CFO’s: Is Your Cyber Security Ready For The Next Decade? Why It Must Matter To You
Posted on: February 20, 2020
You must prepare today for the threats of tomorrow. Effective data security is critical in today’s digital world. And it’s no longer just a concern or function for your IT department. It must now be a priority for CFOs, as you’re the ones accountable to your organization for its financial health and best suited to budget, allocate resources, and prioritize cyber defense for the entire organization.
This means today’s CFOs will need to be more digitally sophisticated in order to leverage technological innovation.
Research shows that the average cost of a data breach to an organization is $2.4 million. As Jeff Thompson of Forbes notes: “It is a price tag and a risk that could keep a CFO up all night.”
One of the top reasons CFOs should be creating heightened awareness about cyber risk is that 76% of cybercriminal activity is for the purpose of financial gain. Cyber-espionage and the theft of intellectual property drive 47% of all manufacturing IT breaches alone.
With 68% of those breaches taking months or longer to discover, it’s troubling to think about how much data has already been exposed to bad actors. Organized crime organizations are behind 62% of external breaches.
No industry is immune to cyber risk, and CFOs will need to make sure their organizations continue to increase the quality and speed of their efforts.
This will often mean that CFOs need to convince their CEOs and board members of the importance of security best practices. Given that most CFOs say their board engagement activities has risen from 24% to 42% in recent years, it’s apparent that they’re being given more opportunities for doing so.
The urgency for this is heightened by a Deloitte survey of CEOs and board members which showed that only 30% describe themselves as highly engaged in developing their organization’s cyber strategy; yet this is key to moving from identifying security threats and fixes to defining business impact, risk escalation steps, and organizational responses.
While it’s tempting to feel comfort in current security processes, system admins have been shown to be the top internal people responsible for breaches 25.9% of the time. This is all the more important because databases are the top assets involved in breaches.
In terms of their sophistication, cybercriminals have advanced to the point that they’re fooling the highest levels of the organization. Beginning oftentimes with email attacks, companies have been exposed to breaches that defy belief. Phishing and pretexting represent a whopping 93% of social attack-based breaches. 99% of the attackers are external to the organization, and 59% of these are motivated by financial gain, with an additional 38% aiming at corporate espionage.
The well documented Verizon study showed that phishing is used as the lead strategy of a more expanded attack, followed by malware installation that gives criminals access to corporate data. Social breaches gain access to personal data 47% of the time, proprietary IP or secrets 25% of the time, and credentials that are used to launch compromised credential attacks 16% of the time.
Thompson suggests three ways CFOs can have an impact on greater cybersecurity:
The first is to have a partnership with the head of IT. While CFOs used to confine themselves to finance, their influence over enterprise-wide controls has been expanding; so they can serve as a much-needed bridge between IT and other departments, including the C-suite. “Working across functions to manage risk is the hallmark of today’s CFO.”
Second, because CFOs are the ones estimating the financial impact of cyberattacks, defining strategies, and identifying where to commit resources to counter threats, they need to take center stage in the cyber threat solution.
Third, CFOs need to prioritize threats and decide how to deal with them. One obvious threat that needs attention is the fact the employees need access to data to do their jobs, which creates an inherent risk. CFOs need to partner with other executives to balance the needed access with appropriate security protocols to reduce the organization’s exposure to data breaches.
Cybersecurity must be woven into the fabric of your business and the tools which you use. It’s important that whatever software solutions you employ make safeguarding your data a top priority.
One of which does this, in particular, is Synoptix Reporting software. Because it sits behind your firewall, there’s no additional liability which you need to protect against. Always ensure tools you use are not adding additional threats to your security.
For additional insight into how you can impact your organization’s growth and ensure its security is ready for the next decade:
Download our Top 5 Reasons For CFO Failure report