PwC recently hosted a webcast on the topic of Cybersecurity Attestation. As cybersecurity attacks evolve and continue to target organizations, most recently Equifax and Deloitte, this topic is undeniably top of mind for the audit industry.
In case you missed it, we have provided our biggest takeaways from the Cybersecurity Attestation presentation below:
- The AICPA issued a reporting framework in response to cybersecurity risk. This framework allows for both internal and external reporting.
- M&A activities are now looking at cybersecurity much more critically as part of their due diligence.
- As the world becomes more interconnected, regulations around privacy, security, and personal data are increasing. These new rules include:
- General Data Protection Regulation (GDPR) in the European Union
- China’s Cyber Laws
- New York Department of Financial Services Cyber Requirements
- Lost operations due to IT outages and hacks can severely impact your bottom line; one company the webinar mentioned lost upwards of $200 million in an attack. The threat environment is evolving rapidly and it is imperative to assess and adjust to mitigate as much risk as possible.
- Cybersecurity breaches affecting manufacturing, healthcare, and retail companies points to the fact that any industry is susceptible, not just finance and banking. If a threat has successfully impacted one of your competitors, it won't be long before your company may be compromised as well.
- The list of stakeholders affected by cybersecurity risk is growing larger to include the Board, CFOs, CAEs, CTOs, CROs, CCOs, and emerging stakeholders. One unexpected emerging stakeholder is the CMO, who is looking to utilize personal data which needs to stay private and protected.
- SOC 1 (2010), SOC 2/3 (2010) and SOC for Cybersecurity (2017) has been growing in demand. However, Cybersecurity attestation is not a replacement for SOC 1 or 2 (although there is overlap).
As Cybercrime continues to evolve in sophistication, the importance of a strong cybersecurity defense should not go overlooked. Building an effective cybersecurity strategy and risk management program can be quite time consuming, but being proactive about cybersecurity compliance is a great safeguard for protecting your bottom line.
Here are some ways that SOXHUB can help:
- SOXHUB can import the NIST, SOC, PCI DSS, and AICPA Cybersecurity frameworks so you can begin assessments immediately.
- Manage all of your testing and reporting in one centralized platform, where you can get instant visibility into your status at any time, across any location or department.
- SOXHUB’s issue tracking software allows you to easily identify and create issues in real-time and manage remediation action items with process owners in any department and location.
- SOXHUB offers unlimited user access, so your entire organization can be involved in proactively preventing hacks.
- Our intuitive risk assessment module can help you build a consistent and repeatable risk assessment process with real-time updates, empowering your company to perform more self-assessments frequently, consistently, and efficiently.
With our industry-leading implementation time, we can help you implement a cybersecurity assessment process in a matter of weeks. Our implementation and product team members bring years of audit experience, ensuring a smooth and quick onboarding process while providing meaningful recommendations for building a robust compliance program.
To learn more about how SOXHUB can help you build a cybersecurity risk management program, contact us today.