ACCA USA and Pace University Report: Cybersecurity a Major Challenge in Financial and Accounting Industries

NEW YORK--()--Amid ever-increasing reports of cybersecurity breaches across the globe, ACCA USA, the U.S. arm of the Association of Chartered Certified Accountants, and Pace University unveiled a report revealing that top-level managers in the industry are quickly adapting to address cybercrime threats.

“Cyberwarriors with Calculators” was issued at the third annual cybercrime summit, “Cybercrime in the World Today 2015: Emerging Threats,” which drew business and law enforcement professionals, academics, students, and members of the public to Pace University Thursday to discuss data breaches and risk management measures.

"I’d like to thank the Association of Chartered Certified Accountants for co-sponsoring this Symposium and working with us to raise the visibility of this very important issue," said Pace President Stephen J. Friedman. "We don’t discuss it enough – and the uncertainty and lack of confidence that secrecy engenders transforms the impact of crime into a form of terror. A lack of public discussion is highly unwise; it impedes our ability to protect ourselves and diminishes our confidence in our leaders."

The survey of ACCA professionals, including Chief Financial Officers, Managing Directors, Senior Vice Presidents and practicing accountants, found weak communication between line managers and senior managers about attacks and attempted attacks, and that the application of fundamental risk management cybersecurity practices should be applied more consistently throughout firms.

“For accountants, measures must be taken to ensure that the sensitive personal and corporate financial information they handle is safe: accountants need to be at the forefront of cybersecurity,” said the report’s author, Dr. Jonathan Hill, Interim Dean at Pace’s Seidenberg School of Computer Science and Information Systems. “This is particularly true today, as clients and consumers are more aware than ever of the cyber vulnerability of all businesses.”

ACCA members were asked about company policies and personal practices regarding cybersecurity, and how evidence of cyberattacks is communicated within firms. The findings highlight several weaknesses:

  • Nearly 50% indicated it was somewhat or very likely that consultants would be hired after a breach.
  • Nearly 70% said they had a high or very high level of awareness of their company’s cyber risk management policies and procedures.
  • 57% said their IT systems were well-protected against cyber threats.
  • 32% had no knowledge of company policy on data encryption in transit or in storage.
  • Auditors are more concerned about cybercrime today than a year ago (58% for auditors compared with 48% for accountants).
  • 27% of accountants felt their firms adhered to Control Objectives for Information and Related Technologies (COBIT 5) standards whereas 43% of auditors believed their firms followed the standards.

“This survey generated data that is reflective of a profession that is adapting to a serious external attack on its processes and systems,” said Warner Johnston, Head of ACCA USA. “The responses and needs of the main stakeholder groups – the financial profession, the IT profession and concerned government regulatory and law enforcement bodies – are evolving in response to progressing, ever more sophisticated threats.”

There were contradictions between the realities of day-to-day practice and the theory of cybersecurity best practices, the report noted, stressing “it is crucial that companies – and, especially, individual employees, begin to follow these practices.” Techniques may vary from country to country. The survey indicated slight, but not insignificant, differences in perception between practitioners in different regions, ones that centered around the perceived severity of the cybercrime threat and the security of the IT systems with which the practitioners work.

The event offered a clearer understanding of technologies, methods, and origins behind the growing threat to cybersecurity, and featured a panel moderated by Time Warner Cable New York 1 News Anchor Annika Pergament.

Dr. Hill was joined on the panel by Col. Timothy Lunderman, National Guard Bureau Advisor to the Commander of U.S. Cyber Command USCYBERCOM and National Guard Bureau Cyber Division Lead; Emily Mossburg, Principal, Cyber Risk Services – Resilient practice leader, Deloitte Advisory; and, Lt. Col (RET) David Halla, Director of Operations for the Electricity, Information Sharing and Analysis Center.

"There is no golden gem, and the more you get involved in cybertech you realize that it's not the technology that's going to save us," said Col. Lunderman. "It's people, processes, and technology."

Added Halla, "The bottom line is are we vulnerable? Yes, we are all vulnerable."

"It's not necessarily if you're going to be attacked or if you're going to have a cyber incident, it's when," said Mossburg, stressing the need for entities to conduct cyber simulations proactively to improve their practices. "It means having the details and processes and plans in place that talk about what's going to happen, who's going to be responsible."


Jeff Simmons, 917-673-0024


Jeff Simmons, 917-673-0024