In an interactive survey conducted during the firm’s annual Insights meeting, 65% of respondents conveyed a perception of a high or moderate risk of a cyber security incident. The participants included senior executives of Houston based companies in energy, healthcare, manufacturing, services, and other industries.
“These results are consistent with what we’ve seen in previous studies, and signal a continued trend of middle market companies facing a daunting challenge of protecting their intellectual property, business continuity, and oftentimes brand reputation,” said Donny Shimamoto, CPA.CITP, CGMA founder and managing director of Honolulu-based IntrapriseTechKnowlogies LLC, a CPA firm with a specialty in cyber security risk management and mitigation strategies. Shimamoto was featured on a panel at the Insights event, along with Noel Hersch from Pathway Forensics, and Sean Hall from FirmGuardian.
“But the more important finding from this survey was that among the same respondents, more than half were not confident, neutral, or didn’t know if their company was properly secured from internal cyber threats, and an equal amount were not confident, neutral, or didn’t know if their company was protected from external threats,” Shimamoto added. Amplifying that concern is that less than one-third of the respondents felt their organization was prepared to properly respond to and contain a cyber incident.
One of the major takeaways from the Insights cyber panel is that IT governance and IT risk management are very different from IT execution, which can present a false sense of security for middle market companies. “Many CEOs feel as though they ‘have it covered’ when it comes to cyber risk because they have IT professionals on-staff and policies in place,” said Shimamoto. “But cyber security risk management is about more than just securing the network or servers. Companies need to take a more holistic view of cyber issues if they are to protect their assets. The weakest link in cyber security is people and other internal threats. Mitigating these risks require good IT governance and user education—neither of which technical-focused IT professionals are usually adept at. If an incident does occur, it’s also important for companies to be ready to respond quickly to contain the problem while maintaining the forensic trail of evidence. Being able to do both of these effectively can be the difference between being in a “safe harbor” and being sued for negligence.” he added.
Briggs & Veselka announced that the firm has entered into a joint agreement with IntrapriseTechKnowlogies (ITK) to provide cyber consulting services for its clients and other companies in South Texas. “We’ve been so impressed with ITK’s pioneering work in this area, and our hope is that through this collaboration we can help protect clients’ data and give them peace of mind,” said Sheila Enriquez, a shareholder of Briggs & Veselka. “The next few years will be very interesting, and we want to stay ahead of the curve,” she added.