Northern Society of Chartered Accountants

Companies should recognise cyber security as a critical business risk 12 December 2015

ICAEW launched their latest cyber security report at a special event jointly hosted by Northern Society of Chartered Accountants and the ICAEW IT Faculty.

Audit Insights: Cyber Security focuses on the importance of closing the gap between cyber security strategy and business operations based on the observations and expertise of auditors from across industry.

ICAEW Cyber Security launch event panel members Mark Brown, David Arthur, Chi Onwurah MP, Martin Wilson and Phil Butler

Cyber Security update – keeping one step ahead

The Newcastle launch event at Newcastle University Business School featured a panel discussion chaired by David Arthur, Northern Society Deputy President which was then followed by a question and answer session.

The North East boasts vibrant software, tech and creative industries

Opening comments were provided by Chi Onwurah MP (Lab, Newcastle upon Tyne Central and Shadow Minister for Digital Industries) who said: “The North East boasts vibrant software, tech and creative industries and, as such, we should be leaders in cyber security, but so much more must be done to protect ourselves.”

The panel discussion featured:
•    Mark Brown (EY) who summarised the new Audit Insight findings and gave advice for attendees that flowed from it;
•    Phil Butler (Newcastle University) provided thoughts on how to spot and avoid fraud, particularly from the viewpoint of victims;
•    Martin Wilson (Northumbria Police) discussed how police deal with cyber-crime and how attendees could best interact with police if they become a victim; and
•    David Arthur (Deputy President, Northern Society) discussed steps that businesses could take to protect themselves from cyber-attacks.

Northern Society worked closely with the ICAEW IT Faculty to arrange the event which was well attended by local ICAEW members, businesses and other interested stakeholders.

You can download a copy of the Audit Insights: Cyber Security report at: icaew.com/auditinsights and more information can be found at icaew.com/cyber

Companies not recognising cyber security business risk

Companies are not recognising cyber security as a business risk is the key message from the new report from ICAEW.

The report highlights two main concerns identified by auditors:
•    a disjoined approach to IT and business risk; and
•    a lack of clear accountability at board level for cyber security.

The report also emphasises the importance, and difficulty, of gaining supply chain assurance.

Auditors recommend significantly improving communication between IT specialists, management, board members and throughout the organisation. A key element of this is the role of the chief information security officer (CISO), who should translate the technical language into a more business-orientated one.

Fast growing technology sector in northern England

we see major growth in cyber-security as businesses act to protect their data and transform their approach to the increasing threat

David Arthur, Deputy President said: “The technology sector is one of the fastest growing and most exciting group of businesses in our region, but as the industry grows, so does the cyber-threat.
 
“Recent surveys show evidence of high-profile breaches with continuing government concerns. As such, we see major growth in cyber-security as businesses act to protect their data and transform their approach to the increasing threat.
 
“We are working closely with firms to not only help them minimise the risk of cybercrime, but also coach them in exactly what to do should they fall victim to it.”

Cyber security risk critical to the entire business

Report luanched at Northern Society of Chartered Accountants and ICAEW IT Faculty event in Newcastle

Richard Anning, Head of IT Faculty at ICAEW said: ‘Auditors, after reviewing their clients approach to cyber security, believe that we can no longer brush it aside and treat it as a problem related to the IT function only. It is an issue that is critical to the operation, strategy and reputation of the entire business and that is how it should be treated.

There have been many cyber security breaches in 2015 that have exposed weaknesses in IT systems and security practices. Recent high profile examples where customer details have been stolen include Ashley Madison and TalkTalk.

‘Organisations need to define clear lines of responsibility and accountability as well as draw up response plans. Management and board members must communicate with IT professionals so they better understand the potential threats. This would enable them spot risks and raise issues early, before they lead to destructive consequences. They also need to be ready to respond if a major breach occurs.’

is an issue that is critical to the operation, strategy and reputation of the entire business and that is how it should be treated

As more and more companies move their operations to the virtual world (e.g. banks closing their branches and focusing on online banking) it is increasingly vital for organisations to remain vigilant on emerging threats. The report notes that business can see security as a compliance exercise and become complacent on reviewing and improving measures.

Richard said: ‘As annual reports are increasingly focussing on non-financial information, boards are starting to ask auditors to review their cyber-security strategies and practices. This can give companies extra credibility, increasing investors’ confidence about the business. Most operations are now computerised, so it is no surprise shareholders want to ensure organisations can respond to emerging risks.

‘The key to success is understanding that in a digital world, cyber security is business security.’

Audit Insights: Cyber Security report was published on Friday 4 December, and examines the approaches companies and boards should take to ensure systems are secure, and to manage the impact of breaches.

Download the latest report

In this latest Audit Insights: Cyber Security report, we examine the approaches companies and boards should take to ensure systems are secure, and to manage the impact of breaches. In our report we assess how companies are trying to tackle the problem and make recommendations for preventing future security breaches while also highlighting areas where opportunities for positive change exist.

You can download a copy of the Audit Insights: Cyber Security report at: icaew.com/auditinsights and more information can be found at icaew.com/cyber

About ICAEW and Northern Society of Chartered Accountants

ICAEW is a world leading professional membership organisation that promotes, develops and supports over 144,000 chartered accountants worldwide. We provide qualifications and professional development, share our knowledge, insight and technical expertise, and protect the quality and integrity of the accountancy and finance profession.  As leaders in accountancy, finance and business our members have the knowledge, skills and commitment to maintain the highest professional standards and integrity. Together we contribute to the success of individuals, organisations, communities and economies around the world.

Because of us, people can do business with confidence.

The Northern Society of Chartered Accountants (NorSCA) represents 4,000 ICAEW members and ACA students working in business and the finance profession across the North East of England, Teesside, Northern Yorkshire and Cumbria. We have been assisting businesses in the north of England and producing chartered accountants for over 130 years.