I’d had personal experience of what it means to be hacked. And it’s not pleasant. Not only because of the obvious loss of trust and information that a data breach entails, but mostly because there was no contingency planning and the situation took our finance department by surprise. Things have changed since though and we are seeing CFOs to change their mindset and start planning for cybersecurity issues.
Why would the role of a CFO be moving in this direction and what are the reasons behind this?
One reason that I can explain easily is the rise of cybercrime and the need for robust information security. Cybercrime is lucrative for one reason – money – and who holds the purse strings?
I have had first-hand experience in a cybercrime attempt and it wasn’t a pleasant experience, this particular situation turning into complete panic. Sadly, time is not on your side to sit back and run every scenario until you are comfortable with the proposed decision. To make things worse, it is now more than ever before easier to launch an attack with multiple threats as most attacks are conducted under a smoke screen of another event that has been made.
Should a CFO understand the risks of a potential data breach? Yes of course, they should!
In my opinion, the skills gap between new/innovative and older/experienced staff is a huge chasm to bridge. The CFO now has to understand the concepts of good data security insomuch that they can form a strategy based around potential cyber and ransomware attacks. A ransom/cyber-attack budget and contingency plan needs to have been well thought out and in place, just as an IT Disaster Recovery plan has to be. However, the reality is that any given organisation is more likely to have a data breach than their technology failing.
The CFO should be leading the efforts of being prepared for a cyber breach and preparing for the worst – it’s not if it happens but more like when and how severe!
It was interesting for me to have these sentiments reinforced whilst at the recent Oracle OpenWorld event in London, where I attended a panel discussion on connected business and finance. This sparked a lively debate where the “old CFO role” was scrutinised further by analysts present, suggesting that education was lacking within organisations to even adopt modern technology principles (E.g AI and Cloud software migrations) let alone cybercrime defence initiatives.
Now, the threat of cybercrime extortion is very real.
Being prepared for it is not optional, it’s mandatory!
I have 2 pieces of advice for any CFO/Finance leader:
Cybercrime is real, it’s happening every day and it’s getting harder to police. It’s estimated to be lucrative $1.5 Trillion market now and if you don’t believe me, take a look at these statistics but make sure you are sitting down when reading them!