ICAEW.com works better with JavaScript enabled.

ICAEW cyber round-up: October 2023

Author: ICAEW Insights

Published: 27 Oct 2023

This October marks the 20th anniversary of Global Cyber Security Awareness Month. In this round-up, we look at how cyber threats have evolved over the years and what this means for businesses and finance professionals.

A changing landscape

This October marks the 20th anniversary of Global Cyber Security Awareness Month. While we reflect on two decades of technological advancements that have created business opportunities and growth, it is also important to acknowledge the evolution of cyber crime.

Technological advancements have led to the emergence of more sophisticated cyber attacks. The pervasiveness of these advancements means that no one is immune to the risks posed by cyber threats.

A recent scenario analysis found that a major cyber attack on global payment systems could cost the world economy $3.5trn, alongside widespread disruption to businesses. This emphasises the importance of maintaining a high level of cyber awareness, especially in the face of ever-evolving technological trends.

Generative AI is considered to be one of the leading technologies poised to revolutionise ways of working, but this same technology is increasingly being exploited for malicious purposes providing an avenue for threat actors to craft sophisticated and targeted attacks at speed and scale.

Generative AI and services such as ChatGPT can make it easier for those with ill intentions to compose highly convincing phishing emails in the native language of their intended victims or to assist in crafting malware, thereby elevating the threat of fraud, scams, and organised criminal activities. Furthermore, there is the added concern that Generative AI may equip criminals with knowledge and capabilities that extend beyond their current skills.

On the other hand, ransomware is an example of a well-known threat. Recently, there has been a steady increase in ransomware incidents affecting organisations and businesses in the UK. The threat is also evolving. The National Cyber Security Centre (NCSC) has noted a growing prevalence of “Ransomware-as-a-Service”, which enables less sophisticated criminals to acquire software for executing attacks.

Cyber security is more important now than ever

The 2023 cyber security breaches survey found that 26% of medium-sized businesses have experienced cyber crime in the past 12 months. Recent research found that a lack of training and education on cyber security for employees is where most firms are failing. Businesses can do more to educate employees on how different technologies work and how to mitigate and prevent attacks. 

Some basic ways to encourage responsible cyber security behaviours include creating strong and easy-to-remember passwords. The NCSC recommends using the Three Random Words technique to keep your online accounts secure. Businesses can also encourage employees to set up two-step verification for important accounts as an extra layer of security.

Finance professionals in particular have a significant role to play in managing cyber risk. Finance functions often oversee and manage critical aspects of a business, including the control environment, compliance to industry regulations and mergers and acquisitions. Julia Seppä, Strategic Client Programme Manager at Deloitte Finland, suggests that an understanding of cyber risk and regulations is important for finance professionals to lead the way in a world more prone to cyber attacks.

At the board level, the CFO needs to play an active role by being involved in defining the cyber strategy, overseeing cyber controls as part of the wider control environment, and setting and approving the cyber budget. Earlier this year, the NCSC refreshed its Cyber Security Toolkit for Boards, which is designed to help board members, including the CFO, govern cyber risk more effectively. 

Stay cyber aware

The implications of AI and other emerging technologies on cyber security remains a big concern. To learn more about the impact of such technologies on data privacy, hear from the UK Information Commissioner at ICAEW’s Annual Cyber Security Lecture on 6 November at Chartered Accountants’ Hall.

A range of resources and guidance exploring what to do when a cyber-attack happens and how to stay secure can be found on ICAEW’s Cyber Security Awareness Month hub.

Got an interesting cyber story for us? Email techfac@icaew.com

Recommended content

Resources
Keep up-to-date with tech issues and developments, including artificial intelligence (AI), blockchain, big data, and cyber security.
Technology

Keep up-to-date with tech issues and developments, including artificial intelligence (AI), blockchain, big data, and cyber security.

Read more
ICAEW Community
Data visualisation on a smartphone
Data Analytics

Helping finance professionals develop the advanced data analytics and visualisation skills needed to succeed in this insight-driven era.

Find out more
Open AddCPD icon

Add Verified CPD Activity

Introducing AddCPD, a new way to record your CPD activities!

Log in to start using the AddCPD tool. Available only to ICAEW members.

Add this page to your CPD activity

Step 1 of 3
Download recorded
Download not recorded

Please download the related document if you wish to add this activity to your record

What time are you claiming for this activity?
Mandatory fields

Add this page to your CPD activity

Step 2 of 3
Mandatory field

Add activity to my record

Step 3 of 3
Mandatory field

Activity added

An error has occurred
Please try again

If the problem persists please contact our helpline on +44 (0)1908 248 250