Story image

Businesses remain unprepared despite cybersecurity risk 

A new survey has revealed that while more than 50% of financial professionals rank cyber security as a high or very high risk to their organisation, two-thirds say their organisation does not have an absolute, up-to-date remediation plan in place that is regularly updated and tested.

The survey, released by Chartered Accountants Australia and New Zealand (CA ANZ) in conjunction with Macquarie University and Optus, found cyber security is not managed as a business risk and is too often left to IT specialists alone to handle.

Geraldine Magarey, CA ANZ thought leadership & research leader, says one third of survey respondents did not know whether their organisation has been the subject of a cyber attack.

"Businesses and finance professionals need to recognise that cyber risk is one that is very relevant to them," she says. "Assessing cyber risk requires financial awareness to gauge the potential consequences of a breach, which can be measured in reputational damage, fines and the impact on shareholder and company value.

"The quantification of cyber risk is not easy, but this is an area where financial professionals must take the lead given cyber attacks are a constant and success almost a given," Magarey explains.

The survey also found that financial services sector respondents rated their cyber risk as greater than other industry groups, with 68% placing the risk as very high or high. It also found 41% said that they had governance policies but that they could be improved.

The survey showed CFOs were responsible for the strategic direction of cyber security in only 8% of organisations, while 83% of respondents have no cyber insurance in place.

"Cyber crime is one of the biggest risks to businesses to date with estimated costs to reach $6 trillion globally by 2021," Magarey adds.