.gform-theme--foundation .gform_card_icon_container .gform_card_icon.gform_card_icon_selected::after{--wpr-bg-c06e6352-d00c-4340-9a2a-966ae771435c: url('https://decrypt.cpa/wp-content/plugins/gravityforms/images/gf-creditcards-check.svg');}.elementor-144 .elementor-element.elementor-element-869888c:not(.elementor-motion-effects-element-type-background),.elementor-144 .elementor-element.elementor-element-869888c>.elementor-motion-effects-container>.elementor-motion-effects-layer{--wpr-bg-b11cad05-e480-4bff-aa9d-07d2b497fc3c: url('https://decrypt.cpa/wp-content/uploads/2024/04/asset-021.png');}.elementor-6269 .elementor-element.elementor-element-36a83d53::before,.elementor-6269 .elementor-element.elementor-element-36a83d53>.e-con-inner>.elementor-background-slideshow::before,.elementor-6269 .elementor-element.elementor-element-36a83d53>.e-con-inner>.elementor-background-video-container::before,.elementor-6269 .elementor-element.elementor-element-36a83d53>.elementor-background-slideshow::before,.elementor-6269 .elementor-element.elementor-element-36a83d53>.elementor-background-video-container::before,.elementor-6269 .elementor-element.elementor-element-36a83d53>.elementor-motion-effects-container>.elementor-motion-effects-layer::before{--wpr-bg-678b5d21-35ee-4f52-827f-11f6a0aa62c1: url('https://decrypt.cpa/wp-content/uploads/2026/03/bg_lines_decryptcpa.png');}.elementor-6269 .elementor-element.elementor-element-7d7d6d23::before,.elementor-6269 .elementor-element.elementor-element-7d7d6d23>.e-con-inner>.elementor-background-slideshow::before,.elementor-6269 .elementor-element.elementor-element-7d7d6d23>.e-con-inner>.elementor-background-video-container::before,.elementor-6269 .elementor-element.elementor-element-7d7d6d23>.elementor-background-slideshow::before,.elementor-6269 .elementor-element.elementor-element-7d7d6d23>.elementor-background-video-container::before,.elementor-6269 .elementor-element.elementor-element-7d7d6d23>.elementor-motion-effects-container>.elementor-motion-effects-layer::before{--wpr-bg-45fa4387-f5b9-4f5f-a2b9-86da3ecdd62f: url('https://decrypt.cpa/wp-content/uploads/2026/03/bgg_test.png');}.gform-theme--foundation .gform_card_icon_container .gform_card_icon{--wpr-bg-98733ee2-f30f-4f6b-b5a6-009b301618bf: url('https://decrypt.cpa/wp-content/plugins/gravityforms/images/gf-creditcards.svg');}.rll-youtube-player .play{--wpr-bg-dca6577a-c3ba-4a20-83f2-a28af348199a: url('https://decrypt.cpa/wp-content/plugins/wp-rocket/assets/img/youtube.png');}

Raymond Cheng, Founder and CEO of Decrypt, named as one of Forbes’ Best In-State CPA for 2026

When Cybersecurity Gets Real: What We Learned from the AICPA Fireside Chat

Published on April 8, 2026

The AICPA & CIMA fireside chat on Cybersecurity for the Digital Transformation Era made one thing clear:

“Cybersecurity hasn’t just evolved. The rules have changed”.

What used to be a conversation about endpoints and controls is now a conversation about people, identity, behavior, and decisions made at speed. Across the panel, a consistent theme emerged. The biggest risks today are not just technical gaps, but the way organizations operate within increasingly complex and fast-moving environments.

Key Takeaways: Where Organizations Are Getting It Wrong

The discussion highlighted a shift that many teams still haven’t fully internalized.

Cyber risk is no longer contained. It spans workflows, AI tools, user behavior, and automation. AI is accelerating both productivity and risk, often creating consequences teams didn’t anticipate.
A recurring theme was false confidence. Organizations trust tools they don’t fully understand, rely on detection they haven’t validated, and assume processes will work without real testing.
At the same time, the cybersecurity space is getting noisier. With constant claims and evolving threats, “trust but verify” is no longer optional. It’s essential.

Raymond Cheng’s Contribution: Bridging Compliance and Reality

Raymond Cheng brought a practical, audit-driven perspective.

His message was clear.

“Compliance does not equal readiness”.

Organizations invest in frameworks, but struggle with execution. The gap isn’t documentation. It’s how systems and people perform under real conditions.

He illustrated this with a simple example. An AI email assistant drafting replies automatically, including ones that should never be sent. A small issue on the surface, but a clear signal of how quickly risk scales when tools are not fully understood.

He also highlighted a growing challenge, “Identity sprawl and lack of traceability”. As AI and automation expand, it becomes harder to answer a basic question: “Who is actually doing what?” This shifts security toward governance, visibility, and accountability.

The Bigger Message

There are no silver bullets.

“Cybersecurity today is about clarity, discipline, and decision-making”.

It’s about understanding risk, challenging assumptions, and building programs that work beyond the checklist. For advisors, the role is to bring clarity, not complexity.

Final Thought

Security that looks good on paper is easy. Security that works in reality is something else entirely meaning compliance proves you prepared, incidents prove whether it works. That’s the gap this conversation exposed and the one organizations can no longer afford to ignore.

Lindisiwe (Lyndie) Dube has built her career in information security, compliance, and financial accounting. With a background in finance and technology compliance, she brings practical experience in risk, governance, and audit frameworks that underpin security programs. Lyndie holds CISA, ISO 27001 and ISO 42001 Lead Auditor certifications. She is proficient in English, IsiNdebele, and Zulu.