ICAEW.com works better with JavaScript enabled.

Cyber security resource centre

Cybercrime and threats to computer systems have become a major concern of businesses around the world. Our growing reliance on IT and the internet has greatly increased the impact of hacking, security failures and the loss of systems. At the same time, cyber attackers have become more sophisticated and organised. How worried should businesses be? And what are the main steps they should be taking? This resource centre provides a focal point for ICAEW members looking for support in managing cyber risks.

Latest statement on international ransomware cyber attack

Since the global coordinated ransomware attack on thousands of private and public sector organisations across dozens of countries on Friday, there have been no sustained new attacks of that kind. But it is important to understand that the way these attacks work means that compromises of machines and networks that have already occurred may not yet have been detected, and that existing infections from the malware can spread within networks.

Getting started

Introductory guides to cyber security.

More info

Getting started

While many businesses may recognise the risks around cyber security, it can be difficult to know where to start.

Cyber security training

An interactive training course that provides an introduction to cyber security.

More info

Cyber security training

This interactive training course provides participants with an introduction to cyber security.

Good security practices

Managing IT risks, cyber security in corporate finance and IT systems compliance review.

Expand

Good security practices

Good security practices that businesses can adopt to manage their risks around IT.

Cyber security in corporate finance

Tackle cyber security risks in the corporate finance sector.

More info

Cyber-Security in Corporate Finance

Understanding, anticipating and managing the risks in Cyber Security in Corporate Finance is crucial for all company directors and advisers; it is not an issue to be dealt with only by IT and technical specialists.

Resilience and recovery

Ensure your business operations can continue in the event of a major cyber incident.

More info

Risk and return

Understand the risk and return of cyber security measures.

More info

Risk and return

No security can ever be fully effective and businesses have to prioritise resources on the basis of risk.

Standards and regulation

Issues you may encounter when facing legal requirements or implementing standards.

Expand

Standards and regulation

Information security and data privacy are increasingly subject to legal regulation.

Thought leadership / trust

Our work considers a range of themes to help to build trust in the digital environment.

More info

thought leadership trust

In order to sustain value from IT systems, individuals and organisations need to have confidence in the security of sensitive information, as well as how it is being used and shared.

10 steps for smaller firms

Follow these basic steps to significantly improve your online security.

More info

Tech essentials - 10 steps to cyber security for smaller firms

While the fundamentals on how to protect yourself, your business and your clients remain essentially unchanged, the context in which we write about them continues to shift. Cyber criminals are always finding new means of attack and we all need to keep up to keep them out.

Audit Insights: Cyber Security

Issues and concerns that auditors are aware of in the cyber-security environment.

More info

Audit insights: cyber security – taking control of the agenda

The impact of cybercrime is growing across the economy and cyber risk continues to be high on board agendas. However, business are struggling to turn general awareness and concern into effective action. This slow pace of change is increasingly frustrating governments and regulators, and businesses need to show more urgency and take control of their cyber agenda. This report provides a further update to the four findings highlighted in the Audit insights: cyber security report, published in November 2013 and updated in 2014 and 2015.