Integrating Cybersecurity with Business Strategy
A common problem faced by a growing number of organizations is how to seamlessly integrate cybersecurity into their overall business strategy. As industry and commerce prepare for the next level of cyber-attacks, businesses are increasingly looking to finance professionals for help in developing risk-mitigating cybersecurity strategies that align with the organization’s mission and vision.
Identifying cyber-vulnerabilities starts with getting to know your intangibles
How well do you know your intangibles? This on the face of it seems like a strange question to be putting to an accountant, but it is a very real issue. Intangibles in the accounting world have been grouped as a separate asset class, a kind of catch all for anything that meets the asset definition (a resource that a company controls, and which is expected to produce a future economic benefit), but is not physical in nature. Traditionally, accounting practices only record what things cost, or the resale value if possible. But, based on the difference between reported book and stock values, intangible assets now make up between 60 to 80 per cent of global corporate worth.
The lack of clear definition in identifying the business’s intangible strategic assets, and more importantly the difficulty in assigning an appropriate monetary value to the intangibles, such as intellectual property, internal software upgrades, staff and managerial expertise, customer data insights to name a few, has left organizations exposed to cyber threats, if you haven’t identified the intangible as a strategic asset, then why would you spend resources protecting it. Every business will have its own nuanced set of strategic intangibles. It is predominately these intangibles that a cyber security investment will be safeguarding. Not identifying your intangibles, or not knowing the real value of the intangibles to an organization makes it less likely that an appropriate cyber security defense strategy will be put in place to protect these intangibles. So, get to know all your intangibles!
The second fundamental challenge deals with the ambiguous complexity of cyber threats and understanding the nuances of the different types of current cyber threats posed to their strategic intangible assets. Threats come in all forms and sizes, and not being cognizant on what the current threat landscape looks like in their own industry sector is extremely risky. The goal should not be to create a strategy to overcome a security crisis, although in too many instances it requires a breach for a company to initiate an action. Rather, the goal should be to have a cohesive integrated cyber strategy that protects against current threats and has the flexibility to adapt to future threats.
Understand the underlying prevalent cyber threats that reside in your industry.
Accountants play a role in cybersecurity
Accounting and finance professionals are uniquely placed to help a business develop an appropriate cybersecurity strategy. Finance teams, with their knowledge of an organization’s intangible strategic assets, and expertise in implementing risk management strategies, are well-equipped to identify cyber vulnerabilities, and accountants can be pivotal in closing any security gaps by exploring, evaluating and implementing better tailored security solutions.
There is most definitely not a one-size-fits-all solution when it comes to cybersecurity. In fact, it is very unlikely you find any two large enterprise organizations having similar solutions. Even strategic business units within the same organization often have very different security programs. By thoroughly knowing your intangibles and being versed on the ambiguous complexity of the cyber threats, coupled with knowledge of risk management techniques, accountants can take a leadership role in delivering effective and efficient cyber security strategies. The cyber security strategy within an organization ultimately becomes a competitive advantage to that organization in its own right.
Understanding total economic impact of cybersecurity
Forrester Research recently published a study identifying the challenges of choosing an email encryption solution for enterprise-level organizations – where, without the right support and processes, running an encryption platform became an onerous activity.
The study, entitled “The Total Economic Impact of Echoworx OneWorld Encryption,” is written in a style and language that will be familiar to finance professionals. Both quantified and unquantified benefits of the solution are identified, and the analysis is presented in the form of a post audit investment appraisal using techniques like ROI, NPV and payback.
I recommend CPAs read this report because it demonstrates the holistic view that needs to be considered when undertaking a strategic cybersecurity investment.
By Jag Heer CPA, ACMA, CGMA
Finance Director, Echoworx Corporation