« 4 best practices for working from home | Main | 5 tips for the best sleep of your life »

AICPA cybersecurity framework highlighted in Congressional testimony

IStock_000035601216_FullEarlier today, Bob Sydow, EY Americas Advisory Cybersecurity Leader, testified in front of the US Senate Committee on Banking, Housing and Urban Affairs on cybersecurity risks to financial services.

Sydow outlined three main challenges EY’s clients face regarding cybersecurity:

  1. Emerging interconnected technologies that drive fundamental transformations and create complex third-party ecosystems
  2. The volume, velocity and precision of attacks
  3. A shortage of cybersecurity resources and skilled professionals

Given the rise of cybercrime and the increasing risks to sensitive data, Sydow stated that, “No organization, large or small – public or private – is immune to the threat.”

Among the many difficulties in dealing with cyber attacks, Sydow pointed out that, “In addition to vendor risk, most institutions struggle to secure resources and talent. Experienced cyber professionals are in high demand. Often, small firms turn to third-party providers to meet those needs.”

Sydow went on to identify the AICPA’s cybersecurity risk management reporting framework as a valuable resource for organizations looking for ways to mitigate cyber risk.

He stated that the framework “can provide stakeholders with reasonable assurance that the identification, mitigation and response controls are in place” and that while “[n]o framework can guarantee against a breach, the AICPA cyber risk model can offer an independent, validated understanding of a company’s systems, processes and controls.”

Additionally, Phil Venables, Managing Director and Head of Operational Risk Management and Analysis at Goldman Sachs, told Senators that the AICPA standards could help stakeholders “vet and independently assess the level of security and risk in various companies.”

You can watch the entirety of the hearing here.

For more information on the framework, visit the AICPA Cybersecurity Resource Center.

If you're interested in learning more about cybersecurity and the risks to your organization and clients, be sure to attend The AICPA NAAATS Conference at ENGAGE this year. Register here.

Julia Woislaw, Manager - Advocacy Communications, Association of International Certified Professional Accountants


Comments are moderated. Please review our Comment Policy before posting.


Subscribe in a reader

Enter your Email:

CPA Letter Daily