The development will carry from the previous 12 months when greater than a 3rd of executives polled by Deloitte stated that cyberattacks focused their monetary and accounting knowledge.
The monetary knowledge saved by organizations is commonly essential and delicate, which is why such a data is often within the crosshairs of cybercriminals. The theft and leaking of such knowledge can simply harm enterprise dealings and different transactions, particularly for publicly-traded corporations. A report launched Wednesday by analysis heart Deloitte Center for Controllership reveals expectations of an increase in all these cybersecurity assaults.
For this report, Deloitte surveyed greater than 1,100 executives from the C-suite and different executives throughout a webcast on Oct. 26, 2022. The contributors have been requested about assaults focusing on the monetary and accounting knowledge of their organizations.
Jump to:
Financial and account knowledge particularly focused
Among these surveyed, 34% stated that their accounting and monetary data was particularly focused by cybercriminals over the previous 12 months. Within that group, 22% stated they have been hit by one such assault, whereas 12% stated they have been victimized by a couple of.
Looking forward, nearly half (49%) of the executives polled anticipate each the quantity and dimension of cyberattacks focusing on such a knowledge to extend within the coming 12 months. Some 22% stated they anticipate no change, whereas solely 3% stated they anticipate such assaults to lower.
Alignment between cybersecurity and finance teams
Since monetary and accounting knowledge is such a profitable and tempting goal for cybercriminals, a detailed relationship between a company’s cybersecurity group and its monetary group appears so as; nevertheless, simply 20% of the respondents stated that the 2 teams of their enterprise are working collectively intently and persistently. Some 42% stated the teams of their group are considerably aligned, working collectively as wanted however extra inconsistently, and 11% stated the 2 teams of their surroundings don’t work collectively in any respect.
Recognizing the significance of a more in-depth relationship between cybersecurity and finance, 39% of these surveyed stated that they anticipate a rise over the following 12 months in the way in which the 2 teams work collectively. Some 29% stated they anticipate no adjustments, whereas simply 3% stated they anticipate the connection between the 2 teams to lower.
“Accounting and financial data is the lifeblood of organizational operations — and often meant to be kept confidential outside of highly regulated public disclosures for publicly traded organizations,” Temano Shurland, a Deloitte threat and monetary advisory principal in finance transformation, stated in a press launch. “While there may not have been much need for accounting, finance and cyber teams to work closely in the past, recent years have shown that’s no longer the case. We strongly recommend that these teams try to ‘learn each other’s languages’ and tighten their working relationships across silos.”
The theft and compromise of economic and accounting knowledge can have a big influence on a company. When requested whether or not they have a course of to determine the monetary influence of the potential cyberattacks on such a knowledge, 25% of these polled stated they do, 17% stated they don’t at present however do plan to have one within the subsequent 12 months, and 20% stated they don’t have any plans to implement such a course of.
How to guard monetary knowledge towards assaults
To assist organizations with monetary and account knowledge higher defend this data from compromise, Daniel Soo, a Deloitte threat and monetary advisory principal in cyber and strategic threat, presents the next recommendation.
1. Understand the information
Organizations ought to begin off with a powerful understanding of their high-value finance or accounting knowledge.
2. Security groups must work with the enterprise
If the high-value monetary knowledge isn’t effectively understood or outlined, safety staffers ought to work with the suitable enterprise teams to assist with this course of. The secret is to grasp how the information helps enterprise operations to find out what’s and isn’t an appropriate use of the information.
3. Bake safety into the methods
Security ought to be designed into the monetary methods that maintain the information. To that finish, integrating the suitable safety and making use of the suitable controls calls for shut coordination between the safety group and different enterprise groups.
“This helps balance cyber risk management needs with business needs to execute day-to-day operations with minimal disruption,” Soo defined. “In fact, we’ve seen leading organizations also solicit end-user inputs on data security efforts to support organizational change management, while also leveraging security technology and processes to help automate, scale and secure data as efficiently and effectively as possible.”
Read subsequent: Security Awareness and Training Policy and Data governance guidelines in your group (TechRepublic Premium)