A global survey of more than 1,500 financial professionals conducted by Chartered Accountants Australia and New Zealand, the Association of Chartered Certified Accountants, Macquarie University and Optus found that cyber security is not managed as a business risk and is too often left to IT specialists alone to handle.
Financial professionals acknowledged the risk of a cyber attack, with 68 per cent placing the risk as a high or very high risk to their organisation, yet two-thirds said their organisation does not have an absolute, up-to-date remediation plan in place that is regularly updated and tested.
With cyber crime estimated to cost $6 trillion globally by 2021, 83 per cent of respondents said that they had no cyber insurance in place.
Only 8 per cent of CFOs indicated that they were responsible for the strategic direction of cyber security in their organisations.
“Businesses and finance professionals need to recognise that cyber risk is one that is very relevant to them,” said Geraldine Magarey, CA ANZ thought leadership and research leader.
“Assessing cyber risk requires financial awareness to gauge the potential consequences of a breach, which can be measured in reputational damage, fines and the impact on shareholder and company value.
“The quantification of cyber risk is not easy, but this is an area where financial professionals must take the lead given cyber attacks are a constant and success almost a given.”
Last year, new mandatory notifiable data breach (NDB) laws kicked in, requiring firms to provide notice to the Office of the Australian Information Commissioner (OAIC) and affected individuals of a data breach.
The General Data Protection Regulation (GDPR) also affects Australian firms that do business with organisations or people in Europe or European citizens.