CGMA Survey: Finance Plays Critical Role in Mitigating Cyber Security Risks

Over 72% of Respondents Say their Finance Teams Have Become More Involved in Cyber Risk Mitigation Oversight

NEW YORK--()--CFOs and their finance teams are toughening policies on suppliers and increasing insurance coverage as they are asked take on a larger role in defending their companies from emerging cyber risks, according to a new survey of Chartered Global Management Accountant® (CGMA®) designation holders.

More than 95% of CGMAs surveyed said their companies are concerned with the threat of database breaches, distributed denial of service (DDoS) attacks, phishing scams and other cyber attacks. Nearly three quarters, 72%, said their companies have asked the finance function to take on more responsibility to mitigate these risks.

“With today’s businesses facing a heightened risk of cyber attacks, they are in need of strong risk identification and mitigation strategies driven by collaboration between business units across the company,” said Ash Noah, CPA, CGMA, Vice President of CGMA External Relations for the AICPA. “The finance function has a unique view into the complexities of the business as well as an in-depth understanding of the industry, markets and risk climate, yielding important insights for a company’s strategic direction. As the finance function continues to evolve to become more business-centric, it’s critical for finance executives from the CFO down to play a driving role in preparing for and addressing potential cyber risks for the long-term growth of the company.”

Additional findings from the survey include:

  • 30% of respondents said their business fell victim to a cyber attack in the past two years – an increase from 22% in 2014
  • Over 20% of respondents said cyber threats are worse than what has been reported in the media
  • Fear of the threat of cyber attacks is increasing, with about 68% of respondents saying their company is moderately or significantly concerned with the threat of cyber attacks, compared to 62% in 2014

As part of cyber risk mitigation tactics, respondents toughened their policies regarding third-party vendors to address potential vulnerabilities (31%) and secured or increased liability insurance in the event of business disruptions due to data breaches or cyber attack (23%), among other strategies.

As the cyber risk climate evolves, it is critical for all organizations to employ an effective risk oversight and mitigation program. Strategic steps organizations can take to protect their businesses include:

  1. Take an assessment of the efficacy of the organization’s current approach to cyber risk oversight in the light of emerging threats.
  2. Consider the extent to which critical risks may occur and not be detected by silo risk managers and implement greater cross-collaboration throughout the organization.
  3. Assess the extent to which cyber risk management is an important input to the strategic planning process and adjust risk management processes as needed.
  4. Implement a structured set of cyber risk identification, assessment and monitoring processes that requires focus and accountability at the board and senior management levels.

For more information on the Chartered Global Management Accountant® (CGMA®) designation please visit

About the Chartered Global Management Accountant (CGMA)

Two of the world’s most prestigious accounting bodies, AICPA and CIMA, have formed a joint-venture to establish the Chartered Global Management Accountant (CGMA) designation to elevate the profession of management accounting. The designation recognizes the most talented and committed management accountants with the discipline and skill to drive strong business performance. Currently, more than 150,000 management accountants worldwide hold the CGMA designation.

About the AICPA

The American Institute of CPAs (AICPA) is the world’s largest member association representing the accounting profession, with more than 412,000 members in 144 countries, and a history of serving the public interest since 1887. AICPA members represent many areas of practice, including business and industry, public practice, government, education and consulting.

The AICPA sets ethical standards for the profession and U.S. auditing standards for private companies, nonprofit organizations, federal, state and local governments. It develops and grades the Uniform CPA Examination, and offers specialty credentials for CPAs who concentrate on personal financial planning; forensic accounting; business valuation; and information management and technology assurance. Through a joint venture with the Chartered Institute of Management Accountants (CIMA), it has established the Chartered Global Management Accountant (CGMA) designation which sets a new standard for global recognition of management accounting.

The AICPA maintains offices in New York, Washington, DC, Durham, NC, and Ewing, NJ.

Media representatives are invited to visit the AICPA Press Center at


Colette Krahenbuhl, 202-434-9212

Release Summary

CFOs and their finance teams are toughening policies on suppliers and increasing insurance coverage as they are asked take on a larger role in defending their companies from cyber risks


Colette Krahenbuhl, 202-434-9212