Why your role as CFO should involve cyber security
Gone are the days when the responsibility for keeping your business secure from cyber security threats rested exclusively with your IT team. This burden now also falls to the CFO, says David Steele.
Cyber criminals are no longer lone rangers couched behind their laptops in dark rooms. Today, cyber-attacks are designed by highly organised and profitable organisations. Many of these are powerful multi-million euro firms.
As a result, your business needs buy-in from every individual in a leadership role to contribute to your cyber security plans, and not just the Chief Financial Officer (CFO) – although this role is integral to excellent cyber security.
More than budget approval
The CFO is in an essential role when it comes to mitigating the risk your business faces from cyber threats. Managing costs is a requirement for any business. However, penny pinching when it comes to keeping your business cyber secure is the fastest way to make yourself vulnerable to data breaches and system hacks.
It is the CFO who will ensure that the investment your business makes in cyber security aligns with your company-wide infrastructure. Rather than being viewed as a cost drain, protecting your business from cyber threats needs to be viewed as an investment.
The CFO is the leader in the boardroom who can recognise the devastating effect a cyber-attack would have, both financially and reputationally.
However, the CFO plays a bigger role in your firm’s cyber security team than simply approving the budget for new software solutions. CFOs who are aware of the full spectrum of cyber threats are strategic in a few ways.
Understanding the cost
The technology and human resources required to keep your business safe from cyber threats come with a cost, but the cost of not having them in place is far higher.
In 2022, the cost of a data breach for SMEs in Ireland was on, on average, €17,000 – double the cost from 2021 – but rose as high as five million in the most severe cases, according to Hiscox Cyber Readiness Report.
The CFO is well placed to understand that the cost of reliable cyber security is lower than the cost to an organisation to fix issues arising from an attack.
To win new clients, you need to show your business is diligent and trustworthy, and cyber security plays a massive part in securing an organisation’s reputation.
Your existing clients are becoming increasingly savvy about how their data is looked after, and CFOs need to ensure their teams can demonstrate that the organisation’s data protection policies are strong and implemented—or risk losing out to competition.
Your cyber security credentials will also reassure your shareholders and vendors. A hit to your organisation’s reputation because of a cyber-attack could mean a hit to its finances.
Risk management framework
It’s the CFO’s responsibility to allocate finance to areas that are business-critical for your firm. Cyber security protects your company’s assets, and so should be embedded into every element of your organisation.
However, the CFO does not need to be a cyber security expert.
Instead, it’s time to acknowledge that protecting financial data is essential to the CFO’s role. The CFO’s risk management skills are critical to asking the right questions around where data is stored and who can access it. As a result, there is a lot the CFO can add to cyber security best practice in your organisation.
At the end of the day, it is important to remember that the CFO does far more than sign checks when it comes to cyber security. Instead, the role is critical to the strategic protection and sustainability of your organisation.