Research suggests that the average cost of a data breach to an organization is $2.4 million. In 2018 alone there were roughly 945 data beaches, with 4.5 billion records breached. That adds up to a total loss of more than $2 trillion a year. It is a price tag and a risk that could keep a CFO up all night.
Luckily, today’s CFO possesses foresight. He/she has deep experience designing strategic solutions to problems, complementing their financial planning and analysis roles. Given the magnitude of cybersecurity risks, today’s CFO knows how to budget, allocate resources, and prioritize cyber defense for the whole organization, so he/she can sleep at night.
And they know not to go it alone, for cybersecurity is a team sport. According to Deloitte’s “2019 Future of Survey” the organizations best equipped to handle evolving cyber risks are those that spread accountability across the organization. From the IT department to the sales department, the avenues for cyber security breaches have grown. The CFO, who is accountable to the entire organization for financial health and stewardship, should be creating heightened awareness about cyber risk, or what Deloitte calls a “cyber everywhere” approach.
In a digital world, cyber risks are now present in consumer products, manufacturing facilities, and the workplace. As more and more processes become automated and technology becomes more embedded in our daily lives, the risks are numerous, diverse – and growing. CFOs, who interact with all departments within an organization, are in a unique position to ensure compliance with cybersecurity efforts and to implement the controls necessary to defend the organization against attacks.
Three Ways CFOs Immerse Themselves In Cybersecurity
- They Are On A First Name Basis With IT Leaders: CFOs are now intimately acquainted with their heads of IT, as well as Chief Information Security Officers (CISOs) and Chief Technology Officers (CTOs) who can share valuable information and knowledge. While CFOs’ traditional purview has been the finance department, their influence over controls in other departments has been extended. They often serve as a much-needed bridge between IT and other departments, including the C-suite. Working across functions to manage risk is the hallmark of today’s CFO.
- They Help Define Appropriate Strategies: CFOs are the ones estimating the financial impact of cyber attacks and advising senior leaders on company-wide preparedness. They are also defining risk management strategies and identifying where to commit resources to counter the most important threats. Often they are spearheading the adoption of cyber insurance.
- They Pick Their Battles: Most employees need access to data to do their jobs. This creates risk. CFOs and other executive leaders need to balance access and security. Some CFOs opt for monitoring employees, but that can create friction and distrust. CFOs need to prioritize threats and decide which battles are worth fighting.
With the digitization of everything, the old rules of business do not apply. CFOs are adapting to cybersecurity risks the same way they have adapted to other ones, strategically. They have recognized the ubiquity of cyber risk around the organization, but rather than waiting to react, they have taken a proactive approach and incorporated cybersecurity into their risk portfolio.
