Organizations must comply with myriad industry standards while managing the security of both their proprietary and customer data, as well as brace for the possibility of unknown breaches and leaks. A data breach can be exceedingly costly and can jeopardize a business of any size. To help senior-level financial executives improve their cybersecurity and protect their organizations, Financial Executives Research Foundation (FERF) and Grant Thornton LLP identify critical elements of the CFO’s role in protecting his or her organization from cyberattacks, as well as practical recommendations for establishing an effective cybersecurity program.
Data breaches are costly, damaging to brands and reputations, and happening at a staggering pace. The question is: What can companies – especially their CFOs – do about it? While cybersecurity traditionally has been handled by the CIO and IT function, the escalating risks have driven cybersecurity up the corporate ladder to the desk of the CFO. Financial Executives Research Foundation (FERF), in collaboration with Grant Thornton LLP, surveyed, and conducted in-depth interviews with, CFOs to identify their critical role in cybersecurity, and offer insights and recommendations for establishing an effective cybersecurity program.
Some report highlights include:
- Respondents’ top cybersecurity concerns include protection of data – including customer data and intellectual property (IP) – from data breaches and compliance with data security laws;
- Although the CFO is often responsible for cybersecurity, the organization’s IT department typically manages the day-to-day aspects of cybersecurity; and
- The most common impediment to developing an enterprise-side cybersecurity strategy is a lack of understanding of cyber risks and potential impacts of a breach.