Cybersecurity: The future of regulation


One of the most common concerns for Chief Executives and Chief Financial Officers is cybersecurity. While this concern has been growing for a number of years, the proliferation of big data has exacerbated the issue to the point where it now ranks among the major issues for many business leaders.

ACCA (the Association of Chartered Certified Accountants) has published a new report – Constant Forward Motion: The evolving phenomenon of cybersecurity regulation and the race to keep up. The report examines the growing issue of cybersecurity and in particular the problems authorities and business are facing.

Arguably the biggest problem when looking at ways to improve cybersecurity is the pace of technological change. Technology is evolving at such a rate that hard laws would be out of date before it is signed into law, and as a result soft laws, such as codes of practices and industry standards would be far more effective. With authorities spending their recourses on much needed awareness raising.

Big data has had a huge effective on cybersecurity. The sheer volume of data now available to businesses – particular customer data – could be of great value to criminals. For example, data is collected and used by financial institutions to predict purchasing and even money transfer patterns. This data could be used to steal funds without raising the suspicions of a bank because they could fit in with the expected pattern.

A further threat to cybersecurity is the supply chain. The improvements in technology and the globalisation of business have led to ever increasingly complex supply chains. This in turn has increased the potential for breaches of cybersecurity, especially among supply chains that contain a large number of smaller businesses. Criminals will look to target the weakest link in a supply chain, and due to resources this is likely to be the smaller businesses. Once access to the supply chain has been gained, they could potentially have access to data from all companies within the chain.

The larger businesses have a major role to place in protecting the supply chain. They have the resources to assist the smaller companies to improve their cybersecurity. It is to the benefit of every organisation within a supply chain that data at all points is protected.

As well as being a business’ biggest asset, employees are also the biggest liability. Every data breach will have employee involvement at some point – whether deliberate or not. It may be the case that employees do not realise the role they have to play in keeping data secure. Increased awareness could potentially save the organisation a great deal of time, money and reputation.

Data breaches are becoming increasingly damaging to a business’s reputation. High profile incidents have led to widespread adverse media coverage, and can often result in significant loss of existing and future business. Customers are becoming increasingly aware of the value of their own data and will be less likely to do business with a company that has suffered because of insufficient cybersecurity.

A driving force for raising awareness of cybersecurity particularly at senior level is the ability to insure a business against a data breach. Cybercrime risk insurance is a growing field, but it is not without its problems. Underwriters do not have the experience or body of evidence to set premium levels and while take up is relatively low there will inevitably be a higher loading of premiums. The very fact that insurance exists will demonstrate to senior managers, particularly finance managers, that there is a cost incentive to investing in cybersecurity.

Cybersecurity is an issue that will remain high on the agenda for senior managers in the years to come. ACCA firmly believes that self-interest rather than regulation will be the key driving force for businesses improving their own cybersecurity and those they do business with.

Constant Forward Motion: The evolving phenomenon of cybersecurity regulation and the race to keep up can be downloaded at: