57% rated cyber security as a top five business risk; yet 54% thought that their organisation had either not been subject to an attack or were not aware.
If cyber security is a significant risk, what role should the finance community play?
The cyber threat is one of the most talked about issues that businesses face today. Yet the level of awareness of the risk and the types of threats that organisations face is low. So what is the extent of awareness of the cyber threat amongst the finance community? And what are the cyber threats we’re facing?
It matters to finance
A successful cyber-attack has many implications for organisations, the majority of which have financial impacts. It is not just a question of a virus infecting an application. Attacks are more sophisticated as illustrated by the eight stage cycle shown here:
Graphic: Attacks are sophisticated and can follow the eight-stage cycle: Reconnaissance, scanning, access and escalate, exfiltration, sustainment, assault, obfuscation, post-exploitation and persistence.
A successful cyber-attack can result in fines from regulators, reputational loss leading to loss of revenue and the costs associated with remediation and recovery from the attack. Each of these can be quite significant. It is no longer just a technical IT issue.
How prepared are we?
It is important to have an appropriate and well tested recovery and resilience plan, yet for many organisations this might not be the case. Investment in being prepared is essential in the connected world.
Who do we trust?
Businesses are ever more connected in the way that they transact. This changes the way in which we see the cyber threat as it is not only the internal threat but the weakest point may be an organisation that we are connected to. Working with our supply chain to mitigate the risk is an essential part of business today. But are we aware of these vulnerabilities?
Explore the world of cyber risk and the actions that the finance community should undertake through the report.
"The need to constantly reappraise the threat level is paramount."
Key actions for CFOs and the finance team
• Recognise that cyber technology presents a business and operational risk with a financial implication
• Appreciate that cannot be solely left to the IT team
• Understand that the nature of cyber risk includes brand and reputational damage
• Ensure that there is appropriate governance and risk management in place
• Cyber risk is a key component of your integrated supply chain
• Keep abreast of the changes in the cyber threat