CFO's Role in Cybersecurity | Blog | Humanize

Download handbook

Home / Blog / CFO's Role in Cybersecurity Blog

CFO's Role in Cybersecurity

Published on Sep 19 2022

CFOs are often tasked with keeping an eye on the bottom line and ensuring that the company is operating efficiently. But when it comes to cybersecurity, this can be a challenge.

In many organizations, CFOs are seen as a barrier to investment in cybersecurity—a cost drain that does not have much return on investment (ROI). This often leads to inadequate investment levels and a dearth of comprehensive and robust cybersecurity systems.

However, great CFOs do not act as a blocker, but are ready to invest in comprehensive and robust cybersecurity systems. They team up with the CSOs to be risk-aware and address the cyber security challenges.

Four Cybersecurity realities for CFOs

Every CFO should come to terms with the realities of cybersecurity, and these include:

1. Cyber damage is more than money.

Although it may be less challenging to document the cost of a data breach, what about the long-term effect it has on the company's reputation? A data breach can cause customers to lose their trust in the company, which can negatively affect the organization's reputation.

2. There is a link between cybersecurity and physical security.

Most CFOs tend to separate physical security from cybersecurity. The truth is there is a link between them. Cybersecurity breaches like counterfeiting, fraud, and intellectual property theft may commence from a physical process. Some administrators or employees may falsify invoices, steal customer credit card data, approve loans using special rates, etc.

3. Organizations can have a compromised information network.

CFOs should conclude that organizations' information networks can be compromised if attacked. Companies should not expect a zero risk point but can implement measures to mitigate risks.

4. Companies cannot protect everything equally.

CFOs should note that everything cannot be protected equally. They must ask the right questions like, "where are my organization's crown jewels? What data would most affect the company if compromised? Social security numbers of employees and customers' credit card data may be crucial to retail. As CFOs, they are responsible for making the best decisions on protective controls, prioritization, and responses.

How CFOs can contribute to cybersecurity agenda

Here are some of the ways CFOs can have their involvement in mitigating the risk of cybersecurity.

1. Ask the right questions

CFOs should liaise with key security experts, including the Chief Security Officer, the Chief Information Officer, and the organization's Chief Risk Officer. During such engagements, the CFO should determine how the company can identify vulnerabilities, associated risks, and critical assets.

Asking important questions is one of the easiest ways to get involved in cybersecurity. Some relevant questions are:

  • What information is being collected by our company?
  • What are our key vulnerabilities? How can we mitigate them?
  • How it is being handled and who has access to it?
  • And how do these resources fit into our broader strategy?

2. Contribute to developing an effective cybersecurity strategy

The primary objective of a company’s cybersecurity strategy should be how to discover, analyze, respond to, and protect its data from cyber threats. The CFOs hold the power of the purse and therefore influence the overall cybersecurity strategy,

They should liaise with other security professionals, discuss cyber-risk exposure with them regularly and ensure that the company is in compliance with regulatory and security law privacy requirements.

3. Improve knowledge of cybersecurity

CFOs should have relevant knowledge of cybersecurity risk and may not have to rely solely on CISOs and CIOs.

As the financial department is perfect target for cybercriminals, CFOs should also ensure that the financial team is well trained on cybersecurity so they can be better prepared to work with financial data. They could set up nonstandard learning methods and innovative approach to make sure continues awareness of the team.

4. Cybersecurity budget and insurance review

Most organizations spend heavily on other business priorities, including IT, and fail to allocate funds for cybersecurity which may increase the risk of cyber-attacks. Depending on the cybersecurity report reviews, CFOs should review the company’s budget and cyber insurance policy constantly and continuously.

Conclusion

CFOs have a valuable contribution to make to the cybersecurity agenda.
In particular, their contributions can help drive organizations to focus on where most needs lie for strengthening cybersecurity posture. The challenge for CFOs will be in bringing together cybersecurity stakeholders from across the organization and creating an effective roadmap that considers different internal risk profiles while also considering current and future corporate objectives.

Need quicker cybersecurity insights?

Get the Salience Risk Assessment Report for a rapid overview of potential security threats.