Risk-Averse CFOs A Natural Fit For Cybersecurity

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.pymnts.com/in-depth/2016/risk-averse-cfos-a-natural-fit-for-cybersecurity/

The roles of corporate treasurers, chief financial officers and money
managers are hustling to keep up with changing times. That means CFOs have
a lot more on their plate than they once did.

Risk mitigation is a significant source of this growing priority list. A
recent survey of CFOs and corporate finance executives released by Grant
Thornton said uncertainty of the U.S. economy is one of the largest worries
among this group of professionals.

But the research also uncovered how these professionals are tasked with
diversifying their responsibilities. Security, for instance, also topped
the list, with about half of CFOs surveyed citing cyberthreats as a chief
concern.

It’s all about avoiding factors — like an economy in flux or cyberthieves —
that expose a corporation to risk. Indeed, Grant Thornton found that up to
80 percent of CFOs describe themselves as “averse” to riskier growth
strategies.

So, how is it that corporate treasurers are now finding themselves in a
position to protect their corporations from cyberrisks?

According to new research from the American Institute of Certified Public
Accountants (AICPA), more than 95 percent of Chartered Global Management
Accountants (CGMA) surveyed said their businesses are worried about
database breaches, phishing scams and other types of security failures.
Further, 72 percent stated that their corporations have turned to the
finance function to help mitigate these risks.

At first glance, it may seem that a CFO is an unlikely line of defense
against something as technical as cybersecurity. But, says AICPA Vice
President of CGMA External Relations Ash Noah, CFOs can actually be in a
prime position to mitigate cyberrisk.

“The finance function has a unique view into the complexities of the
business, as well as an in-depth understanding of the industry, markets and
risk climate, yielding important insights for a company’s strategic
direction,” Noah said in a statement last month when the AICPA released its
findings. “As the finance function continues to evolve to become more
business-centric, it’s critical for finance executives, from the CFO down,
to play a driving role in preparing for and addressing potential cyberrisks
for the long-term growth of the company.”

Responding To A Growing Threat

According to the AICPA, nearly one-third of respondents said their company
was a victim of a cyberattack in the last two years — a 7 percent increase
from 2014. More than one-fifth said these attacks are worse than what is
portrayed in the media and news reports.

In an interview with PYMNTS, Noah said that corporations have been
gradually placing more attention and resources in the area of cybersecurity
over the last four or five years. But it was the infamous Target data
breach that really got CFOs acting.

As corporations impose stricter policies with their suppliers and obtain
insurance, financial professionals are recognizing their position of
strategy.

“Although it is a technical area and you need IT systems knowledge and IT
expertise, what you need is a CFO or a finance team understanding the
different implications of sets of data across the organization,” Noah
explained. “You need an organizational view, rather than a functional view,
of a piece of data as it moves around the organization, so finance is in a
position where they can actually bring that view.”

He added that this is a natural progression of the evolving role of the
CFO. “CFOs are becoming more engaged and more involved in risk management
within a business, and risk management is a process of understanding and
applying organization-wide policies and procedures to manage financial
risks,” Noah said. “But, more and more, CFOs are becoming involved in
managing the nonfinancial risk.”

Those nonfinancial risks, as separate research has also found, include
cyberthreats.

But Noah pointed out that financial managers aren’t going solo to combat
this issue.

“Naturally, CFOs are the ones that the business turns to, because they have
the disciplines, rigor and systems knowledge. And when you partner with IT,
then you’re able to really let an organization become more secure from a
cyber point of view,” he explained.

While a CFO may be including cyberthreats under his or her growing list of
priorities, partnering with chief information officers and IT functions is
what makes a CFO effective against cybercrime, Noah added.

This collaborative approach to fighting cybercrime is essential to
understanding not only how the CFO’s role within a company is changing but
what exactly this function can provide in the process.

“We, as CFOs, don’t want to claim we’re the tech experts,” Noah said. “But
what they’re bringing to the table is expertise in being able to manage the
risk and identify it, look at a company’s process flows and systems flows,
and put in a process which detects and evaluates risk then mitigates it.”

“This whole risk detection, risk evaluation, risk mitigation is what
finance brings to the table,” he continued. “When you layer on top of that
the technology expertise, that’s what makes the combination really powerful
in defending against cybercrime.”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.