It’s 4:03 a.m., and the CFO’s smartphone rings. Never a good sign.
One of the company’s databases has been breached. Details are still sketchy, but it appears customer records, including credit card and Social Security numbers, have been stolen. It’s going to be a long day.
CFOs, if you think this cannot happen to you, think again. Organizations are now experiencing an average of 122 successful cyberattacks per week, up from 102 in 2012, according to a recent Ponemon Institute study.
CFOs, if you think this is not your responsibility, think again. Across nearly every industry, today’s enterprise measures a significant portion of its overall value based on assets such as financial data and intellectual property. Keeping those assets safe from cyberthreats is a mission that increasingly involves finance executives.
In fact, in the latest CNBC Global CFO Council survey, CFOs rank the possibility of a cyberattack on their corporate infrastructure as their third biggest risk. (The CNBC Global CFO Council is sponsored by EY.) Cyberattack risk even ranks ahead of such dangers as problems with the European economy and terrorism.
If an organization suffers a cyberattack, the injury to its reputation from the theft or loss of data, such as customer account information or technical specifications, can be irreparable.
This potential is only rising with the growing mountains of data that are widely distributed, mobile and frequently changing. In many organizations, however, cybersecurity is viewed as beyond the CFO’s scope. But, in truth, these challenges require CFOs to make cybersecurity a priority agenda item.
The CFO does not need to have a technologist’s mastery of the tools needed to discover and thwart cyberattacks. But the finance chief should communicate the need for the organization to satisfy investors, bankers, customers, analysts and other key stakeholders by doing everything possible to mitigate financial risks to the business.
One of the primary tasks of the CFO is to help the organization identify its most important assets, or trophies, so that all stakeholders can share a common list of priorities and understand what is vital to protect.
This involves the CFO working closely with business and technology colleagues to ascertain and rank data sources susceptible to attack. After all, no organization can possibly lock down every asset. In fact, smart CFOs expend, as a rule of thumb, 80 percent of their resources protecting these trophies.