In May 2017, a report released by Deloitte – The Value of Visibility – stresses the importance of organisations adopting cyber security risk management that takes a proactive approach against cyber attacks. It also presents the new AICPA cybersecurity risk management framework.

A report published by the multinational professional services firm Deloitte stresses the importance of making cyber security more visible to the stakeholders of companies around the world. As cybercrime tactics become more sophisticated, stakeholders need to have a tangible notion of the organisation of cyber security risk management.

However, reassuring board members and partners about the company’s approach to cyber security is only one of the reasons why is necessary to implement such program. Cybersecurity measures could give a company advantages regarding future regulatory requirements, empower the members of an organisation, and upgrade the brand.

Given the lack of consensus on how to approach a cybersecurity risk plan, the American Institute of Certified Accountants (AICPA) has released a framework that aims to evaluate the cybersecurity risk management program of an organisation. The AICPA cybersecurity risk management examination reporting framework also intends to address stakeholders’ expectations and to improve organisations’ responses to cyber-threats. The framework is not a guarantee of perfection, but it provides a broader and objective criteria that can be distributed among stakeholders, buildings credibility and confidence.

This new cybersecurity risk management program framework proposed be AICPA also intends to standardise a reporting mechanism that can be useful for, and understandable by, internal stakeholders, regulators, clients, partners, the media and analysts. By implementing this framework, the report suggests, organisations are not only protecting their value, but also adding an asset to it. This will increase the confidence of the stakeholders in the brand and optimise the response in case of a cyberattack.