Integrating Security Risks Into the CFO’s Decision Making Process

CFOs and finance VPs typically focus on investor relationships, financial reports and SEC compliance, but in light of rising cyber threats toward small and medium enterprises, their purview also needs to include cybersecurity. Without an adequate understanding of cyber security, its risks and their financial implications for the company, a CFO cannot guide an organization through the digital world. Cybersecurity should be part of the CFO’s decision making process at every juncture.

Understanding Cybersecurity Risks

Security risks exist at every level of most enterprises, and CFOs need to understand risks related to investments, procuring goods and services, and entering partnerships with other companies. They must look at where the company has invested and weigh the risks in that sector to determine the level of necessary security and how much should be invested.

They need to match the time and money devoted to cybersecurity to the strategic relevance of each area of the company. This doesn’t just relate to accounts or financial information. It is also relates to intellectual property. In short, the CFO needs to ensure it is protected at the right level based on its projected value.

Spearheading Education Efforts

Finance executives should understand how criminals perform cyber crimes and more importantly how the company’s information is likely to be used by attackers. They should take this information and lead the company’s education and training efforts. The CFO should be the ambassador to the board so that the board understands the financial risks of cyber threats.

Placing Safety Nets

While guiding education efforts, CFOs need to think about what happens if a cyber attack occurs. They, along with the rest of the team, need to imagine how an attack will affect the company’s image and brand, as well as its bottom line.

To prepare for the worse, financial executives need to budget for cyber insurance and create a reaction plan. They need to plan how they are going to contact shareholders, partners and customers, and how they are going to quickly contain the damage and move forward.

Fostering Resilience

Unfortunately, the prevalence of cyber threats can make it hard to resist an attack. For that reason, finance executives should review cyber intelligence regularly, but in addition to watching for an attack, they need to be agile.

Threats are evolving at the speed of ideas, and it is impossible for any business to completely sidestep the risks. CFOs need to work with experts in the cyber security field to create a plan focused on resilience, a plan that includes a degree of uncertainty.

For example, many attacks are asymptomatic for a long time. A threat may wedge itself into the company and operate undetected for hours, weeks or months, intensifying damage. CFOs need to have the ability to recognize these threats, and they also need to know how to leverage protection efforts, such as agile firewalls built around authorized users or other relevant tools, to safeguard the organization.

If you want to ensure your CFO includes cyber security in his or her decision making processes, Compunet InfoTech is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at (604) 986-8170 or send us an email at info@compunet.ca for more information.

Author: Joe Martin, Date: 2016-05-19