A lot has been written here and elsewhere about the cybersecurity risks to law firms, but there is another, similarly situated profession that has not received as much attention. According to a report issued last week by ACCA USA, the U.S. arm of the Association of Chartered Certified Accountants, and Pace University, accountants must also be particularly vigilant in ensuring that "the sensitive personal and corporate financial information they handle is safe." Accountants need to be "at the forefront of cybersecurity," the ACCA USA report stated.
Like law firms, accounting professionals are at the "center of the threat" because they work with the data and the personal identifiable information that cybercriminals target. As part of the report, ACCA USA and Pace University surveyed a cross section of ACCA members (including practitioners, managers and senior executives) about cybersecurity. According to ACCA USA, key findings included:
Nearly 70% of respondents claimed to have a high or very high level of awareness of their company’s cyber risk management policies and procedures.
57% of respondents said that their IT systems are well-protected against cyberthreats.
32% of respondents had no knowledge of company policy on data encryption in transit or in storage.
Only 17% of respondents stated that attacks were routinely reported to senior executives.
Less than 50% of respondents indicated that reporting to law enforcement is likely to occur in the event of a successful attack. "This may indicate an unwillingness to ‘go public’ with news of a data breach that could adversely affect a company’s reputation or even stock price," the report stated.
42% of senior cybersecurity officials report to the CIO, 25% to the CEO, and 17% to the CFO.
The full report from ACCA USA and Pace University is available here.