The financial data stored by organizations is often critical and sensitive, which is why this type of information is frequently in the crosshairs of cybercriminals. The theft and leaking of such data can easily hurt business dealings and other transactions, especially for publicly-traded companies. A report released Wednesday by research center Deloitte Center for Controllership reveals expectations of a rise in these types of cybersecurity attacks.
For this report, Deloitte surveyed more than 1,100 executives from the C-suite and other executives during a webcast on Oct. 26, 2022. The participants were asked about attacks targeting the financial and accounting data of their organizations.
- Financial and account data specifically targeted
- Alignment between cybersecurity and finance groups
- How to protect financial data against attacks
Financial and account data specifically targeted
Among those surveyed, 34% said that their accounting and financial information was specifically targeted by cybercriminals over the past year. Within that group, 22% said they were hit by one such attack, while 12% said they were victimized by more than one.
Looking ahead, almost half (49%) of the executives polled expect both the volume and size of cyberattacks targeting this type of data to increase in the coming year. Some 22% said they anticipate no change, while only 3% said they expect such attacks to decrease.
Alignment between cybersecurity and finance groups
Since financial and accounting data is such a lucrative and tempting target for cybercriminals, a close relationship between an organization’s cybersecurity group and its financial group seems in order; however, just 20% of the respondents said that the two groups in their business are working together closely and consistently. Some 42% said the groups in their organization are somewhat aligned, working together as needed but more inconsistently, and 11% said the two groups in their environment don’t work together at all.
Recognizing the importance of a closer relationship between cybersecurity and finance, 39% of those surveyed said that they expect an increase over the next 12 months in the way the two groups work together. Some 29% said they anticipate no changes, while just 3% said they expect the relationship between the two groups to decrease.
“Accounting and financial data is the lifeblood of organizational operations — and often meant to be kept confidential outside of highly regulated public disclosures for publicly traded organizations,” Temano Shurland, a Deloitte risk and financial advisory principal in finance transformation, said in a press release. “While there may not have been much need for accounting, finance and cyber teams to work closely in the past, recent years have shown that’s no longer the case. We strongly recommend that these teams try to ‘learn each other’s languages’ and tighten their working relationships across silos.”
The theft and compromise of financial and accounting data can have a large impact on an organization. When asked whether they have a process to identify the financial impact of the potential cyberattacks on this type of data, 25% of those polled said they do, 17% said they don’t currently but do plan to have one in the next 12 months, and 20% said they have no plans to implement such a process.
How to protect financial data against attacks
To help organizations with financial and account data better protect this information from compromise, Daniel Soo, a Deloitte risk and financial advisory principal in cyber and strategic risk, offers the following advice.
1. Understand the data
Organizations should start off with a strong understanding of their high-value finance or accounting data.
2. Security teams need to work with the business
If the high-value financial data isn’t well understood or defined, security staffers should work with the appropriate business groups to help with this process. The key is to understand how the data supports business operations to determine what is and is not an acceptable use of the data.
3. Bake security into the systems
Security should be designed into the financial systems that hold the data. To that end, integrating the right security and applying the right controls demands close coordination between the security group and other business teams.
“This helps balance cyber risk management needs with business needs to execute day-to-day operations with minimal disruption,” Soo explained. “In fact, we’ve seen leading organizations also solicit end-user inputs on data security efforts to support organizational change management, while also leveraging security technology and processes to help automate, scale and secure data as efficiently and effectively as possible.”
Read next: Security Awareness and Training Policy and Data governance checklist for your organization (TechRepublic Premium)