Cybersecurity: Not just an IT issue

As the number of cyber-attacks increase, the need for financial professionals to get involved has never been greater.

The digitization of business has undeniably provided many benefits, including new opportunities, connectivity, collaboration and increased productivity. However, it comes at a price. With technology constantly changing and dependence on it increasing, susceptibility to hackers infiltrating our information systems is greater than it has ever been before. Cybersecurity is not an IT issue—it is an organization-wide issue, where business operations, finance and audit/governance play a crucial role in the protection of company and client information.

According to the Global State of Information Security survey 2016, there has been a 37 per cent increase in security breaches between 2014 and 2015, and a 56 per cent increase in intellectual theft. These staggering numbers contribute to both financial loss and reputation damage. One of the most significant recent examples is the 2014 JP Morgan Chase data breach, where 83 million accounts were exposed and its stock fell 0.2 per cent in after-hours trading.

And while small-business owners often believe that their companies are too insignificant to get the attention of hackers, they are not exempt from breaches. In fact, they are now being highly targeted because they are more vulnerable. Studies show that the average cost of an attack on a small company with less than 100 employees is 3.5 million (Source: Ponemon Institute 2014 Cost of Data Breach: Global Analysis).


The 17th Annual PwC Global CEO Survey states that 86 per cent of CEOs think technological advances will transform their business in the next five years. They believe having a sound cybersecurity plan will enable them to safely recognize the benefits of technological advances to increase innovation, collaboration, productivity, competitiveness and customer experience. To attain this goal, PwC’s Adriana Gliga-Belavic and Amalia Steiu suggest a number of questions that boards and CEOs should be asking:

  • What is the organization’s cyber risk profile and when was it last updated?
  • Is our cybersecurity program aligned with our business strategy? 
  • What are the leading industry practices for cybersecurity and how does the organization compare?
  • Do we know what assets are most valuable to the business? 
  • Do we know who our adversaries are and what would they target?
  • Who leads our incident and crisis management program? Is our program cross functional/inter-departmental?
  • Does management have a crisis management plan and when was the last time we rehearsed it?
(Source: PwC)

To learn more on how you can help protect your organization from cyber-attacks, attend the Conference on IT Audit, Governance and Security.