Additional reading
and resources

Additional reading and resources Digital Defense: Why Cybersecurity is Non-negotiable Three ways firms can bolster their cybersecurity defenses Bridging the Gap: The Role of Management Accountants in Cybersecurity Risk ManagementEnhance public sector governance using AIAICPA and CIMA: SOC for Cybersecurity CAQ 2022 Audit Committee Transparency BarometerCenter for Internet SecurityWorld Economic Forum: Centre for CybersecurityJournal of Accountancy articles and podcasts:‘Bots emerge as cyber threat for accounting firms’ ‘Cybersecurity risk: Constant vigilance required’ ‘Tech roundtable: Getting your data in order’ [podcast] FM Magazine articles: Exploits and cloud complexities test cybersecurity teams Cyberattack hack: The case for targeting prevention over detection Ransomware threat: Finance’s 4-part defence role ‘5 signs there could be IP theft in your supply chain’‘Cyberattacks stemming from software on the rise’‘How to prepare for cyberattacks at a time of heightened threat’‘Organisations ill-prepared for the stress of complex cyberattacks’

Endnotes

World Economic Forum, 2025, The Global Risks Report 2025, Insight Report (20^th ed.),8.

World Economic Forum, The Global Risks Report 2025, 8.

‘Our community's priorities’, World Economic Forum Centre for Cybersecurity, accessed July 14, 2025.

‘Our initiatives on cybersecurity’, World Economic Forum Centre for Cybersecurity, accessed July 14, 2025.

World Economic Forum, The Global Risks Report 2025, 5, 7.

World Economic Forum, The Global Risks Report 2025, 6, 14, 15.

World Economic Forum, The Global Risks Report 2025, 7, 40, 51.

World Economic Forum, The Global Risks Report 2025, 6, 7, 45, 46.

World Economic Forum, The Global Risks Report 2025, 28.

World Economic Forum, The Global Risks Report 2025, 7.

AICPA, 2017, Description Criteria for Management’s Description of the Entity’s Cybersecurity Risk Management Program, 9–10.

Cybersecurity and Infrastructure Security Agency, April 2023, Zero Trust Maturity Model (Ver. 2.0), 6.

IBM, Cost of a Data Breach Report 2025: The AI Oversight Gap, 2025, 36.

‘Secure by Design,’ US Cybersecurity and Infrastructure Security Agency (US CISA), accessed July 1, 2025.

IBM, Cost of a Data Breach Report 2025, 16–18.

IBM, Cost of a Data Breach Report 2025, 14.

IBM, Cost of a Data Breach Report 2025, 28–29, 30–31, 35, 38.

IBM, Cost of a Data Breach Report 2025, 13.

IBM, Cost of a Data Breach Report 2025, 42–43.

IBM, Cost of a Data Breach Report 2025, 52–53.

IBM, Cost of a Data Breach Report 2025, 39.

IBM, Cost of a Data Breach Report 2025, 45.

IBM, Cost of a Data Breach Report 2025, 50–51.

IBM, Cost of a Data Breach Report 2025, 40.

US CISA, March 12, 2021, Cyber Essentials Starter Kit: The Basics for Building a Culture of Cyber Readiness, 1.

US CISA, Cyber Essentials Starter Kit, 2.

'Cyber Essentials’, IASME, accessed 27 June 2025.

Data (Use and Access) Act 2025, Information Commissioner's Office website, accessed 2 July 2025.

‘SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies’ [press release], 26 July 2023; Public Company Cybersecurity Disclosures; Final Rules [fact sheet], US Securities and Exchange Commission (SEC).

AICPA and CIMA and Center for Audit Quality, September 2023, What Management Needs to Know About the New SEC Cybersecurity Disclosure Rules.

The White House, March 2023, The National Cybersecurity Strategy.

The White House, May 2024, National Cybersecurity Strategy Implementation Plan (Version 2), 1.

Cyber Security Toolkit for Boards, National Cyber Security Centre, accessed 2 July 2025.

‘Cyber Insurance’, US Federal Trade Commission (FTC) and National Association of Insurance Commissioners (NAIC).

‘Cyber Insurance’, FTC NAIC.

AICPA, 2021, Cybersecurity risk management reporting: fact sheet, 2.

‘Who We Are’, Center for Internet Security.

‘CIS Critical Security Controls’, Center for Internet Security.

Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing & Analysis Center (MS-ISAC) and Joint Ransomware Task Force, October 2023, ‘Introduction’, #StopRansomware Guide, 3.

Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing & Analysis Center (MS-ISAC) and Joint Ransomware Task Force, October 2023, ‘What’s new’, #StopRansomware Guide, 4.

CISA and MS-ISAC and Joint Ransomware Task Force, October 2023, ‘Detection and Analysis’, #StopRansomware Guide, 21–23.

DisclaimerMany of the current findings in this updated tool are from the IBM Cost of a Data Breach Report 2025: The AI Oversight Gap which is based on research conducted by the Ponemon Institute under the sponsorship of IBM. Used with permission. AcknowledgementsKen Witt, CPA, CGMA, and Carrie Kostelec, CPA, of the AICPA^® and CIMA^® prepared the update of this tool. The original tool was based on a webcast series that Kenneth R. van Wyk, President and Principal Consultant of KRvW Associates LLC presented for AICPA and CIMA members.About the AssociationThe Association of International Certified Professional Accountants^® (the Association) is the most influential body of professional accountants, combining the strengths of the American Institute of CPAs^® (AICPA^®) and The Chartered Institute of Management Accountants^® (CIMA^®) to power trust, opportunity and prosperity for people, businesses and economies worldwide. It represents 580,000 members and students in public and management accounting and advocates for the public interest and business sustainability on current and emerging issues. With broad reach, rigor and resources, the Association advances the reputation, employability and quality of CPAs, CGMA^® designation holders and accounting and finance professionals globally.Disclaimer: For information about obtaining permission to use this material other than for personal use, please email copyright-permissions@aicpa-cima.com. All other rights are hereby expressly reserved. The information provided in this publication is general and may not apply in a specific situation. Legal advice should always be sought before taking any legal action based on the information provided. Although the information provided is believed to be correct as of the publication date, be advised that this is a developing area. The Association, AICPA and CIMA cannot accept responsibility for the consequences of its use for other purposes or other contexts.The information and any opinions expressed in this material do not represent official pronouncements of or on behalf of the AICPA, CIMA or the Association of International Certified Professional Accountants. This material is offered with the understanding that it does not constitute legal, accounting, or other professional services or advice. If legal advice or other expert assistance is required, the services of a competent professional should be sought.The information contained herein is provided to assist the reader in developing a general understanding of the topics discussed but no attempt has been made to cover the subjects or issues exhaustively. While every attempt to verify the timeliness and accuracy of the information herein as of the date of issuance has been made, no guarantee is or can be given regarding the applicability of the information found within any given set of facts and circumstances.About AICPA and CIMAThe Association of International Certified Professional Accountants^® (the Association) represents AICPA^® and CIMA^®and works to power opportunity, trust and prosperity for people, businesses and economies worldwide. It represents 580,000 members, students and engaged professionals in public and management accounting and advocates for the public interest and business sustainability on current and emerging issues. With broad reach, rigor and resources, the Association advances the reputation, employability and quality of CPAs, CGMA^® designation holders and accounting and financial professionals globally.The American Institute of CPAs^® (AICPA)The AICPA is the world’s largest member association representing the accounting profession, with more than 397,000 members in 143 countries and a 137-year heritage of serving the public interest. AICPA members represent many areas of practice, including business and industry, public practice, government, education and consulting.The AICPA sets ethical standards for the profession and U.S. auditing standards for audits of private companies, not-for-profit organizations, federal, state and local governments. It develops and grades the Uniform CPA Examination and offers specialty credentials for CPAs who concentrate on personal financial planning; fraud and forensics; business valuation; and information technology. Through a joint venture with The Chartered Institute of Management Accountants^® (CIMA), it established the Chartered Global Management Accountant^® (CGMA) designation to elevate management accounting globally. The AICPA maintains offices in New York, Washington, DC, Durham, NC and Ewing, NJ. aicpa-cima.com
Founded by AICPA and CIMA, the Association of International Certified Professional Accountants powers leaders in accounting and finance around the globe.© 2025 Association of International Certified Professional Accountants. All rights reserved. AICPA and CIMA are trademarks of the American Institute of CPAs and The Chartered Institute of Management Accountants, respectively, and are registered in the US, the EU, the UK and other countries. The Globe Design is a trademark of the Association of International Certified Professional Accountants. 2509-514756