Five Critical Cybersecurity Resolutions – The CPA Journal
Five Critical Cybersecurity Resolutions – The CPA Journal
https://www.cpajournal.com/2026/05/15/five-critical-cybersecurity-resolutions/
Publish Date: 2026-05-15 10:56:00
Source Domain: www.cpajournal.com
The new year comes with a new list of cybersecurity and technology risk resolutions. Financial and risk management professionals annually rededicate their organizations and themselves to better manage the ever-present threats posed by technology. It seems that no matter the efforts and progress made in the prior year, the task list remains just as long. Reasons include increasing business demands, pressure on limited resources, and, of course, revolutionary technologies such as artificial intelligence (AI), which provide significant opportunities for hackers to exploit weaknesses, as well as for organizations to enhance their protective strategies.
From a governance perspective, similar excuses for why tasks remain are heard annually from management. Audit committees continue to wonder why a particular risk keeps challenging the organization. Committee members are aware of the cost-benefit considerations for implementing controls to mitigate risks, as well as the publicized challenges in mitigating cybersecurity risks. Yet it seems that familiar words—such as misconfigurations, inappropriate access, vendor reliance, inadequate follow-up, staffing challenges, lack of resources, unremedied vulnerabilities, insufficient policies, and noncompliance with existing policies—continue to populate the audit committee agenda and subsequent discussions. Participating in end-of-year reflections focused on these topics could help governance professionals identify the root causes of cybersecurity risks.
Some predict that AI will change everything, but that may not be the case. Perhaps both hackers and defenders will have more sophisticated tools that will enable each to perform their objectives with greater efficiency and effectiveness. Defenders especially will need to learn from past mistakes to effectively use the new technology and efficiently protect against more sophisticated, complex attacks.
Getting the Right Things Done
Peter Drucker, the renowned management…
