Taking cybersecurity seriously is far from being exclusively an IT department issue. Given the impact that a breach can have on the whole company, it’s critical every department takes some level of responsibility. Yet, this conversation must begin at the boardroom-level as an attack could have negative consequences on customer trust, brand loyalty and shareholder value, putting everything in jeopardy. Moreover, even if the business survives the initial attack, the recovery time could prove to be both long and costly. To help spearhead this charge for increased awareness, the CFO, who manages the financial risk within an organization, can be the supporting voice in the boardroom to champion security. Here are further reasons why having a CFO with some degree of cybersecurity knowledge can better serve the business and its customers:
Gain insight into how the organization manages cybersecurity
Traditional modus operandi for security responsibility normally fell to the hands of the CISO, CTO, or CIO. With data breaches occurring on almost a daily basis, there are concerns as to whether the C-suite take security seriously. With the rise of digital transformation, the number of businesses now embracing technology has risen as they move to data-driven strategies. Data is now the most valuable commodity for an organization, resulting in troves of data records now being stored and analyzed to help make more efficient business decisions.
Protecting this data comes down to investing in the right security. Therefore, while working alongside the CISO, the CFO will need to have an element of cybersecurity knowledge to help them carry out the necessary due diligence before making any security purchases for the business. Year over year, budgets and investments into cybersecurity increase as new threats and defense technologies are uncovered. With these decisions made at the boardroom level, the CFO is presented with a unique opportunity to play a key part and be the voice of reason to pass funding approvals, especially when it comes to locating security solutions which will effectively protect the business.
The risk of not including CFO in the cybersecurity process
The CFO knows crucial details regarding a business, whether it’s acquisitions, mergers, or structural changes and as such, can make informed decisions to ensure the business is operationally stable. We have seen the issues that arise from investing in the wrong type of security, often resulting in businesses suffering from a cyberattack. With the guidance of a CFO who understands cybersecurity, businesses can avoid overspending on security solutions or investing in a product that prevents the growth of the organization at the expense of security.
Spending without extra care can lead to a false sense of safety, while a lack of investment will lead to more risk for exploitation across the wider infrastructure. It is therefore critical to have the CFO involved to maintain ROI and sustainability during the process of implementing cybersecurity in order to strike a balance between cybersecurity drivers, challenges, and investment.
Planning for security requires everyone
Cybersecurity can be a technical and complex topic to discuss but by having the C-suite aligned, CFOs, CISOs and others can create a detailed cybersecurity strategy for the business that meets budget and ensures corporate governance is being achieved. With data protection now a regulatory necessity under the European General Data Protection Regulation, businesses can ill-afford to be hit by the monumental fines; some being in the millions. Cross-department collaboration will also be needed for enterprises striving to meet Payment Card Industry Data Security Standards (PCI DSS) compliance. This can and should be led by the CFO, CISO and CTO, or at least by a team representing each. Compliance with data protection regulations like GDPR and PCI are ongoing processes due to the evolving nature of data consumption, storage and usage, so regularly monitoring that policies are being adhered to is vital.
With the constant news stream of cyber attacks and data breaches making headlines, consumers today are more aware of what is expected from organizations when it comes to protecting data. By showcasing security is in place, enterprises are able to inspire confidence from their customers.
*** This is a Security Bloggers Network syndicated blog from comforte Insights authored by Thomas Stoesser. Read the original post at: https://insights.comforte.com/why-cfos-must-be-involved-in-cybersecurity