Spreadsheets
Use of IT in Business
Computers and software are widely used in business and accounting.
Business organisations use computer equipment: desktop computers, laptops or tablets, and more powerful commercial devices such as mainframes.
The computer devices used by individuals are often linked to a central processing system (and to each other) by a communications network.
The communications links may consist of private telecommunication circuits (an internal network using wireless or Ethernet connections), but systems are often linked through the public Internet.
The illustration above shows terminals connected to a mainframe on a local area network.
Depending on the communications system used, the IT systems used by businesses may be called local area networks, wide area networks or intranets.
The use of cloud-based packages hosted on the internet is increasingly prevalent and offers the flexibility of being accessible from anywhere in the world; this enables globalised operations.
The software used in accounting systems may be specially written, but software packages purchased from a software supplier are also widely used.
Many managers, not just accounting managers, use spreadsheets. A spreadsheet is a table of rows and columns that make up boxes or cells.
Each cell can be filled with text, a number or a formula. Accountants can use spreadsheets to construct many types of tables.
The illustration above shows how the SUM formula is used to sum the total of the selected cells.
For example, spreadsheets can be used to: construct a budget or financial plan, present an accounting statement, produce variance reports, make financial forecasts, and so on.
The illustration shows a budget being constructed in a spreadsheet.
Some cells will be used to enter numbers, but formulae are inserted in other cells to calculate a value for the number to go in that cell from data in other cells in the spreadsheet.
Spreadsheets use cell references to construct formulas from data. In the above example D7 refers to the name of the column (D) and row (7) in which the cell resides.
Using formulae makes it possible to produce tables quickly and experiment by changing numbers and re-calculating tables.
In summary, spreadsheets are practical for many tasks, including:
Databases
A database is a large file of data or collection of information.
A file of customer information is a database.
It is managed or controlled by a database management system (DBMS).
A DBMS is the shell around the database which controls the organisation, storage, retrieval, security and integrity of data.
The DBMS allows the data to be stored independently of the application using the data. Thus any application can request data from the database via the DBMS based on a specific identifier (e.g. the field name “Customer”).
Typical functions of the DBMS include:
For example, business organisations may have databases for their customers, suppliers, inventory, and employees.
Data is input into the database so that the file is continually updated.
At any time, if someone wants to obtain information from the database, this can be obtained by searching the files through queries.
The information on a database can also be used for different processing requirements – for various applications.
This means that one set of master files is needed for all the users within the organisation (such as accountants, marketing, sales, and management colleagues) wanting to use the information for their particular purposes.
The advantage of databases is that there is a single central file containing all the required data.
Different parts of the organisation can use this central file for their purposes.
Key Features of a Database
Different users have access to the data files without having to duplicate/copy them.
Users can access data on a database at any time. It is a source of instant information. This is incredibly flexible if the database is hosted on an internet-based cloud.
The data on a database may provide a valuable source of research information.
For example, a database of customer purchases might be used to analyse customer spending patterns and habits.
Accounting Software Packages
Accounting software packages can be bought from software suppliers. An accounting package provides the user with features and routines for recording accounting transactions, producing financial documents (such as sales invoices) and preparing financial statements from the data on file.
Typically, an accountancy software package consists of several different integrated modules. Each of these modules can be used independently or in combination with other modules.
For example, an integrated package will include a module for payroll. A business organisation buying and using the package can choose whether or not to purchase and use the payroll module. If they do not accept the payroll module, they can make other arrangements for processing and accounting for payroll.
Other accounting modules – such as the receivables ledger, payables ledger, general ledger, inventory, cash book and non-current assets register – may be included in an integrated accounting software package.
Benefits of an Accounting Software Package
Accounting packages provide a ready-made financial system for organisations that cannot afford an IT department. They are an alternative to a manual accounting system.
They can be used by accounts staff with only limited IT skills. They are designed for use by non-experts.
They are ready to use when purchased, although the organisation must first set up its master file records for customers, suppliers, general ledger accounts, etc.
Other businesses use them, so any errors in the software should have been identified previously and corrected.
It costs much less to buy an accounting package than to develop a bespoke system.IT Security Risks
There are three significant threats to data in an IT system:
Risk
Description
Example
Unauthorised access
The risk is that an unauthorised party gains access to the IT system and its files.
A hacker may steal data, install ‘malware’ (a piece of software designed to corrupt the system), or destroy or corrupt data that is held on file.
Data on an IT system may be lost or corrupted accidentally or through malicious destruction by a ‘hacker’ into the system.
The theft of data from the IT systems of companies – or a government – is known as cyber theft or cybercrime.
Loss or destruction of data
The risk of data becoming corrupted, lost, or destroyed.
Data on a local storage medium may be corrupted by exposure to excessive heat.
A file on a portable device, such as a memory stick, may get lost.
Data may also be lost or corrupted due to accidental physical damage to files or equipment.
Service disruption
Loss of IT services, either from the local network or the cloud.
Loss of internet connection or cloud host outages will cut the company off from cloud-based services.
The services from the local IT system may be disrupted by fire or a loss of power.
Need for IT Controls
An IT system can be defined simply as a system that receives input, processes it, holds data and processed information on file, and produces output when required. Controls are needed over all these elements of the IT system: input, processing, files and output.
Risk area
Controls
Input
Controls are needed to check that data input to an IT system is correct.
For example, on-screen instructions are a form of control to ensure that the system user carries out all the required input procedures.
Error messages may be shown on the screen when an incorrect or invalid entry has been made.
Processing
Controls to ensure that items are processed correctly and completely.
Controls may include controls to test the software before it is used on ‘live data’, to remove errors in the programming.
Files and Data
Controls protect files and the data they contain. One such control is to produce backup copies of all critical files at regular intervals.
Username and password controls may reduce the risk of unauthorised individuals, such as hackers gaining entry to the system.
Output
Controls to reduce the risk of information being released to individuals not authorised to receive it.
Encrypting messages before they are transmitted from an IT system is an output control.
IT Security Measures
IT security measures and controls to prevent unauthorised access can include physical security measures and controls within the software.
IT security measure
Controls over physical access
Security measures may be taken to restrict access to computer terminals to authorised personnel.
In an extensive computer system, this could include the use of security badges for staff to gain access to the IT area.
In a smaller organisation, rooms with computer terminals linked to the accounts system may be locked when the authorised staff are not present.
Usernames and passwords
Access controls may be included in the software to ensure only authorised personnel have access and only to the data relevant to their work.
Access to the system as a whole, access to programs, and access to files may be controlled through usernames and passwords.
Users gain access to the computer, a program or a file only if they enter the correct username and password when prompted.
Users are assigned only to genuine employees, and access is tightly controlled.
Firewalls
Software to prevent malicious attempts to penetrate and access an IT system from being successful.
It is used to prevent unauthorised individuals from gaining access to the system.
A firewall may take the form of either software or physical equipment (such as a broadband router).
Anti-virus software (sometimes referred to as anti-malware software), which is often used in conjunction with a firewall, can protect against malware that, after gaining entry to the system, may destroy or steal data.
Anti-virus software
Software to prevent and detect intrusions from malware. It may include features like scanning, quarantine, and monitoring of process threads for malicious code.
Malware (malicious software), such as computer viruses, can destroy files, programs and the operating system.
Malware can also be used to gain access to computing systems and obtain sensitive information.
Anti-virus software warns the user when an item of malware is detected in the system.
An anti-virus software quarantines suspicious software, isolating it from the rest of the system.
The latest virus signatures and codes are downloaded from the anti-virus company to ensure the anti-virus is up to date.
Back-up files
Back-up copies of files should be created regularly to minimise disruption from damaged or lost files.
These copies should be kept appropriately and stored securely in a separate location.
Automated procedures regularly back up critical data to an offsite location or the cloud.
Disaster recovery plan
A disaster recovery plan is a strategy for dealing with an event, such as a fire which damages a company’s records and equipment.
It may involve storing these in an alternative location with backup files.
A redundant system may be maintained for highly critical processes and data.
If the IT system fails, the redundant system can activate and be used, resulting in minimal service downtime.
Encryption
The process of making any intelligible data unintelligible.
Encrypted data can be read only by using the decryption key.
Encryption prevents unauthorised access to, or understanding of, transmitted or stored data.
Encryption facilitates authentication where only the genuine parties can be verified to read the data transmissions.
Encryption helps ensure data integrity– to detect if there are any unauthorised alterations to the information.
Electronic signatures (a digital code that verifies a message’s origins and contents) enable the recipient to check who sent the data and that it was not altered after transmission.
Activity 1
Match the appropriate control to manage the IT risk.
IT risk
IT staff in the company’s IT centre make many errors and mistakes in procedures
IT system failure due to a power blackout at the local electricity station
Risk to data and files from the introduction of malware
Risk of entering incorrect data in transaction records for processing in the accounts system
Risk of corruption to data held on a payables file in the accounts department
Risk of unauthorised access to an IT system
Control
Use of data validation checks in the accounting software
Install anti-virus software in the computer system
Keep a backup electricity generator at the IT centre
Careful recruitment of staff and thorough staff training
Use of logical access controls: usernames and passwords
Keep backup copies of files and copies of previous generations of files
General Controls
Controls in an IT environment can be divided into general controls and application controls. As the terms may suggest:
General IT controls apply to all IT activities and entire computer systems.
Application controls apply to a specific application program or application system. An ‘application’ is used for a particular operation or activity, such as a bookkeeping system, an inventory control system or a production planning system.
General controls are often found in organisations with their own IT department than in organisations with small IT systems.
General IT control
description
Software development standard procedures
Standard procedures are applied for developing all new programs and new versions.
Versions of documents and programs
Documents and programs are often updated.
The system will assign a new document or program version a unique number to identify it (which stops a wrong version from being used).
Physical security measures
Physical security measures, such as key-coded doors, in an IT centre, are examples of general controls.
Hardware controls
Control procedures relating to the correct use and maintenance of IT equipment.
This is to reduce the risk of equipment breakdowns.
Data recovery controls
Controls to ensure that backup copies of files are made and stored securely.
Access controls
Controls to restrict access to the system to authorised individuals utilising identity codes and passwords.
When a large organisation has its own IT department producing its software, there must also be internal controls to ensure that new software is not introduced before it has been thoroughly tested and approved.
Suppose a company has developed its payroll system and wants to introduce a new program version because the taxation rules have changed.
The first step is to specify the changes required to the payroll system software.
The proposed changes must be approved, and the development of a new version of the payroll software must be authorised.
This is an internal control measure – authorisation
The IT staff develop a new version of the software to include the changes in the tax rules.
The new draft version of the software must be tested thoroughly. Thorough testing is a form of control.
After testing, the new version of the software must be approved, and its use in practice must be authorised. This is another internal control.
The new version of the software must be given its unique version number. When the payroll program is used again, the version number must be specified, and there must be a check each time to ensure that the program’s correct version is being used.
Application controls
Application controls are applied to a specific IT program
Examples of these are:
Application control
Checklist
Data validation checks on input records are typical examples of application system controls.
Batch total checks.
In a system where transactions are processed periodically in batches (rather than continually), for example, a sales invoicing system where sales invoices are produced once a week, a manual record may be kept of the total number of transactions entered into the system. This can then be checked against a computer-produced total of the number or value of transactions processed and invoices produced.
Spelling checks
Where it is essential to limit the number of spelling errors, there may be an automatic spell-check in the program to test words for the correct spelling. Word processors often include this facility.
Access controls to specific application programs or systems.
Access controls to a computer system using passwords and identity codes are a form of general control; controls over access to particular application systems and files are application controls.
Data validation checks
Various automated checks can be written into the software to detect and report errors in the input data. These programmed checks on the input data are called data validation checks. The input data will consist of several items or ‘fields’ of data, and validation checks can be carried out on the data in any field within each input record.
Data validation check
Range
A range check on an item of data ensures that the item’s value is within a specified range.
A company has a receivables system in which customer identity codes range from ‘20000’ to ‘39999’.
A data validation check can be written into the software to produce an error report if the code in an input record is outside the range of 20000 – 39999.
Existence check
An existence check on an item of data is a check to ensure the item has a code number that ‘exists’ and so is acceptable.
In a payroll system, a code in each employee record may specify whether the individual is paid weekly (wages; 1) or monthly (salary; 2).
An existence check can be written into the software so that if the code in an input record is not either 1 or 2, an error report will be produced.
Format check
A check on an item of data to make sure that it is in the correct format.
Inventory items may have a code consisting of a letter followed by four digits.
If a transaction is entered into the system with an inventory code that is not in the correct format, an error report will be produced.
Check digit check
A system can check the validity of a code for an item, such as a customer or an employee number, by including a digit within the code that enables the software to establish whether any number in the code is incorrect.
This way, the system can automatically prevent an incorrect record from being amended or updated.
All authorised customer codes will comply with a formula that produces a check digit.
A customer code that does not produce the correct check digit would have been improperly input into the system and not authorised.
Audit Trail
Automatic processing can make it difficult to check whether transactions are processed correctly after they have been entered into the system.
An audit trail is a log of all the actions performed on data and will provide management and audits with a clear understanding of what processing has been done to the data.
Computer systems should provide an audit trail for transactions so that a checker can trace a transaction through the computer system to see how the transaction has been processed
External auditors use software or data to assist them with auditing computer systems, such as unique test data.
Cloud Computing
Definition
Cloud computing – The use of services provided by remote servers hosted by a third party through the Internet.
Cloud providers typically offer ‘as a service’ solutions. Customers pay for services via an ongoing subscription rather than making an outright purchase. Popular services include Software as a service (SaaS) and Infrastructure as a service (IaaS).
Benefits of Cloud Computing
Cloud-based systems are relatively inexpensive to establish as a third party provides the infrastructure.
Economies of scale enjoyed by the provider often result in affordable subscription fees and provide value for money.
Cloud systems are flexible and scalable, allowing users to be added or removed easily. This enables businesses to only pay for the level of service provision they require.
Although no system can ever claim to be 100% secure, cloud-based systems provided by reputable, credible vendors have generally proven safe.
Cloud-system providers possess system security expertise and can deploy up-to-date security measures. Back-ups are also relatively easy to manage on cloud systems.
Cloud-based systems are accessed using simple, widely-used browser software. Cloud systems are accessible by users across the globe from internet-enabled devices, providing around-the-clock, real-time access to systems and data.
Many accounting software packages are now provided as SaaS in the cloud. Many cloud systems are also accessible using smartphone ‘Apps’.
Having up-to-date, ‘24/7’ data access is changing the nature of accountancy. For example, in some organisations, the monthly reporting cycle is being phased out, as managers have constant access to dashboards showing key performance indicators which are updated in real-time.
Automation and Artificial Intelligence
Definitions
Automation – The operation of activities without the need for human intervention.
Artificial Intelligence (AI) – using computer systems to copy the cognitive functions of the human brain in learning and solving problems.
Automation is most prevalent in routine tasks with fixed procedures and logical steps; because of artificial intelligence (AI) developments, automation is now possible in more complex tasks that require judgement and decision-making.
AI includes the ability of a computer system to plan, reason, learn, sense, build knowledge and communicate in ‘normal’ or natural language. Applications include video games, fraud protection, cyber-security, virtual assistants (“suggestions for you”), online customer support (using AI “chat bots”) and autonomous (“self driving”) vehicles.
For example, over time and based on the treatment applied in the past, computer systems can ‘learn’ how to apply the correct ledger codes to items imported into an accounting system from a bank data feed.
Impact of Automation and AI in Accountancy
Routine transactions are increasingly being processed without the need for human input.
Automated period-end routines can post, consolidate, and reconcile data from several sources.
Apps are available that scan expense receipts using a smartphone and code the transaction using AI.
Automated systems can vet new suppliers by checking their credit scores and company information and set them up without human involvement.
Digital workflows and AI-powered invoice management systems are streamlining invoice processing.
Software robots (‘bots’) may be used to respond to common questions or queries, for example, a copy invoice or when a specific invoice is due.
The increased use of automation and AI is freeing up the time of accountants and other finance team members, enabling their time to be spent on planning, decision making and other higher-level tasks.
Accountants require new skills, such as overseeing and reviewing automated processes and analysing the large amounts of data organisations now generate and have access to.
Example: Sales ordering
The following compares manual and automated sales ordering procedures.
Activity
Manual
Automated
Identifying customer orders.
The sales clerk (person) periodically logs into the system to check for new customer orders.
The software pulls data from the customer system, checking for new orders.
Validating customer orders
The clerk compares the purchase order to the customer database to validate it.
The new order is automatically compared to the customer list and validated for processing.
Applying pricing and discounts.
The clerk applies current pricing and discounts to the order based on the customer’s contract and prevailing sales policies.
The system automatically applies the current pricing schedule and applicable discounts from the customer’s contract and prevailing sales policies.
Picking and shipping.
The clerk initiates a delivery order to the stores department to pick and ship the customer’s order.
The stores department will update the sales function once the order is shipped.
The system automatically generates a delivery order to the stores department to pick and ship the customer’s order.
The stores department signs off digitally on the shipped order, and the system automatically logs the delivery.
Updating records
The clerk updates the customer account with the shipped order to reflect the current receivables.
The system automatically updates the customer account with the shipped order.
Impact on Role and Effectiveness of Accountants
Technical, rules-based aspects of accountancy are likely to become increasingly automated. The time accountants spend on these tasks is reducing, as it takes less time to oversee an automated system than to operate the process
Increasingly, accountants must apply different skills, such as data analysis and business awareness, to uncover commercially significant patterns and trends from large data sets.
‘Soft’ or personal skills are also increasingly important, helping accountants ‘partner’ with managers and leaders across the business
Accountants roles will change into that of advisors that help management make sense of the massive amounts of data, and the processing that accompanies them, into valuable, actionable insights that help shape the company’s decisions.
Accountants have a critical role to play in ensuring that AI models are used ethically and effectively across the organisation.
Demands on accountancy and finance professionals continues to grow. AI requires experts to oversee critical processes and functions, and AI cannot replace the ability to think critically
Big Data and Data Analytics
Big data – Collections of data that increase exponentially over time, with too much volume, variety, and velocity for traditional data-processing methods to analyse effectively.
Data analytics – The process of deriving meaning from data.
Big Data Aspects
Aspect
Volume
The volume of data being captured from transactions, social media, customer relationship management systems and sensors has exploded in recent years and continues to do so.
Velocity
The speed or velocity at which data is being streamed into systems and organisations is also increasing rapidly. To be useful, this data needs to be captured and analysed in an efficient and timely manner.
Variety
Variety relates to the many types and forms of data collected and generated.
Structured data refers to data held in defined file structures, for example, a transaction file.
Unstructured data includes images, audio and video files, and ‘free text’ in social media posts and emails.
Veracity
Data quality relating to accuracy and truthfulness is essential for effective decision-making.
Practical analysis to provide valuable findings can only be done if the data collected is true; this includes considerations on the reliability of the data source.
Value
The benefit of having data for the organisation must be higher than the cost of obtaining it.
Data Analytics Tools in Accountancy and Audit
Data analytics tools that examine large amounts of data have been developed to uncover hidden patterns, correlations and other insights.
Decisions based on data are, generally, more likely to be ‘correct’ and result in the intended outcome than decisions based on a ‘hunch’ or made without supporting data.
Accountants are used to working with data and are well-placed to help the leaders of other business functions make better-informed decisions.
A high-quality decision-making process requires large volumes of diverse data (‘Big data’) to be gathered and analysed, action courses and consequences identified, and recommendations made and implemented.
Data analysis tools such as ‘Hadoop’ and ‘R’, which in the past were used mainly by specialist data scientists, are increasingly being used by others, including accountants.
Data analytics tools enable accountants to uncover valuable insight from large amounts of data. This insight can help the business better understand the financial impact of critical decisions.
Accountants use analytics tools to analyse customer and financial data to construct better quality forecasts.
Auditors are increasingly required to assess vast volumes of data, including unstructured data such as email messages.
Auditors use data analytics tools. For example, they can use software which can analyse the text in documents and email messages directly to identify risks, rather than manually trawling through correspondence files.
Some commentators believe that technological advances will eventually mean it is viable to audit all transactions using automated routines rather than relying on a sample.
Accountants have always analysed data. Traditionally, this analysis has focussed mainly on structured data held within the accounting system and on financial measures such as profitability and return on investment.
The advent of Big data and data analytics has resulted in a broader application of accountants’ skills. For example, an accountant may now be involved in analysing customer feedback to identify the drivers of customer satisfaction as part of developing a new product or service.
Understanding data and data analytics is now a core skill for accountants
Blockchain
Blockchain – An immutable digital ledger that records managed transactions and track assets over a decentralised network.
A blockchain is a distributed digital ledger with identical copies held on individual member computers of the blockchain network. Data is organised into blocks which are chained together.
This means that a blockchain stores information across a network of distributed computers, with no one owning the system, but anyone can use it and help to operate it.
As a result, it is tough for any single person to edit a block, corrupt the information or take down the blockchain. This makes the information on the blockchain extremely difficult to corrupt.
Distributed ledgers and blockchains are relatively new technologies which have massive potential.
Features of Blockchain
Feature
Meaning
Distributed ledger
Copies of all information are shared on the blockchain. Participants validate information without the need for a central authority. If one node fails, the remaining nodes can continue without disruption.
All participants have access to the entire history of changes to the blockchain.
Consensus-based
To be added to the ledger, a transaction must be approved by all parties on the network or by a previously agreed consensus.
It is challenging to overwrite a change to the blockchain.
Transaction blocks
Transactions are recorded in the ledger in a chain of blocks – the ‘blockchain’. Connected blocks form a chronological, time-stamped chain.
All changes to the blockchain are known.
Security and data integrity
The ledger content and the links between blocks are protected by cryptography which prevents previous transactions from being destroyed, altered or forged.
It is challenging to destroy or alter the blockchain.
Blockchain technology was initially associated with cryptocurrencies such as Bitcoin.
As the potential of distributed ledgers, including blockchain, becomes better understood, it is being applied to many situations.
For example, ‘smart contracts’ have been developed which enable parties to exchange money, property, shares, or anything of value in a transparent, conflict-free way while avoiding the services of a third-party such as a lawyer.
Impact of Blockchain on Accountancy and Audit
The use of blockchains has the potential to reduce the time required to maintain and reconcile accounts.
Blockchains provide certainty over the ownership and history of assets.
Blockchains may eliminate bookkeeping and reconciliation work, freeing up time for accountants to focus on adding value elsewhere.
Blockchains, combined with appropriate data analytics, could automate much of the transactional level work in an audit.
The parts of accounting concerned with the transfer of property rights will be transformed by blockchain and smart contracts.
Audit confirmations will be less necessary or time-consuming if transactions are visible on blockchains. For example, an asset’s owner is likely to be verifiable by blockchain records, but its condition, location and actual value will still need to be confirmed.
The audit’s focus will shift away from confirming the accuracy or existence of transactions to judgemental elements such as valuations.
The move to a financial system which uses blockchains offers accountants opportunities.
Accountants are seen as experts in record keeping and applying rules in commercial settings. Their combination of business acumen and financial knowledge means accountants are well-placed to advise companies seeking to leverage blockchain and other new technologies.
Cyber Security
Cyber security uses hardware, software and other technologies and procedures to protect computer systems from cyber-attacks.
The term cyber-attack describes any malicious activity initiated using a computer that attempts to collect, disrupt, deny or destroy data or system resources.
A firewall is a critical cyber security tool which monitors incoming and outgoing network traffic and permits or blocks data based on a set of security rules. It establishes a barrier between an internal network and incoming traffic from external sources, such as the Internet, to block malicious traffic, including viruses and hackers.
Cyber Attack Risks
Cyber-attacks target system weaknesses or vulnerabilities and often involve ‘malware’ (malicious software). A cyber-attack brings a wide range of risks and possible consequences.
Unauthorised access means entering a computer system without the system owner’s consent.
Usually, the purpose of unauthorised access is to commit an additional offence, such as data theft.
Hacking, or gaining unauthorised access through improper means, is one form of unauthorised access.
Data theft
Data theft involves stealing data.
Theft of attractive data such as credit card information, personal details, trade secrets, intellectual property, customer information and employee records.
System disruption and downtime
The aim of some attacks may be to cause damage or disruption.
For example, a competitor may attempt to disrupt a business’s ability to conduct transactions.
A Denial of Service (DoS) attack involves overloading a system to disrupt it. Downtime increases costs, hinders operations and may reduce revenue.
Identity theft and corporate account takeover
Impersonation of an individual or entity to gain advantages or commit financial crime.
Identity theft involves a cybercriminal stealing personal information, which enables the fraudster to commit other crimes, such as credit fraud or extortion.
A corporate account takeover involves cybercriminals obtaining an entity’s banking credentials and using the organisation’s computers to steal funds from their bank account.
Breach of legal regulations and reputational damage
Organisations which fail to take adequate cyber security measures may face a range of legal consequences, including prosecution and fines by data protection regulators.
A data breach damages a business’s reputation and brand.
Restoring the business’s reputation takes time and money, for example, money spent on public relations.
Loss of customers and revenue
The economic impact of a cyber-attack.
Customers inconvenienced by, or concerned about, the consequences of a cyber–attack may decide to switch to a competitor. In this age of ecommerce, switching to a different provider is often quick and easy.
The costs and consequences of cyber-attacks may be severe. For some organisations, particularly small businesses, the implications of a significant data breach may be too great to survive.
