Good morning, CFOs. When a company is hit by a cyberattack, its suppliers feel the sting, too.
For starters, a recent study finds, suppliers’ auditing fees often jump about 6% when a big customer experiences a cyberattack, even when the supplier itself didn’t suffer a breach.
“It’s not enough to know that your company is secure. A cyber breach at a key customer could have a big financial impact for your company,” says Tom Smith, co-author of the study and an associate professor at the University of South Florida. Yimei Zhang, an assistant professor at Montana State University, is the other author.
Other possible repercussions for suppliers in the wake of a cyberattack at a key customer: Earnings could be significantly lower, inventory could sit longer than expected or there may not be enough cash on hand to make debt payments, says Smith, who is also associate director at the University of South Florida’s Lynn Pippenger School of Accountancy.
Other academic studies have found that even companies operating in the same industry as a company hit by a cyberattack often see a 5% increase in auditing fees. At companies that are attacked themselves, auditing fees jump by an average of about 8%.
Auditors for public companies are required to account for supply-chain risk. When a company in the supply chain suffers a cyberattack, auditors may need more time or people to get a full grasp of the impact of the cybersecurity breach on a supplier’s financial statement. Accountants might also face increased litigation and reputational risk for auditing a company in the same supply chain as a company that has been hacked.
|