With the right systems, processes, and technologies, finance leaders are in an ideal position to not just identify areas for growth and spend—but also to mitigate threats.
These days, cybersecurity is everyone’s concern. But CFOs have particular reason to ensure their companies are prepared to fight back: A study conducted by Ponemon Institute, a leading security researcher, found that the average cost of a data breach grew from $3.8 million to $4 million.
In a recent webinar, we identified four questions every strategic CFO must be able to answer when it comes to ensuring security:
Who’s keeping track of access?
CFOs are used to asking themselves questions about infrastructure: What kind of software and systems do we need to ensure our data is accurate? But in this age of data vulnerability, finance teams need to be just as rigorous when it comes to asking questions about secure access. When someone changes jobs within your company or leaves the firm, what happens? Is their access taken away? Does your company have an on-boarding and off-boarding process in which one person approves or removes access? Is there a record of those approvals and removals?
How frequently do we monitor our systems?
According to a recent Verizon report on data breaches, more than 80 percent of victims don’t discover the problem for weeks or more. This is where using a cloud-based software service can help. Cloud-based providers have security teams, systems and tools that allow them to constantly monitor operations and discover breaches almost immediately. Cloud providers also must stay up-to-date on the latest security certifications and undergo frequent audits by IT security consulting firms.
What’s the cost?
As a CFO, you have to consider a variety of costs when you think about data management. But keep in mind that the costs aren’t only related to the time and team spent keeping data safe; you must balance that against the potential cost of a realized risk. Especially if your company owns confidential or financial information about customers, a data breach could well cost you dearly when it comes to the brand’s reputation, customer loyalty and retention, and even legal action.
Do we have the right resources allocated to cybersecurity?
Because cybersecurity is now viewed as a critical financial risk, CFOs must take charge of spending decisions. And they should feel confident in doing so, according to Christopher O’Hara, co-leader of PwC’s cybersecurity and privacy services division. “The CFO’s expertise in making risk-based decisions and operating a highly audited control environment makes him or her uniquely qualified to apply proven, risk-based principles to support decisions related to cybersecurity spending,” he says. About two-thirds of CFOs who responded to PwC’s 2017 Global State of Information Security Survey said they have outsourced at least some of their cybersecurity programs to a third-party managed security service that offers cost-effective access to highly trained security talent.