Risk, Responsibility and Resilience

You’re the CFO. Your company’s capital structure, the current sentiment of your stakeholders and constantly-evolving economic modeling are all things for you to worry about. You likely know what keeps your fellow executives up at night as well. But what about your organization’s cybersecurity team?

Old-schoolers might consider IT to be just an expensive line item when, in fact, your IT team’s successes and failures impact everything under your purview and beyond. Their nightmares should be your nightmares. Strategic investments, good governance and thoughtful reporting by your security team helps fortify your company’s business resilience, letting you enjoy some peace of mind while avoiding a situation of Equifax proportions.

Customers expect to be able to trust the safety of their private data and financial information within an organization. When any large-scale breach (like Equifax, which lasted from mid-May through July) occurs a considerable amount of that trust is lost, sometimes irrevocably.

But bigger than putting a dent in brand reputation, cyberattacks and data breaches can measurably affect an organization’s bottom line. As of mid-September, Equifax’s stock prices had slid 18%. And it’s not likely to be temporary. A study done in April by IT consultant CGI and Oxford Economics concluded that severe breaches caused share prices to fall an average of 1.8% on a permanent basis.

Cyber threats aren’t going anywhere and you can’t have a complete picture of risk if you don’t understand your organization’s security stance. If the CFO doesn’t work closely with security colleagues, cybersecurity investments will not be aligned to business objectives, and may fail to protect the company’s most vital assets and mitigate the risks that carry the highest damage potential.

A McKinsey-World Economic Forum study of cybersecurity risk management practices found that “Senior-management time and attention was identified as the single biggest driver of maturity in managing cybersecurity risks—more important than company size, sector and resources provided.”

Cybersecurity performance and ROI can’t be measured the same way that revenue and operating costs can. This may make CFOs uncomfortable, but it’s high time our financial executives get involved and find better ways to assess and optimize cybersecurity spending. In the ongoing, dynamic arc of digital transformation, there will always be trade-offs between security and innovation, but we can’t forge ahead blindly in the name of growth.

Read the full article at InfoSecurity Magazine