December 09 ,2015 | by Erin O’Neill

Cyber security is critical business risk, says ICAEW

Cyber security is critical business risk

According to research from The Institute of Chartered Accountants in England and Wales (ICAEW), company auditors are reporting that companies still do not recognise cyber security as a risk to their business.

The ICAEW report 'Audit Insights: Cyber Security' uses observations and the expertise of auditors from across the spectrum of industry to highlight the need to close the gap between business operations and cyber security strategy.

Two main concerns

The ICAEW's research identified two main concerns that were raised by auditors who took part in the study.

These factors were a perceived lack of clear board level accountability for cyber security along with a disjointed approach to IT and business risk. Other concerns included the importance of supply chain assurance and the difficulties in attaining it.

Extra credibility

Head of IT faculty at ICAEW Richard Anning commented: "Auditors, after reviewing their clients’ approach to cyber security, believe that we can no longer brush it aside and treat it as a problem related to the IT function only."

"As annual reports are increasingly focusing on non-financial information, boards are starting to ask auditors to review their cyber-security strategies and practices. This can give companies extra credibility, increasing investors’ confidence about the business," Anning explained.

The report makes the point that security can be seen as a compliance exercise by businesses, and this leads to complacency when measures need to be reviewed and improved.

Recommendations include improving lines of communication between IT workers, management and board members by enhancing the role of the chief information security officer (CISO). 

Erin O’Neill

Erin O’Neill is an LSBF News Writer who reports on small business, careers, technology and education news.

Share on Facebook Share on LinkedIn
There are no comments posted yet. Be the first one!
Please write your comment, minimum length 50 characters
Please insert your name
Please insert a correct email address
We couldn't process your comment, please try again later