In this milestone 50th episode of Accounting for the Future, host Anne-Marie Henson and Rob Philpotts, a Partner in BDO's Cybersecurity practice, explore how cyber threats have evolved into a strategic business priority for organizations of all sizes and offer actionable advice for CFOs and finance leaders.

They also cover the impact of geopolitical activities on cybersecurity, real-world examples illustrating how cyber incidents can disrupt operations, and why even small and medium businesses must be vigilant. This episode highlights why integrating cybersecurity into business planning—beyond just budgeting—is essential, as the 'speed of cyber' demands that leadership teams take true ownership.

#cybersecurity #BusinessResilience #CyberAttack

What you'll hear in this episode:

00:00 – Introducing Rob Philpotts, Partner, Cybersecurity

01:45 – Cybersecurity and geopolitical tensions

04:13 – Why small and medium-sized businesses must be vigilant

08:19 – Cybersecurity in a shifting global supply chain

10:36 – Integrating cybersecurity in the planning phase

13:01 – Why planning is cheaper than responding

15:05 – Regulatory changes and Bill C-8

17:18 – Business repercussions of cyber incidents

23:14 – Why budget alone doesn't ensure cyber readiness

26:17 – Three strategies to build cyber defences

30:58 – Why true resilience involves the entire organization

31:52 – Practical advice: Security vendors and independent reviews

36:15 – Closing thoughts

Mentioned:

Anne-Marie Henson

Rob Philpotts

BDO Canada

Quotes:

"Now that we are very aware that cybersecurity is part and parcel of geopolitical activities, we definitely have to become more and more aware, and we strive every day to help our clients understand this."

"Financial risks are immediate and, typically, you see them show up quite quickly in the event of a cybersecurity issue. But the reputational risk is really the long-term potential damage to your supply chain, your customers who might have lost confidence in your ability to secure their data and their information. So those risks definitely should not be underestimated when we're looking at these types of issues."

"You can't outsource risk. It's not your IT company's risk. It's your risk. It's also your accountability."

"The organizations that don't just offload this responsibility to the CTO or the CIO, and actually make it the responsibility of everyone, are the ones that I've seen that are really most successful."

"Planning is cheaper than responding."

"Now doing that at the speed of light, of course, that's where your integration has to occur, and looking for those anomalies. Because that's how fast a cyber attack happens. We call it 'speed of cyber'—it happens in the snap of a finger."