Self-interest not regulation needs to drive cybersecurity, says new ACCA report

Date

09 Feb 2016

Sections

Euro & Finance
InfoSociety
Security

A new report from ACCA (the Association of Chartered Certified Accountants) claims self-interest rather than regulation is the future of cybersecurity because technology is evolving at such a rate that any legislation would be out of date before it is signed in to law.

Constant Forward Motion: The evolving phenomenon of cybersecurity regulation and the race to keep up examines the growing threat to businesses and the problems lawmakers have because of the pace of technological evolution.

Jason Piper, ACCA head of business law, said: ““We’ve seen many times over the past five years or so how much reputational damage a data breach can do to a large firm. Customers and potential customers are likely to think very carefully about their involvement with a company if they have had a data breach.

“Because of the nature of cybersecurity we believe that authorities and governments would be best placed using their resources to raise awareness among businesses, and to put resources in to creating mechanisms to catch perpetrators. Businesses have to take the lead, they need to be aware of the value of the data they hold, the value in protecting it, and the damage than can be done if they fail to do so.

“Data is being used in all sorts of ways – for example to predict purchasing and money transfer patterns – criminals can use this information to commit fraud. As a basic rule of thumb is that if there is value in the data to a criminal then there is value in protecting it and because data is digital it can be replicated over and over again, potentially before the businesses is even aware.

“The big question for authorities is; how do you regulate? Is it better to prescribe hard law or soft law. Both have advantages and disadvantages but ultimately the problem that lawmakers have is that anything they pass into law is likely to be archaic very quickly and they could spend the whole time ‘running to catch up’.

“The same can be said of insurance, mandatory insurance now would force insurers to offer cover without the information yet to be able to set premiums. Insurance is a growing area in the field of cybersecurity but it is an extremely complex job for underwriters to value data and set suitable premiums. Insurance can however, act as an awareness raisers in a similar way to soft laws - if you can insurance against the loss of data then its security needs to be taken seriously.

“Large organisations can play an important role in cybersecurity. Most criminals will look to go after the weakest link in the supply chain as a point to access data. This will usually be the smaller businesses, as they have fewer resources. The larger companies in the chain can support the small ones by providing guidance and expertise. This would be of benefit to the whole chain, as once a criminal has access to one area they will be able to infiltrate the entire chain – causing more damage, both financially and reputational.

The report also looks at other threats to cybersecurity and how technology means that data thefts don’t always have to involve the internet. Physical devices can be used to collect information from ATM cards, electronic tills and card readers for future use, without the need for any direct internet involvement.

Employees are a major threat to a company’s cybersecurity. It is likely that in every data breach an employee will be involved whether directly or indirectly and whether knowingly or unwittingly. Jason Piper concludes: “Employee involvement in data breaches demonstrates the need for increased knowledge and awareness amongst all in the company. Everyone has a role to play in the protection of data.”

The full report can be downloaded from: http://www.accaglobal.com/gb/en/technical-activities/technical-resources-search/2016/february/constant-forward-motion.html

 

- ends -

 

For media enquiries, contact:

 

Ray Allger, ACCA Newsroom
T: +44 (0)20 7059 5788
M: +44 (0)7540 919819

E: ray.allger@accaglobal.com

Twitter: @ACCA_UK / @ACCANews

 

Notes to Editors

About ACCA

ACCA (the Association of Chartered Certified Accountants) is the global body for professional accountants. It offers business-relevant, first-choice qualifications to people of application, ability and ambition around the world who seek a rewarding career in accountancy, finance and management.

ACCA supports its 178,000 members and 455,000 students in 181 countries, helping them to develop successful careers in accounting and business, with the skills required by employers. ACCA works through a network of 95 offices and centres and more than 7,110 Approved Employers worldwide, who provide high standards of employee learning and development. Through its public interest remit, ACCA promotes appropriate regulation of accounting and conducts relevant research to ensure accountancy continues to grow in reputation and influence.

Founded in 1904, ACCA has consistently held unique core values: opportunity, diversity, innovation, integrity and accountability. It believes that accountants bring value to economies in all stages of development and seek to develop capacity in the profession and encourage the adoption of global standards. ACCA’s core values are aligned to the needs of employers in all sectors and it ensures that through its range of qualifications, it prepares accountants for business. ACCA seeks to open up the profession to people of all backgrounds and remove artificial barriers, innovating its qualifications and delivery to meet the diverse needs of trainee professionals and their employers. More information is here: www.accaglobal.com