recent high-profile cases, like the January 2023 ransomware attack on Yum! brands, demonstrate the financial devastation they can cause. The company was attacked by a ransomware group called Lockbit 2.0, and nearly 300 restaurants were closed down for a day. Measuring the cost of those events will start with the accounting team.

As an accountant, understanding the potential cost of such attacks—from ransom payments to system downtime to reputational damage—is crucial in assessing the overall cyber risk.

Cyber Risk Management: A Strategic Approach

Once risks are identified and their potential impacts are assessed, accountants can play a crucial role in advising on risk management strategies.

Appropriate responses to threats may involve budget proposals for investment in certain cybersecurity technologies, recommending insurance coverage, or advocating for the enhancement and testing of internal control activities.

The appropriate response may differ for each organization. An accountants’ advisory role in recommending appropriate responses to risk requires understanding the risk tolerance of the organization and how the organization’s strategy could be impacted by cyber events. Accountants can assist in classifying risk scenarios for proper treatment, such as choosing between mitigation, transferal, avoidance, and acceptance.

Knowing which strategy to choose requires a deep understanding of the organization's financial standing and strategic goals.

Additional Roles of Accountants Relating to Cyber Risk

There are additional roles that accountants may also serve in responding to cyber risk. Auditors can test control activities for design and effectiveness. Many accountants have this experience from performing audits for SOC reports.

Should a breach occur, accountants may be instrumental in estimating the financial impact of a breach and assist in decision-making regarding public disclosure and other response activities.

Accountants may have extensive training on regulatory compliance requirements related to cybersecurity and privacy, such as GDPR, SOX, and PCI DSS. They play a key role in ensuring an organization is compliant and can advise on the financial implications of non-compliance.

The Importance of Continuous Learning

The world of cybersecurity is ever-evolving. To stay effective in managing cyber risk, accountants must commit to continuous learning by embracing a growth mindset.

Continuous learning could involve pursuing additional training or certifications, attending industry conferences, or keeping abreast of the latest cyber threats and trends.

Conclusion

In the digital age, accountants have a critical role to play in cybersecurity risk management. From identifying and assessing risks to advising on risk management strategies, accountants are pivotal in protecting an organization's assets and ensuring its long-term success.

As this responsibility continues to grow, accountants must embrace this new facet of their role and commit to continuous learning in the realm of cybersecurity.