Tech, in itself, is not the answer to simplified security. Our focus, instead, is on working together as a unified whole -- Security is a concern for the entire business, in every function and for every employee.Â
-- PwC on 2022 Global Digital Trust Insights
Current Trends in Cyber Security Risks and its advancements
With electronic devices, internet and data becoming an integral part of every businesses and organizations across industries, the risks associated in managing and protecting them are also increasing. Such risk is commonly referred to as "cybersecurity risk" which according to The World Economic Forum Global Risks Report 2021 is amongst the top 10 highest likelihood risk of the next ten years while the broader category of technological risks have been the top 5 of the global risk by likelihood since 2017. The report was based on a survey gathered from WEF Communities across 100 countries and composed of senior figures in government, business, International Organizations and academics. Considering the global trend of digitalization in every scope of businesses and organizations, it is safe to say that cybersecurity will only be more relevant in the years to come.Â
Another report by Accenture on the cost of cybercrime in 2018 shows that information loss and business disruption remain the biggest consequences of cyberattacks in terms of financial loss. The accounting, finance, banking industry and accountants in particular are prone to cyber threats. Attackers see them as promising targets due to the fact that the industry and accountants are dealing with sensitive financial information, high value commercial data and even private information of its clients on a day to day basis. Hence, it is essential for accounting practitioners to understand and take part in creating a reliable cybersecurity management to protect their clients and institutions.Â
Common types of cyber risk threatening business and organizations
There are several types of cyber threats that are common to business and organizations. The first type is Phishing, a method of trying to gather personal information using deceptive emails and websites. Another type is malware, or short for malicious software, which was specifically made with the intention of doing harm to data and devices. Some example of malicious software include worms, trojan virus, adware, and spyware. According to the Ninth Annual Cost of Cybercrime Study published by Ponemon Institute, Malware has the most devastating  impact impact for organizations and  has increased by 11 percent over the year.
The third type is Ransomware. It is a form of malware that once taken over your devices, denies your access to your data and the attacker will demand a ransom in order for you to get your access back (often in the form of cryptocurrency). In May, 2017 there was a global ransomware attack primarily targeting devices (PCs) with windows operating system known as WannaCry using the Petya Variant of ransomware. The estimated economic and financial loss from this attack was around USD $4 billion. Lastly, there's Brute Force. As the name suggests, Brute Force attack is a type of cyber attack that uses trial-and-error to guess target's  credentials.Â
In today's highly digitalized environment, businesses and organizations are more susceptible to cyber attacks. With the utilization of cloud services, IoT-connected devices, Mobile devices, SaaS products and more areas covered with public WiFi, there are a lot more options for attackers to breach into company's devices and sensitive data. Â
Between July-December 2020 there were 539 notifications of data breaches which were caused by malicious attacks (58 percent), Human Errors (38 percent) and System Faults (4 percent) reported by the Office of the Australian Information Commissioner (OIAC). The report suggests that human error remained a substantial source for data breaches which mainly involved activities such as sending information to the wrong recipient, unauthorized disclosure and loss of paperwork/data storage device.Â
