Cyber crime is one of the biggest risks to businesses to date and globally its estimated costs will reach $6trillion by 2021 according to a new report by the Association of Chartered Certified Accountants) (ACCA).

The association has teamed up with Chartered Accountants Australia and New Zealand, Macquarie University and Optus to launch the report Cyber and the CFO. The global survey, which features views from 1500 ACCA and CA ANZ members, finds cyber security is not managed as a risk to businesses and is too often left to IT specialists to handle.

Highlights from the report show:

  • Almost 60 percent of CFOs and finance leaders rank cyber security as the most important or top five business risk
  • However, a third of respondents did not know whether their organisations had been the subject of a cyber attack. Few survey responses showed a recovery plan that included much beyond the hardware.
  • Over 20 percent of finance professionals admitted they had no involvement whatsoever in cyber security within their company.
  • And 10 percent of respondents did not know who in the business was responsible day-to-day for cyber security.
  • Larger businesses placed a higher priority on cyber risks (8 percent), but small business were marginally (5 percent) less concerned or aware of such security risks.

Cyber-risk is becoming ever more complex with the integrated nature of supply chains.  Only 19% of survey respondents said they regularly audited their supply chains.

ACCA’s head of business management, Clive Webb, said “The increasing use of technology within businesses to create commercial advantage comes at a price and that price is cyber risk.”

“The finance community cannot stand by and leave cyber security to others in the business to manage. It is very complex, but it is essential for finance leaders to familiarise themselves with the issue. The report highlights the changing nature of the cyber threat. It establishes the financial and operational risks that arise and in that regard the finance community needs to keep abreast of the evolving nature of the threat and ensure that it is managed appropriately.”

Stuart Mort, Optus Business CTO Cyber & ICT Customer Solutions, said “As enterprises are more reliant than ever on digital solutions for their business, any breach could result in a significant impact to not only reputation, but also brand value and ultimately the company’s value. Boards and the c-suite must take ownership of cyber risks and address appropriately.”

Executive Director of the Optus Macquarie University Cyber Security Hub, associate professor Christophe Doche, said “New cyber threats and technical vulnerabilities are emerging at a very fast rate; however targeting employees is still a very effective way for cyber criminals to attack an organisation. Given the rapidly evolving and pervasive nature of cyber threats, an important component of managing cyber risk is to prepare for what seems inevitable. Indeed, organisations should make sure that a well developed and tested incident response plan is in place to build cyber resilience and ensure business continuity in case of a cyber breach.”