In today’s cyber dominated world, the risks of online attacks have become constant threats for many organizations. As a result, financial professionals are feeling very vulnerable, as the consequences of security breaches can have devastating effects and significant costs. In addition, with so much information readily accessible at our fingertips, cybersecurity has become a major factor in the corporate environment and many CFOs agree that it is now one of their top priorities.
To learn more about how to deal with this area of concern, take a look at the following “thought piece” by Monica Foster, National Managing Partner of Talent Management for Tatum, a company that serves to help resolve the challenges of today’s CFOs:
CFOs Versus Cyber Crime by Monica Foster
There is little debate as to the pervasiveness of cyber risks and the growing priority to focus on cybersecurity. Today, the issue of cybersecurity has risen to the top of the C-suite concerns given the increase and complexity of attacks. According to EY’s (Ernst and Young) 16th annual Global Information Security Survey, cyber attacks around the world are increasing in volume and sophistication, with many organizations unaware they are victims of cyber attacks..1
Meanwhile, a growing number of organizations are relying on their CFO to spearhead these efforts, largely due to their inherent risk management knowledge and experience. In fact, a recent Tatum survey found that 44 percent of CFO respondents said cybersecurity is of significant concern to executive leadership and 11 percent indicated is it among the top three issues they face..2
Despite this concern, the majority of respondents say their cybersecurity program is between initial stages and moderately mature. Only 11 percent say their program is fully optimized..3 Given the potential costs of attacks, both financial and reputational, CFOs must place information security at the top of their priority list and make progress in these key areas:
Embed Cybersecurity Awareness Across The Organization.
Cyber attacks can happen anywhere and at any time within the organization, so reaching across departments to ensure awareness and compliance when it comes to cybersecurity measures is vital. CFOs should have a clear picture of all stakeholders (both inside and outside the organization) who may be vulnerable to potential attacks, and ensure they understand their role in cybersecurity compliance. However, the Tatum survey found that 25 percent of CFOs disagree that their executive teams understand data security compliance requirements and the risks of non-compliance. And, nearly three-in-ten don’t believe their frontline personnel are trained to and do understand the value of the information assets they touch every day.4
Investing Is Key To Safeguarding Against Cyber Threats.
While companies are continually tweaking their budgets, there is no debate about the importance of investing in adequate security solutions. This includes the investment in tools but also in the right talent who are equipped to respond to evolving cyber threats. More than half of CFOs say they will increase their security spend this year, averaging between six and 10 percent more allocation of their budget.5 And, 50 percent of respondents to the EY Global Information Security Survey reported that a lack of skilled people presented a barrier to value creation in cybersecurity.6
Detection Is Key.
Today’s distributed, multi-tier IT environment can bring more complexities and challenges to secure than in the past. One of the most pressing security challenges is the detection of attacks, and therefore the need to continually test the companies’ vulnerabilities. CFOs can play a significant role in identifying and creating the right cybersecurity metrics to measure and monitor regularly. Although most CFOs (60 percent) agree they test continuously to improve incident response, nearly six-in-ten disagree that they regularly include a phishing test or other form of social media hacking, penetration testing by ethical hackers, or the company’s executive suite/communication response plan.7
Stay Ahead Of The Curve.
Cyber crime is constantly evolving with the number and complexity of attacks always on the rise. In fact, CFOs report the threat level and frequency of cyber attacks is dramatically higher this year, compared to two years ago, with four times the number of companies suffering a cyber attack this year and five times the number of companies experiencing a cybersecurity intrusion.8 CFOs need to shore up cyber protection today, but also turn an eye to future threats and security measures. Only 14 percent of cybersecurity spending goes to security innovation, despite the rapid evolution of hacking techniques.9 New developments in areas such as big data, “bring your own cloud,” and the Internet of Things must constantly be considered.
Cybersecurity stands to be a priority for the C-suite today and for the foreseeable future. As cyber criminals continue to hone their methods and manipulate new technologies, it may be that cybersecurity will be an ongoing battle with no chance for organizations to let their guard down. As such, CFOs will continue to lead the charge alongside other members of the C-suite.
1 EY’s 16th annual Global Information Security Survey, Under cyber attack report, 2016
2 Tatum’ Survey of Business Conditions, 2Q 2017 edition
6 1 EY’s 16th annual Global Information Security Survey, Under cyber attack report, 2016
7 Tatum’ Survey of Business Conditions, 2Q 2017 edition
9 EY’s 16th annual Global Information Security Survey, Under cyber attack report, 2016