The cybersecurity checklist for CFOs
Due to the risk posed by cybercrime to businesses worldwide, CFOs have a more comprehensive range of responsibilities than ever before.
A weak cybersecurity position is a significant business risk across all organisations. Few finance professionals are unaware of the catastrophic devastation that can be wrecked should they fail to pay attention to a rapidly evolving threat landscape – from significant fines, huge ransom demands, through to the losses incurred if unable to transact.
However, as a CFO, you are more uniquely positioned than just about anyone else in the business to understand the financial (rather than technical) consequences of a security breach. Which means that if you’re not already playing a role, then you need to become proactive in countering and mitigating the challenges posed.
So, what specifically could (or should) you be doing?
- Ensure that your organisation cybersecurity strategy keeps your financial data adequately protected, so it can’t be held to ransom under the threat of disclosure to competitors, or details on sold via the dark web
- Make sure that your finance team are trained to recognise direct personal attacks in the form of phishing using spoofed email addresses, malicious links, and PDFs, and more.
- Comply with applicable NZ and Australian cybersecurity compliance legislation to reduce the likelihood of crippling penalties
- Tick all the cybersecurity insurance boxes and control your costs by meeting insurer requirements such as having a robust business continuity plan, incident response plan, security awareness and training, and various other technical controls
- Ensure cybersecurity is represented at the governance level and positioned as a business and commercial risk
- If you are responsible for ESG reporting, don’t underestimate the value of cybersecurity as a strategic differentiator
It’s important to treat your cybersecurity strategy as way to protect your business assets by minimising risk. It’s all a matter of perspective. Much like regarding a fire alarm and sprinkler system as a value-add to your business – whether it’s ever used or not.
So, where to from here?
CFO Magazine says that “a 2019 study revealed that while 55% of Australian and New Zealand CFOs and finance leaders identified cybersecurity as a ‘high’ or ‘very high’ risk to their organisations, the strategic direction for cybersecurity is set by the IT community (44%).” They add: “These statistics demonstrate that CFOs must lock arms with the CISO to understand how cyber risk affects the overall business.”
Active engagement in the strengthening of your cybersecurity posture is now part of the remit for any modern CFO. And that means taking your place alongside the other C-suite leaders in your organisation - including the CEO, CISO and CIO - to effectively manage risk.