Northern Society of Chartered Accountants

Audit Insights – taking control of the cyber agenda 17 October 2016

Cyber security is well-established on board agendas today. However, the fact that so many businesses are still suffering major data breaches shows that organisations are struggling to turn awareness and concern into effective action.

This slow pace of change is increasingly frustrating governments and regulators and so the ICAEW 2016 Audit Insights: Cyber Security report urges business to show more urgency and take control of their cyber agenda before regulators do it for them.

Key summary

The fourth Audit Insights: Cyber Security report in the series focuses on why change in this area seems to be so difficult, and highlights how organisations can get on top of their cyber risks more effectively.

It builds on three themes:

Seeing cyber risks as real and dynamic – cyber risks are constantly changing as technology develops, businesses transform and attackers find new ways of striking. Boards need to recognise this pace of change in cyber risks. They also need to make them real and specific, rather than just entering ‘cyber risk’ on a risk register.

Taking behavioural change seriously – despite years of cyber security training and awareness campaigns, it is proving difficult to embed the behavioural changes needed to support effective cyber processes. Our report argues that businesses need to link cyber risks more clearly with business objectives and operations, and attach more significant consequences where staff fail to comply with policies, in order to make change stick.

Recognising cyber security as a precondition for operating – although a digital infrastructure underpins many business activities, most organisations only consider cyber risks as a bolt-on activity. Our report argues that adopting an approach of cyber-by design is critical to changing this way of thinking. By designing everything with security in mind, good practices simply become part of the job.

New report published October 2016

The report suggests a variety of approaches that can help boards take more control of the cyber agenda. It also provides some key questions for boards to ask themselves and their cyber security specialists.

• What do you know about specific threats to your business, including the actors and their possible methods?
• How can your critical data actually be accessed, and by whom?
• What employee behaviour is unacceptable because of cyber risks?
• Do you see yourselves as role models for good cyber behaviour?
• Are new products and services designed with cyber risks in mind?

Download the latest report

You can download a copy of the Audit Insights: Cyber Security report at: icaew.com/auditinsights and more information can be found at icaew.com/cyber

About ICAEW and Northern Society of Chartered Accountants

ICAEW is a world leading professional membership organisation that promotes, develops and supports over 144,000 chartered accountants worldwide. We provide qualifications and professional development, share our knowledge, insight and technical expertise, and protect the quality and integrity of the accountancy and finance profession.  As leaders in accountancy, finance and business our members have the knowledge, skills and commitment to maintain the highest professional standards and integrity. Together we contribute to the success of individuals, organisations, communities and economies around the world.

Because of us, people can do business with confidence.

The Northern Society of Chartered Accountants (NorSCA) represents 4,000 ICAEW members and ACA students working in business and the finance profession across the North East of England, Teesside, Northern Yorkshire and Cumbria. We have been assisting businesses in the north of England and producing chartered accountants for over 130 years.