Why Effective Cybersecurity Starts at the Top

by Jennifer Louis

The need for enhanced cyber capabilities is evident, but how do finance leaders take the initiative?

© ipopba/iStock/Getty Images Plus

Financial professionals face a range of challenges today that go beyond many of their existing skillsets and capabilities. The financial executive of the 21st century must be a strategic leader to more of an extent than ever before, as well as play a decisive role in forecasting, planning and, crucially, proactive risk management. Though risk management has always been intertwined with finance, a key difference today is the rising prevalence of cyberthreats.

Cybersecurity is an ever-present and ever-evolving type of risk management, with the number and scale of data breaches increasing. Cyberattacks increased 10% in 2021 compared with 2020 and cost an average of $4.24 million per incident, with acquisition of data being the primary motivation for hackers. These risks have increased in line with the normalization of remote and hybrid work during the Covid-19 pandemic; as staff have become more dispersed geographically, cyber criminals have found more entryways into organizations, and lack of oversight of employees’ security practices in offices has increased the odds of their getting hacked.

For finance teams, this represents an especially acute challenge due to the sensitivity of organizations’ financial information. But there’s a problem – more than 57% of companies report that they face a cybersecurity skills gap, with staff generally unprepared to deal with complex cyber challenges and successfully keep ahead of the malicious actors. The need for enhanced cyber capabilities is evident, but how do finance leaders take the initiative?

Create a Culture of Accountability

The first step is accepting that cybersecurity is indeed a shared responsibility – both across departments and within the finance function itself. Finance leaders may have an idea that cybersecurity is a function of the IT department, and the ability to manage cyber risks rests strictly with them given their expertise. This isn’t the case in a world of heightened risk; every department needs to be responsible for protecting information from breaches through adherence to and understanding of best practices in security. This obviously entails working with IT, where basic strategies and know-how are most likely to be developed. But finance is ultimately accountable for risk management in the technology sphere no less than in the financial sphere. That’s why cybersecurity in finance must begin at the top – with the executive leadership team.

Financial executives need to instill this throughout their teams, but it doesn’t stop with assigning a few dedicated staff to cyber issues. Executives must make individual awareness of cybersecurity the norm for all staff members and ensure that all employees know they are accountable for errors that occur in their areas of responsibility. No organization’s security system, no matter how capable the IT department, is invulnerable to attack, and watching out for tell-tale signs like phishing or malware posing as legitimate software, which come in different forms as cyber criminals adapt their methods and capabilities, is crucial. Thus, financial executives can maintain a culture of accountability within finance.

Promote Cybersecurity Education

Creating a culture of accountability is the start, but to hold staff accountable, they must also know what cyberthreats look like and know how to prevent successful attacks. This is where professional education is key. At Becker Professional Education, we’ve seen a rising demand for courses on cybersecurity as organizations try to better educate their staff on these issues, offering certifications so managers and executives know their employees have acquired the competency. Expending time and resources on this type of training is essential, as is less formal education like internal seminars and the sharing of “war stories” about successful security breaches and how they could have been prevented. Again, leaving everything to IT is not a useful strategy as the scale and scope of cyberattacks increase. And given the extreme sensitivity of financial information, finance departments need to be especially alert and attuned.

Ensure Proper Resource Allocation for Cybersecurity

CFOs and other financial executives have a crucial say within organizations when it comes to the allocation of financial resources. They can help determine how much money is invested into cyber capabilities and training, and it’s important that finance leaders advocate on behalf of funding for these initiatives rather than arguing for lower costs. This entails not only supporting more investment into security systems – working with CIOs and their IT departments to determine the most effective ways to do this – but also advocating that resources are devoted to upskilling and training staff in cybersecurity across every department.

Finance leaders have much to lose from data breaches that endanger the most sensitive information most organizations have – their financials. Additionally, such breaches can cause long-term financial loss through damages to reputation and result in consumers no longer trusting the organization. That’s why they need to promote cybersecurity from the top, arguing for accountability, education and resource allocation to successfully mitigate cyber risks.

Jennifer Louis, CPA, is an Instructor with Becker Professional Education.