Cybersecurity is a business-wide risk
Cybersecurity is a business-wide risk it requires more than isolated activities to be addressed. This is where the role of a Chief Information Security Officer (CISO) is important.
The CISO therefore needs to have technical and security skills and competencies, but equally as important, should understand the finance function, operations of the business, and have the business as well as communication skills to effectively create this span.
Cybersecurity in smaller organizations
The absence of commonplace and well-developed CISO roles, it is the CFO who should lead the way in addressing cybersecurity concerns, particularly in smaller organizations. It is potentially disastrous for the finance team to be ignorant of cyber risk.
In addition to having the skills and oversight necessary to take a broad and long-term view of the potential financial impact of an attack. The CFO is one of the most natural custodians of data, from collection to its ongoing management.
Attacks will very often target the finance department and its team members directly, and in many instances may even be perpetrated by or assisted by internal team members, in attempts to steal and defraud the business. CFOs need to ensure their own vulnerabilities are both understood, and urgently addressed.
Too few senior managers view cybersecurity as a business problem and not just a technology problem. The reality is cybersecurity is very much a business consideration.
CEOs and CFOs will eventually face critical questions such as: How much money do we spend on cybersecurity?
Do we change key processes?
How do we create awareness and change company culture?
Do we put security ahead of operational functionality?
What is the role of internal processes and staff on data security and integrity?