Why Cybersecurity is Your Company’s Biggest Risk– September 09, 2021 by Chris Ferguson

In the final installment of our cyber safety series, learn why cybersecurity risks are the biggest threat to your organization today.


There is no shortage of risks when it comes to managing your organization — regulatory, macro and micro economic, and any number of competitive risk factors related to areas such as innovation and cash flow. But among all of those risks lies one of the biggest, cybersecurity. It’s underscored by the pervasiveness and constant change of technology, along with the significant incentives and multiple methods of entry available to attackers. As a result, cybersecurity is likely the most challenging risk for any business to manage.

Far Reaching and Pervasive Impact

Technology supports processes far and wide throughout any organization, from the ability to communicate, to the ability to perform daily operational activities, to data storage and processing.  

Even organizations that are slow to adopt tend to rely heavily on technology for critical processes such as managing inventory, accounting and record keeping, managing customer orders and paying employees. Technologies such as email, VOIP and video calls are standard communication mechanisms in most organizations. The impact of just one cyber incident disrupting these and other critical technology functions are potentially crippling.

The impact of cyber risks extends beyond the potential disruption to operations, however, as technology often requires access to many different sources of data, including private and confidential data, to sufficiently perform specific operations. In addition to disrupting operations through loss of data, a cyber breach may also result in exposure of private or confidential data adversely impacting not only your organization, but also your customers and other third parties.

The pervasiveness of cyber risks is so extensive that they encompass elements of other organizational risk as well. For example, the complexity in managing regulatory risk has greatly increased in recent years due in part to the addition of regulations around areas that typically fall under the cyber risk umbrella, such as data privacy. Risks around innovation, or the lack of innovation, are heightened as cyber risks need to be sufficiently considered as part of technology implementation efforts. Additionally, cyber risks have a direct impact on managing a company’s reputation, as a breach resulting in loss of private customer data is likely to harm an organization’s reputation. The bottom line is that one cybersecurity event can cascade throughout the entire organization.

Not If, But When 

Technology is not the only organizational risk with an outsized impact on your organization. Risks such as natural disasters or adverse economic changes could grind many organizations to a halt. The difference between these and cyber risk is one of likelihood. When it comes to a cybersecurity incident, it’s not a matter of if your organization will experience one, but when.

One factor driving the rise in cyber attacks is the significant incentives available to cyber criminals. With this group facing relatively low risks and high rewards for their actions, it’s not surprising the latest FBI Internet Crime Report reported losses from cyber crimes in the U.S. exceeded $4.1 billion in 2020. Cyber criminals generate income from activities such as ransomware payments, selling stolen credentials, and identity theft and tax refund scams, among others.  

Compounding the monetary incentives for becoming a cyber criminal are the relatively low barriers of entry and low risk of being caught and prosecuted. Many of the tools required to facilitate a cyber attack, as well as instructions on how to use these tools, are readily available on the internet. And while the risk of being caught has increased over the years, still only 0.3% of reported cyber crimes are being prosecuted, according to the Third Way Think Tank.

Further increasing the likelihood of a cyber attack is the difficulty in defending against them. With so many methods of attack and constant and rapid changes in technology, it’s challenging for cybersecurity professionals to stay on top of all potential threats. Cyber criminals can target your technology through vulnerability exploits, zero day attacks and denial of service attacks. They can also target your employees using attacks such as man-in-the-middle; social engineering attacks, such as phishing and spear phishing; or a combination of methods, making them tougher to defend against.  

Cyber breaches can impact your organization exponentially, and the high likelihood of one occurring means cybersecurity risks are the biggest threat to your organization today. It should be at the forefront of every organization’s risk management efforts.

Contact Chris Ferguson at christopher.ferguson@cohencpa or a member of your service team to discuss this topic further.


Like what you read? Sign up to receive our latest tax, accounting and business blogs and podcasts.

Cohen & Company is not rendering legal, accounting or other professional advice. Information contained in this post is considered accurate as of the date of publishing. Any action taken based on information in this blog should be taken only after a detailed review of the specific facts, circumstances and current law.