PracticeAuditBoard must set cyber security agenda – ICAEW

Board must set cyber security agenda - ICAEW

If businesses do not take cyber security seriously in their business planning regulators may do it for them, the ICAEW has warned

Board must set cyber security agenda – ICAEW

IF BUSINESSES fail to take cyber security seriously in their business planning, regulators may do it for them the ICAEW has warned.

Richard Anning, head of ICAEW’s IT Faculty, said boards must grasp the nettle and deal with it as a priority: “Despite years of warnings, many still regard cyber security as an optional extra. This is why we are increasingly seeing more data breaches that harm consumers and businesses alike. Cyber security is integral to digital business.”

In ICAEWs latest report Audit Insights: Cyber Security, high profile data breaches and the slow pace of cyber security progress means unless boards take control of the agenda themselves, governments may decide to legislate.

Anning, continued: “Unless boards take control of these issues, it is only a matter of time before governments start to bring in tough new laws – this has already begun with the introduction of General Data Protection Regulation (GDPR). The boards can start by using cyber-by-design principles, so cyber security is seen as a precondition for trading at all.”

Audit Insights: Cyber Security is based on input from auditors from the top six audit firms. This fourth report focuses on why change here seems so difficult and highlights how organisations can get on top of their cyber risks.

Dynamic threats

The report focuses on themes such as seeing cyber risks as real and dynamic, as they are changing constantly as technology develops. It also focuses on taking behavioural change seriously as training needed to support cyber processes are not embedded. Businesses should link the cyber risks with their business objectives and have consequences if it is not complied with. Finally, that most organisations have a digital infrastructure but do not see cyber security as a precondition for operating.

Anning, concluded: “Cyber threats are constantly evolving and changing alongside technology, and it is unrealistic to expect businesses to be able to respond to each and every threat. But this is why it is absolutely vital to consider risks regularly as part of the board governance process.”

The full report can be downloaded from icaew.com/cyber

Related Articles

Record fine for Deloitte and audit partner over Aero misconduct

Accounting Standards Record fine for Deloitte and audit partner over Aero misconduct

11m Stephanie Wix, Writer
Eight landmarks in the history of accountancy

Accounting Standards Eight landmarks in the history of accountancy

1y Acccountancy Age
ICAEW targets state of audit in consultation paper

Accounting Standards ICAEW targets state of audit in consultation paper

1y Fraser Simpson, Reporter
ICAEW granted local audit regulatory powers

Accounting Standards ICAEW granted local audit regulatory powers

2y Richard Crump, Writer
EY welcomes ‘10 plus 10 regime' as BIS publishes EU ADR consultation

Audit EY welcomes ‘10 plus 10 regime' as BIS publishes EU ADR consultation

2y Chris Warmoll, Writer
Implementation of non-financial reporting should build on existing UK regime, says ICAEW

Audit Implementation of non-financial reporting should build on existing UK regime, says ICAEW

1y Calum Fuller, Reporter
Izza 'disappointed' by government decision to raise audit exemption threshold

Accounting Standards Izza 'disappointed' by government decision to raise audit exemption threshold

2y Calum Fuller, Reporter
MP queries possible conflict of interest over ex PwC partner watchdog role

Accounting Firms MP queries possible conflict of interest over ex PwC partner watchdog role

2y Chris Warmoll, Writer