Will Your Cybersecurity Defense System Protect Your Organization? (Carr, Riggs & Ingram)
Technology
September 13, 2022 - Carr, Riggs & IngramThis is a thought leadership article on improving your company's cybersecurity defences from PrimeGlobal member firm Carr, Riggs and Ingram in the US.
Access our Technology Insights hub to access similar articles about technological innovations that can help improve your business and the service you provide to your clients. Interested in sharing your own thought leadership with PrimeGlobal members? Submit an article.

For a homeowner, the knowledge that a trained eye has evaluated the home security system — and attested that it is in good working order — can go a long way toward a good night’s sleep.
The same goes for business owners and executives in charge of keeping the company’s digital assets safe. Recent global ransomware attacks, denial of service attacks, and data exfiltration have highlighted the growing and pervasive risks to organizations of all sizes and in all sectors of the economy.
Many business owners and executives believe that they can manage these risks with technology such as firewalls and anti-virus software. However, just like an alarm system that has not been activated is useless, defensive technology will not overcome bad controls and human error.
Stakeholders Scrutinize Cybersecurity Defenses
Boards of directors, customers, employees, investors, business partners, and regulatory bodies expect organizations to have processes and controls designed to prevent, detect, and mitigate the effects of cybersecurity events. Increasingly, these stakeholders expect independent third-party reports that attest to the effectiveness of the organization’s cybersecurity risk management program.
But the challenge has been choosing from among a multitude of reporting frameworks and solution providers. In 2017, the American Institute of Certified Public Accountants (AICPA) introduced a robust, industry-agnostic framework intended to provide the market with a conventional approach to evaluating and reporting on a company’s cybersecurity risk management program. This consistent reporting approach could potentially streamline compliance requirements that might otherwise distract company resources away from cybersecurity risk management.
CPAs Offer Trained Eye to Verify Cybersecurity Readiness
As organizations seek to provide assurance to their stakeholders about the strength of their cybersecurity defenses, they should consider an examination performed by an independent auditor. Public accounting firms draw on a unique combination of qualities that can prove invaluable when evaluating cybersecurity defense systems with a set of skeptical eyes.
- Integrity. The Certified Public Accountant (CPA) profession was built on core values of independence, objectivity, and professional skepticism. As a result, an audit by an independent CPA has become the gold standard when it comes to assessing internal controls over financials. That same auditor’s mindset and discipline are invaluable when assessing the strength and security of a cybersecurity risk management program.
- Risk management experts. CPA firms can provide cybersecurity examinations that fulfill the risk management needs of a broad range of stakeholders. Auditors are experts at assessing an organization’s risks and internal control effectiveness. Many public accounting firms already assess their clients’ key risks in a number of areas, including cybersecurity, as well as the readiness of programs that are in place to manage those risks.
- Broad perspective. Today’s public accounting firms employ individuals with a broad range of skills and knowledge. In addition to CPAs, many midsized local and regional accounting firms have IT specialists who can help strengthen the entity’s cybersecurity defenses. Some of the designations business owners and executives should look for include Certified Information Systems Security Professionals (CISSP), Certified Information Systems Auditors (CISA), and Certified Information Technology Professionals (CITP).
Sleep Soundly with Confidence in Your Cyber Defenses
When it comes to cyber threats, no organization is too small or insignificant to be a target. Those organizations that have engaged CPAs and skilled IT professionals to examine their cybersecurity defense systems can sleep soundly with confidence in the effectiveness of those programs.
Content by:
Carr, Riggs & Ingram
Carr, Riggs & Ingram (CRI) is a top 25* nationally-ranked accounting and advisory firm driven by relationships to cultivate growth. From traditional accounting services to leading-edge business support, technology resources, and assurance* offerings, CRI’s breadth and depth of expertise takes you from compliance to competitive advantage.
Learn more