A Sea Change Is Coming – Transitioning to FASB’s New Lease Accounting Standard

Posted on by

 

By Chris Wright and Charles Soranno,
Managing Directors, Internal Audit and Financial Advisory

 

 

On the heels of the Financial Accounting Standards Board’s (FASB) new revenue recognition standard, which becomes effective for calendar-year public companies beginning January 1, 2018, the accounting and internal audit world is gearing up for another significant accounting and financial reporting change beginning one year later (on the first day of the first quarter), January 1, 2019 – the new lease accounting rules.

We presented on this topic last month at The IIA’s 2017 Gaming & Hospitality Conference in Las Vegas. Judging by the attendance at our discussion panel, many gaming and hospitality organizations are acutely concerned about making the transition to the new rule and are turning to their internal audit departments for strategic advice.

In scope for that industry are leases of real estate, hotels and casinos, and of course, the ever-changing casino floor electronic gaming equipment itself – if leased. However, for all industries, the new lease accounting standard represents a sea change in lease accounting for lessees, affecting all companies and organizations – whether public, private or not-for-profit – that lease assets such as real estate; airplanes; ships; and construction, office or manufacturing equipment. For lessors, accounting for leases is substantially the same as in the past.

The new standard will require lessees to recognize a lease liability and a right-of-use asset for all leases, except for short-term leases, as follows:

  • “Lease liability” is the lessee’s obligation to make lease payments arising from a lease, measured on a discounted basis.
  • A “right-of-use asset” is an asset that represents the lessee’s right to use, or control the use of, a specified asset during the lease term.

With regard to income statement recognition for lessees, the FASB retained a dual model, requiring leases to be classified as either operating or finance. Operating leases will result in straight-line expense recognition, while finance leases will result in a front-loaded expense pattern. Classification will be based on “consumption” of the asset, meaning that leases of property (i.e., real estate), which are typically not consumed, will follow straight-line amortization, and leases of non-property (e.g., office equipment), which are typically consumed, will follow an expense pattern similar to current capital leases.

Of note, the International Accounting Standard Board (IASB) retained only a single model – all leases treated as a financing.

While the new standard represents a big change, the bright side is that many companies might be able to comply using their existing processes and systems, provided their current lease inventory is appropriately inventoried, housed and cataloged.

That said, during our panel we stressed that lessees should nonetheless ensure that their policies, personnel, processes and reporting systems will be effective in generating the data and information needed to account for their leases in accordance with the new standard.  A few key points we addressed at the conference:

  • Determine the reliability of your lease inventory: Lessees should determine that all leases across the organization are identified on a timely basis and aggregated to create a complete and accurate lease inventory. Lessees should be able to update that inventory dynamically.
  • Assess systems and data scalability: If leases are managed through spreadsheets and databases at many locations across the organization, companies should consider selecting and implementing a suitable technology solution to simplify the lease data gathering process, store and update the required data, generate the required accounting, and support the required disclosures.
  • Watch out for embedded leases: If companies enter into arrangements that grant the right to use property, plant or equipment, that arrangement may very well contain a lease. Common situations are assets embedded in service arrangements or included in a bundle of goods or services. Don’t forget to account for those in your lease inventory!
  • Revisit your financing obligations: Lessees should review current debt agreements now to ensure the initial recording of new lease liabilities upon standard adoption would not be considered “new debt,” thus triggering unwanted debt covenant violations in areas such as debt/equity and debt coverage ratios, as well as working capital amounts and ratios, whether subject to covenants or not. Have that conversation with your bank now!
  • Understand what is new in the business: All organizations should assess whether technological or other changes are expected to take place in the business that will affect the nature of the lease instruments deployed to obtain access to needed assets to operate casinos, hotels or electronic gaming equipment.
  • Understand the new disclosures: Finance and internal audit executives will want to understand the financial reporting and expanded disclosures under the new standard and how they may require modification to existing systems and processes. The disclosures required of lessees and lessors include, among other things, the nature of the leased assets, management’s significant assumptions and estimates over lease amortization period and method, and a debt maturities summary.

In closing, the FASB’s new leasing standard is finally a reality. Financial management and internal audit teams need to familiarize themselves with the new standard and become educated as to its impact on the reporting of financial position, statement of earnings and cash flow, and all required disclosures.

Getting the transition process started early will enable management to develop an efficient and timely plan, as well as involve internal auditors early and enable them to have a voice at the table and offer strategic guidance to ensure orderly controls transition and project management monitoring. An early start will provide sufficient lead time to enhance processes, upgrade support systems and prepare stakeholders for the coming change.

The Importance of Data Lineage for AML System

Posted on by

By Vishal Ranjane, Managing Director
Risk and Compliance

 

 

 

Financial organizations have long embraced the advantages that information technology offers, and many are looking forward to larger digitalization initiatives to gain market advantage. Customers appreciate the convenience of digital offerings, while firms enjoy the reduction in operating costs that information technology enables. Of course, in the multifaceted, highly regulated environment in which financial institutions operate, mastering the complexity of this digital future is both rewarding and risky.

In any financial firm’s application landscape, data flows from system to system. In an ideal world, key data gathered at the front end (customer-facing systems) makes it to the back-end systems without hitches. In reality, in the application architecture of almost any financial institution, systems are sometimes imperfectly integrated, often as a result of multiple acquisitions, and data does not always make the journey from system to system without some amount of attrition or change. However, banks and other financial institutions that handle customer data must be able to demonstrate that the information which originates upstream, in customer-facing systems, is the same information found in the bank’s risk and compliance systems downstream. This is where data lineage becomes important.

Data lineage tells the complete story of how data within an organization was produced, consumed, and manipulated by the organization’s applications. It traces the data’s movement through systems.

Once, it was sufficient to demonstrate to regulators that the right policies were in place, that the right procedures were followed, and the right reports were generated and reviewed to protect against threats like fraud and money laundering. Now, financial institutions must be able to demonstrate to regulators that they are using complete and accurate data to monitor for these activities.

Asserting data legitimacy

An organization asserts de facto data legitimacy when it relies on the integrity of its data for key reporting or decision-making activities, such as those involved with risk and compliance solutions. It is imperative that data from upstream systems of record or points of capture arrives in these downstream risk and compliance systems in a manner that does not materially alter or obscure the content received from the system of record or point of capture.

De facto data legitimacy claims is an area of focus for regulatory authorities who require that these claims be documented and proven. The recent Part 504 regulation by the State of New York Department of Financial Services emphasizes the importance of data lineage in an AML context, stating that a covered institution must not only identify all data sources that contain data relevant to its transaction monitoring and watchlist filtering programs, but also must ensure that these programs include the validation of the integrity, accuracy, and quality of the data to ensure that an accurate and complete set of data flows into these programs. In addition, the regulation specifically notes data mapping as a key component of end-to-end pre- and post-implementation testing of transaction monitoring and watchlist filtering programs.

Going back to the firm’s application landscape, upstream data – data entered initially by the customer, for example – may not survive the journey downstream, and facts about the transaction may be lost with each hop from system to system. Can an auditor know if a particular transaction was made with a teller, a wire, or via an ATM, for example? Was a deposit made by check or cash?

Data lineage documentation can be done using a variety of tools ranging from simple to sophisticated. In smaller, less complex systems, simple spreadsheets and diagramming tools may suffice, while large financial institutions may deploy vendor toolsets to automate tedious and error-prone capture and documentation activities.

Data lineage as part of data governance

Establishing the data lineage should, of course, be more than just an exercise in documenting what’s already in place. Performing this level of analysis and uncovering previously unknown silent errors or gaps in the data being used to manage AML risks and generate reports should lead to increased accuracy and confidence in the reports and management information presented to senior management, internal audit and regulators. An additional benefit is getting better insights into customer behavior – a value for any business.

Having a sustainable data lineage initiative is only the start. To be sustainable over the long run, such initiative needs to be part of a larger data governance program that is firm-wide and involves all departments and functions. Data governance efforts are viewed well by regulators, who increasingly put pressure on financial institutions to formally document business processes, data controls, source-to-target mapping, and defend all activities around data management. A Protiviti white paper, “AML and Data Governance: How Well Do You KYD?,” provides more information and may be of relevance to your company.

Benjamin Kelly of Protiviti’s Regulatory Risk and Compliance practice contributed to this content.

Pro-Growth Signs in Washington Present Opportunity for Power and Gas Capital Investments

Posted on by

By Tyler Chase, Managing Director
Energy and Utilities Industry Leader

 

 

 

Power utilities trying to gauge what the future regulatory landscape will look like are likely getting frustrated with the political cacophony in Washington. Yet judging by legislative activities in Congress and some of President Trump’s executive orders to date, pro-growth and job-creation policies are clearly top-of-mind among the nation’s lawmakers. For organizations that have been putting off capital programs to expand or upgrade facilities and infrastructure, the business-friendly tone could signal a chance to launch these deferred capital investment programs.

As we pointed out in our Flash Report on the new administration’s first 100 days, Trump reversed a handful of Obama administration memoranda, reports and executive orders that were largely considered by the industry to be red tape bogging down capital investment. Among other actions, Trump eliminated multiple policies that built climate change considerations into federal decision-making and ended White House guidance on energy, infrastructure and other proposed projects. Additionally, in mid-May the Senate Committee on Homeland Security and Government Affairs advanced several bills aimed at regulatory reform that could affect utilities. One of these bills, the Senate version of the Regulatory Accountability Act, would require agencies to develop new regulations in the most cost-effective way possible and has the broad support of power, utility and other industrial organizations.

It is still too early to predict how much of Trump’s proposed agenda will ultimately end up as policy, but clearly the need for new and continued investment in the power and gas sectors is not diminishing. According to the American Society of Civil Engineers (ASCE), which this year gave U.S. energy infrastructure a D+, most of this country’s electric transmission and distribution lines date to the 1950s and 1960s, have a 50-year life expectancy, and were not designed to meet today’s energy demands. ASCE also anticipates a $177 billion funding shortfall for generation facilities and infrastructure through 2025.

Meanwhile, increasing the mix of power generation sources to include wind, solar, geothermal and hydrothermal alternatives, along with a retirement of coal-fired plants in favor of natural gas-fueled facilities, requires expansion investment to ensure the transmission grid’s reliability. As we mentioned in our 100 days Flash Report, Trump policies may ultimately relax federal emphasis on renewable energy sources like wind and solar, but that won’t curtail state mandates for more alternative generation or the progress that utilities are making in that area. A case in point is a 2015 California law requiring utilities to procure 50 percent of their energy from renewable sources by 2030, an increase from an earlier target of 33 percent.

Similarly, while the Trump administration has loosened coal regulations to make the commodity more competitive, the U.S. Energy Information Administration reported in January that the electricity industry was planning to increase natural gas-fired generating capacity by more than 35 gigawatts through 2018. Successful completion of the expansion surge would mark the largest net addition in natural gas generating capacity since 2005 and follows five years of net reductions in coal-fired generating capacity.

Protiviti’s perspective — proceed with caution

Though excitement may be building as a result of the new winds in Washington, organizations pursuing plant or infrastructure capital improvements need to keep in mind the pitfalls and risks that could derail the projects. Power and gas industries are still heavily regulated, and environmental constraints still exert influence on right-of-way, for example. To avoid risks, utilities need insightful and skillful management over planning and execution, including oversight of contract compliance, utilization of efficient and well controlled processes, and project risk assessments, among other services.

If your organization is planning or embarking upon a large capital expenditure to expand or upgrade its plant or infrastructure, here are some questions to ask before proceeding:

  • Will existing management processes provide sufficient visibility into decisions that impact project costs?
  • How are project risks identified, communicated and mitigated throughout the project lifecycle?
  • Are current resources capable of managing the project’s complexity?
  • Is the team of engineers, procurement staff, construction managers, trade contractors and material suppliers familiar with and comfortable working in a regulated environment?
  • Is the organization prepared to vigorously defend project costs during review by regulators, intervenor groups, and the public?

Some companies may be willing to wait and watch until the uncertainty over the implementation of Trump’s agenda begins to clear. Wall Street is certainly cautious and jitters in the market have given some investors pause. Nevertheless, lawmakers largely appear to be concentrating on economic policies intended to create and promote growth. Given the shape and age of the transmission grid along with the continuing transformation of power generating sources, the time is certainly ripe for a conversation about capital investment projects that position utilities for future growth while bolstering grid reliability.

Protiviti subject-matter experts Jon Critelli and Marius Anelauskas contributed to this blog.

Digital Transformation Success Requires Looking Inward First and Never Wearing Blinders

Posted on by

By Gordon Tucker, Managing Director
Technology, Media and Communications Industry Leader

 

 

 

To stay relevant in the digital economy, technology, media and communications companies must evolve on two fronts: externally and internally. The trick is that they must do both in tandem — and many find this difficult.

External evolution relates to the role the company is playing to help propel the digital wave forward. Namely, what new and game-changing digital products, services and business models is the company innovating and bringing to market successfully? This type of evolution is also about how the business positions itself among its competitors in the digital market and responds to new market demands and rapidly changing consumer expectations. Are those approaches effective? How does the company know?

Internal evolution, meanwhile, is about the ability of the organization to strategically transform its business processes, technology infrastructure, workforce culture and more to compete effectively in an increasingly digital age. Evolving internally is vital to supporting the company’s external evolution. Yet business leaders don’t always make that association.

At some companies, external dynamics — shareholders’ views, consumers’ sentiments, market perceptions about the company’s brand or reputation — are the impetus for external evolution. To respond, these businesses are constantly channeling resources into developing new products, services or campaigns, often at the expense of addressing internal issues that could cause the business to falter, or even fail, over time. Siloed business processes and weak cybersecurity practices are examples of such issues.

In other organizations, too much change is undertaken too quickly, both internally and externally. These businesses launch sweeping digital initiatives that aren’t backed by well-thought-out strategies. They also fail to evaluate the competitive landscape thoroughly. They focus on trying to outpace known and well-established rivals, and overlook or underestimate emerging players that have the potential to disrupt the marketplace and erode their market share.

In both examples, these businesses are making digital journeys with blinders on. One group is focused on short-term wins that don’t spark meaningful or lasting change. The other group is barreling toward a finish line in a race without an end, paying little or no attention to emerging threats and changing conditions in the field around them. In either case, the decisions these companies make are unlikely to position them for long-term digital success. I suggest a better approach below.

Look inward first

Using technology to improve operations internally is one way for companies to further their digital transformation and bring it to a broader scale. Evolving internally builds a safe foundation that can support their external evolution. For example, a business that has the right digital processes in place and is not burdened by legacy IT systems undermining its agility can score a number of operational successes — from simplifying or automating repetitive or labor-intensive business processes to implementing new tools to enhance workforce communication and collaboration. These successes can then be translated externally into the ability to innovate quickly, deliver better service to customers and meet the expectations of stakeholders.

I recommend reading Protiviti’s white paper, Catching the Digital Wave of Change, which explains how the way a business embraces technology can, in turn, help to change the way employees and customers perceive the organization. Change from the inside shines to the outside.

Tear off the blinders

When setting the strategy for a digital initiative, businesses must analyze the markets in which they are operating, as well as the competitor landscape. In their quest to achieve digital transformation, they must be careful not to miss what’s happening in the “ecosystem” around them.

Ron Adner, a professor of strategy and entrepreneurship at Dartmouth College’s Tuck School of Business, explained in a 2016 Harvard Business Review article that the “nature of disruption is changing … [and now] occurring at the level of ecosystems,” rather than at the product or service level. He posited that businesses need to “approach their competitive strategy with a wide lens that captures ecosystem dynamics” if they want to succeed in an Internet of Things world.

Adner pointed specifically to the example of a well-known company that produces imaging products with its historic basis in photography. That company’s long and painful journey to becoming a digital company as an example of what can happen when leadership “does not appreciate the dynamics of the broader ecosystem around it.” The company did not respond fast enough or appropriately to changes in the digital imaging ecosystem, and it cost the company dearly. Adner wrote that the “lesson for today’s leading firms is that risk lies not only in a lack of attentiveness to disruptive change but also in embracing the wrong part of the change.”

I don’t have much more to add to Adner’s insight other than to say that wearing blinders — not looking at the whole picture — in the digital era is likely to cause a company to lose or never find its way. Businesses may miss the right moment to pursue transformation or make the wrong decision about how and what to change. And no matter how innovative the business may be today, if it’s focused only on achieving one type of change or pursuing only one goal blindly, it’s bound to be overtaken or pushed off the track by competitors in the future.

States Champion Regulatory Streamlining; CFPB Remains Focused on Consumer Loan Servicing and Fair Lending

Posted on by

By Carol Beaumier, Executive Vice President and Managing Director
Regulatory Compliance Practice

 

 

 

While regulatory relief remains a topic within the Beltway, the Conference of State Bank Supervisors (CSBS), the nationwide organization of financial regulators from all 50 states, the District of Columbia, Guam, Puerto Rico and the U.S. Virgin Islands, has already taken action to streamline the multistate regulatory oversight framework for one group of its regulated entities – money services businesses (MSB). In April, the CSBS launched the Money Services Business Call Report (MSB Call Report) which will allow MSBs to submit a single periodic financial form and other activity reports rather than deal with state-specific reporting requirements in varying formats. The MSB Call Report includes a Financial Condition Report, Transaction Activity Report, Permissible Investment Report and (to be added in the fourth quarter 2017) a Transaction Destination Country Report. The initial report was due by May 15, 2017. While individual states need to opt into this reporting, this move is nonetheless a step in the right direction for the MSB community.

Among the topics on the agenda of the Consumer Financial Protection Bureau (CFPB) are mortgage servicing rights for consumers and fair lending. The CFPB’s 2016 final rule amending certain provisions of Regulation X (Real Estate Settlement Procedures Act) and Regulation Z (Truth in Lending) will be effective in October 2017. The rule requires a series of modifications to the procedures and technology platforms used by mortgage services. These modifications affect, among other things, key definitions (successors in interest, delinquency), lender-placed insurance, loss mitigation, communications with borrowers in bankruptcy, and periodic statements and coupon books. With the effective date less than six months away, mortgage services need to understand and be prepared to implement all of the required changes.

The 2016 CFPB Fair Lending Report, published in April, signals the agency’s fair lending priorities for 2017. These include identification of redlining activities; mortgage and student loan servicing issues based on race, ethnicity, sex or age; and fair lending challenges faced by women-owned and minority-owned businesses. Lenders engaged in mortgage and student loan servicing and small business lending activities should consider stepping up their monitoring and testing of these areas in preparation for upcoming CFPB examinations.

Learn more about these developments in our May issue of Compliance Insightsavailable here, and review our monthly recap of compliance developments on the same site.

Retailers, Tech Firms and Financial Services Providers: It’s Time to Shape the Future of Mobile Payments — Are You Ready?

Posted on by

By Gordon Tucker, Managing Director, Technology, Media and Communications Industry Leader; Rick Childs, Managing Director, Consumer Products and Services Industry Leader; and Jason Goldberg, Director, Financial Services Business Performance Improvement

 

The global mobile payments market is projected to reach US$780 billion by the end of 2017, according to research firm TrendForce. That figure seems impressive until you consider that the ability to pay for goods and services with a mobile device has been a reality for years. It’s been nearly a decade since Starbucks, one of the biggest mobile payments success stories to date, launched its app and rewards program. And recent research by the Mobile Economic Forum found that one-fifth of global consumers have made a mobile payment in-store. Given the exponential growth in smart device innovation and adoption over the past decade and consumers’ inherent desire for convenience and speed when making a purchase, it is logical to think that the mobile channel would dominate as the avenue for payments by now. It’s where we’re headed, to be sure. But some formidable obstacles have been impeding the growth of the industry, such as:

  • Persistent concerns about fraud, privacy and security: Even though most consumers are aware of “digital wallets” — apps on smartphones that store credit card information and facilitate mobile payments — many remain wary of the risks. Fraud has been a problem, with weak authentication practices and identity theft at the root of many incidents — including those involving well-known brands like Apple Pay and Samsung Pay.

Consumers also worry about how companies are collecting and using data, including purchasing history and even geolocation. How and if that sensitive information is being protected from hackers is yet another concern. Tokenization helps to secure valuable transaction data, but data stored in digital wallets or merchants’ payment systems may still be vulnerable. Also, new entrants to the market may lack the security sophistication needed to protect sensitive data from compromise.

  • Bad timing: When solutions like Apple Pay, Google Wallet and Android Pay were being rolled out by mobile manufacturers and tech providers a few years ago, EMV chip card technology was also hitting the market. Retailers were initially confused, and frustrated, about whether to adopt mobile payments or EMV chip card technology. Most prioritized the latter. Now, adoption of that technology is near-universal in retail, even though EMV chip card transactions are slower than mobile payments or even traditional credit card payments.
  • Lack of a consistent experience: Merchants of all types have been racing to launch their own digital wallets. But it is unlikely that many will achieve long-term success with their ventures because consumers are already overwhelmed by choice in the market. Plus, these offerings are diverse, which means the mobile payments experience for consumers also varies. That works against efforts by retailers, and the mobile payments industry to engage consumers and convince them to pay with their smart devices at every opportunity. And there’s another ingredient for mobile payments success that not all retailers can capture: A key reason that apps from brands like Starbucks, Taco Bell and Dominos are so popular is that consumers do business with these retailers frequently — sometimes daily.
  • The fact that old habits die hard: One more dynamic that’s working against mobile payment adoption is the simple fact that it’s still easier and faster, in most cases, for consumers to pay for goods and services with cash, debit card or credit card. They’re comfortable with these methods, so they’re in no hurry to change. And many businesses that offer mobile payment options fail to do enough to incentivize consumers to make the switch — for example, they don’t provide compelling rewards to customers who use their app frequently.

A Growing Swell of Expectations From Consumers

The picture is not all bleak. There are other strong trends in motion that will help to drive mobile payments innovation as well as consumer adoption and use of these solutions. Here are some of the dynamics to watch:

  • New shopping trends will help mobile payments grow — a lot. Showrooming — where consumers examine merchandise in a traditional brick-and-mortar retail store or another offline setting and then buy it online, sometimes at a lower price — is just one example. It’s a retail experience that’s made for mobile — and it’s expanding as large e-commerce players like Amazon and Microsoft get in the game. Retailers can use mobile payment apps to incentivize shoppers to buy items in the store by offering discounts, special rewards or free delivery.
  • Mobile shopping apps are becoming more experiential for consumers. The core purpose of a mobile payment service is to facilitate transactions, of course, but that’s not enough to engage a consumer. Mobile shopping apps are evolving to help customers discover and research products before they are at the store and then help them locate those products while they’re in the store. These apps can also store shoppers’ receipts, gift cards and shopping lists; present discounts and coupons; enable comparison shopping; make the checkout process simple and fast, and more. Look for customer loyalty programs to evolve, as well; for instance, using data insights, a retailer could offer individualized incentives to mobile shoppers and reward them for specific behaviors.
  • A friction-free experience is becoming an expectation, fast. Mobile payments success hinges on creating a simple, seamless, value-adding and branded customer experience. Leading players in the person-to-person (P2P) payments space are setting the standard for the frictionless consumer experience — and winning over mobile-minded millennials. Recent research from Bank of America found that 62 percent of millennials use a P2P service.

Entrants in the P2P space are also focusing on the back end, trying to simplify operations and bake in security wherever possible without undermining the consumer experience. Good infrastructure that supports a secure and seamless customer experience is essential to the future of mobile payments. In the coming months on the blog, we’ll be exploring topics that retailers, technology companies and financial services providers, specifically, should consider when developing their mobile payments strategy. These topics include operational effectiveness, risk and compliance issues, technology strategy, and security and data privacy. Each of the industries mentioned above has an important role to play in helping to shape the evolution of the mobile payments industry. It will be through their collaboration, cooperation and innovation that the mobile payments experience can become what businesses and consumers alike envision it can — and should — be.

Was Friday’s Ransomware Attack Covered in Your Cyber Plan?

Posted on by

By Scott Laliberte, Managing Director
Technology Consulting

 

 

 

Less than a month ago, my colleague Adam Brand talked about the need to include ransomware in the cybersecurity repertoire of companies, emphasizing a business outcome-driven approach to cybersecurity, rather than a narrow-focused sensitive data perspective. Last Friday’s global ransomware attack brought this message home with a bang.

The wide-spread attack struck hospitals, companies and government offices around the world, with the majority of the attacks targeting Russia, Ukraine and Taiwan. It disrupted computers that support factories, banks and transport systems. The National Health Service in the United Kingdom was attacked, causing some surgical procedures to be cancelled and ambulances to be diverted. In addition, several major global companies reported they were hit by the attack, which currently is believed to have infected more than 200,000 computers globally, with some claiming the number is closer to 300,000.

The event is not unique but it is the biggest of its kind so far, and reinforces a harsh reality: Cyber attacks are not just about data loss or intrusions on privacy, but they can impact organizational operations, patient care (for healthcare providers) and critical infrastructure, and cause possible loss of life. Systems that support critical operations – such as medical devices and industrial control systems – often run on older technology that is more vulnerable to these attacks. You may have ignored these systems up till now because they do not contain critical data – ignore them no more.

In the wake of this latest attack, Protiviti issued a Flash Report today that summarizes the circumstances and reiterates the point we’ve made often before – namely, that cybersecurity needs to be extracted from the silo of IT security operations and considered in the context of the risk it poses to the business. The Flash Report also provides some immediate and longer-term recommendations for companies to shield themselves from future events like this one. Download the report here, and share your thoughts in the comments.