You are here
Cybersecurity: Where Does the CFO Fit In?
Finance teams are especially vulnerable to cyber-attacks. That’s why CFOs need to familiarize themselves with new IT security issues and master legal frameworks. How will this affect their decision-making power in terms of integrating tech – and facilitating company-wide usage of data?
Our interviews with CFOs from SMEs to multinationals have revealed four key ways of approaching cybersecurity.
Click below on the Pilot, Scientist, Coach and Engineer to reveal an insight from one of our interviewees on different approaches to this challenge.
Cyberattacks occur more than a million times a day. Most attacks are not successful, and few have the devastating effect of Wannacry, the well-documented ransomware that infected millions of computers across 150 countries last year. But the smaller attacks can still have a significant impact on business infrastructure. Naturally, the costs run high.
CFOs are aware they have important role to play in addressing this challenge. “Cybersecurity is very high on the agenda,” explains the CFO of an investment bank. “It’s not just a matter of putting a security patch and then you’re good for the next 15 years; it takes constant vigilance and review of your performance.”
But the question remains: What particular role the CFO should play in the process?
The Scientist: Prioritize Protection Needs
Most CFOs that participated in the study agree that a solid understanding of data management is key. If today’s CFO wants to fulfil his or her role, they will need to filter critical and confidential data, and make the company’s protection a priority.
As the number of data breaches increases, CFOs need to be proactive and continuously partner with IT experts. The continued exposure means that it’s increasingly important for a CFO to be tech savvy.
The Engineer: Ensure Compliance on the Procedures
Usually the biggest risk is not the IT system itself – but the way employees use it. “Regardless of the quantity of firewalls or passwords, a misconduct by anybody from the group can risk everything that we are trying to protect with those tools,” says Thiago Oliveira, CFO of real estate company JHSF.
Oliveira cannot over-emphasize the importance of smooth-running systems that are fully adopted by employees: “People’s compliance on system procedures is very important to keep information safe and reduce the risks of cyberattacks.”
The Coach: Educating People to be Watchful
Training personnel of the risks associated with cyberattacks and prevention measures is fast-becoming a priority of every CFO.
“We have to educate our own people to be watchful,” says Bob Braasch, CFO of the investment bank Marathon Capital, “because the threats that could have an adverse effect on us will start with somebody accidentally sending a virus on a document and trying to access our system that way. Education at the individual level is really where the game starts.”
The Pilot: Find Strategies to Safeguard Privacy
A growing number of organizations are monitoring their employees’ use of data to enhance cybersecurity, but that comes at a cost - and not necessarily a financial one.
“I think the biggest challenge for most companies is how to respect the privacy when everybody is being tracked 100% of the time. I wake up every morning with this question my mind,” explains Oliveira.
It takes solution-oriented capacities to find an adequate strategy, without necessarily getting into the operational detail. The balance is delicate but necessary: “It’s pretty easy for someone to send an e-mail containing our company’s compensation data, " explains Eugene Low, CFO with global consultancy Mercer, "but I have faith in my IT team, my compliance team, that they’re on top of it. And from what that I see, the situation is under control. I cannot get into the details of it. As a CFO, you have to pick your battles.”
There is speculation that the challenge of cyber security will eventually become too great for the CFO's team alone. As David List, CFO of the online money transmitter Conotoxia remarked: “I wouldn't be surprised if the future will lead to a new role for the executive board. At some stage, the Cybersecurity Officer will enter the boardroom."
- As finance is vulnerable to malicious attacks, CFOs need to get involved in managing cybersecurity
- CFOs have to be familiar with IT security issues, ideally within the framework of various legal systems
- There is a real need to educate stakeholders to ensure widespread compliance
- The complexity of cybersecurity challenges could lead to a new boardroom role