Here's how to manage your cyber risk

You must plan, prepare and respond.

As some cyberattacks will get through, cyber risk management must be as much about responding as about planning and preparing.

Plan

Good governance is essential. Executive buy-in, ideally an informed and involved CEO, is critical for a strong cyber security culture.

Compliance with external regulations and internal policies is important but requires monitoring and accountability.

Reconnaissance: Take a look at your business from the perspective of a potential attacker. Understand its weaknesses — including those in its supply chain and its digital ecosystem.

Invest in tools to increase visibility into all applications, data and devices and how they are connected.

Take out insurance.

Prepare

Appoint a head of cyber and data security with sufficient resources and budget.

Give cyber-awareness training to everyone and carry out regular tests like phishing or fake invoices.

Test proactively, simulating attacks to ensure readiness.

Ensure antivirus software is up to date and that trusted software patches or updates are installed promptly.

Have pre-scripted responses ready, including for customers, staff, suppliers and the media.

Back up files securely and regularly.

Be prepared for the inevitable: from time to time, cyberattacks will get through.

Respond

Monitor activity to enable the prompt detection of risk events.

Refine the ability to track, document and measure impact.

Focus on rapid response to cybersecurity incidents — preventing all incidents is impossible.

Respond to any data breach in a timely,
cost-effective manner to restore and maintain customers’ trust.

Develop a corporate mindset that is open about mistakes, keen to learn and quick to make changes.

Here’s why you need to seize the opportunity now.

Many businesses are badly prepared for tackling cyber risks, and most executives are struggling to keep workforce skills up to date. ^vi

There is a close match between the core attributes and skills of management accountants and those of cybersecurity professionals^vii
(who are in short supply):

Analysis: Investigative and challenge-focused, enjoys scenario planning and ‘what if’ analysis

Problem-solving: Analytical, methodical and detail oriented - familiarity required with cybersecurity risk management, including some coding

Learning: Constantly looking to improve understanding - needs to be familiar with new technologies and security solutions

Stewardship: Protective, ethical, reliable and familiar with regulations, policies and best practice
Collaboration: Committed to learning, sharing, coaching and working with others to help understand and solve problems.

Learn more:

SOC Suite of Services

AICPA Cybersecurity Resource Center

Management accountants aren’t expected to develop all the specialist expertise needed to become cybersecurity professionals. IT professionals have the skills to deliver IT solutions. But management accountants are better positioned to articulate the business’ needs and build the investment case. They also help to ensure that an implantation project is managed properly and the potential benefits
are achieved.This close match between management accountants and IT professionals' skill sets enables them to play an important role in ensuring businesses address cyber risks. Through working closely with the AICPA, CIMA is well-positioned to help our members prepare for the digital age. That gives you the opportunity to learn more about digital technologies.

Podcast ►

"Cybersecurity and Promoting Risk Awareness"
with Tim O'Hara of PRICCHAA INC

Do you feel enthusiastic about
the idea of working with IT
to tackle cybercrime?

Very enthusiastic
Quite enthusiastic
Not enthusiastic at all
Don’t know