More than a third of orgs had accounting-related cyber incidents

Accounting and financial data is increasingly in the crosshairs of cyber criminals.

A recent poll of C-suite and other executives from Big Four firm Deloitte showed evidence of this. It found that 34.5% of organizations have experienced at least one "cyber event" targeting accounting and financial data over the past year. Of these, 12.5% have experienced more than one. Executives don't expect this to ease up anytime soon either, as almost half — 48.8% — expect that the number of cyber incidents will increase over the next year.

Finance leaders, however, are not simply wringing their hands nervously as they await the inevitable. While 53.8% admitted that their cybersecurity and accounting functions were either somewhat aligned or not aligned at all, many plan to change that. The poll found that 39.5% expect these two functions will be working more closely together than before over the next year. In contrast, only 3% expected close cooperation to decrease. Further, while 37% have no processes in place to quantify the financial impact of cyber incidents, 17.1% of those executives say they plan to have one soon. However, it should be noted that over a third of responding executives, 37.5%, said they were unsure whether or not there was even such a process at their organizations.

"As cyber incidents increase in frequency, size and complexity, adversaries target nearly any data obtainable and by leveraging system vulnerabilities," said Daniel Soo, a risk and financial advisory principal in cyber and strategic risk at Deloitte, in a statement. "Implementing financial security operations — something you could call 'FinSecOps' — means protecting financial data. Asking finance, accounting and security functions to team closely to manage FinSecOps is one preventative step we're seeing leading organizations take, so that they are agile enough to mitigate threats to financial data and to help enable business growth."

The poll drew from a sample of over 1,100 C-suite and other executives polled during a recent Deloitte Center for Controllership webcast on "Cyber's growing role within the finance organization to enable transformation," on Oct. 26, 2022. Answer rates varied by question.

An (on)going concern

The poll is similar to other data warnings about the growing cyber threat to accounting and finance professionals. The American Institute of CPAs noted, for instance, that reported data breaches of CPA firms have increased over 80% since 2014, and, since 2018, the portion of breaches that include ransomware or extortion has risen to over 40%.

Part of this is due to the growing sophistication of cyber criminals. Recent research has found that criminal organizations are increasingly mimicking corporate structures to launch more powerful attacks. Furthermore, recent developments in artificial intelligence may be further bolstering their ability to rapidly produce novel malware. Malware attacks may not only increase but intensify over the years due to these changes.

Accounting firms are tempting targets for cyber criminals because of the vast amount of financial data they keep for their clients. However they are but one part of an overall rising threat of cybersecurity incidents for businesses in general. Recent research has found, for instance, that ransomware attacks actually doubled between 2020 and 2021.

Fortunately, cybersecurity professions are well aware of these issues and have already been moving to counter them, often with the same type of software toolsused by the opposition, representing a new phase in the ongoing arms race between them and the cybercriminals they seek to thwart.