Traditionally, the CFO’s role also included being a Chief Risk Officer, foreseeing and mitigating organization risks – legal, contractual, financial and regulatory. With the growing number of smart devices, increasing number of phishing, ransom-ware and malware attacks, there is also an emerging need for the CFO to be savvy about cybersecurity and to include cyber threats also in their risk strategy.
Leadership collaboration – the need of the hour
The CFO with a broader collaborative mindset can, therefore, create a C-suite value ecosystem to amalgamate various insights and drive a tight linkage between resource allocation and strategy, encourage seamless communications among leaders, integrate corporate strategy and budgeting processes with capital allocation processes, including M&A and divestments.
This collaboration across leadership function is also illustrative of the fact that a broader set of objectives are required to address cybersecurity concerns:
- Onboard all key decision makers especially the CIO: This is critical to include cybersecurity frameworks across high-risk processes by involving all key stakeholders and the board to identify key areas of protection and mobilize resources to react quickly to any intrusions. There is a growing need for an effective synergy between the CFO and the CIO functions to protect shareholder value. This relationship is critical due to the convergence of technology, and security risks.
- Strategize to fix threats: Recognizing key activities having high exposures to threat vectors, building awareness among stakeholders on their responsibilities and protecting their assets. CFOs can provide valuable insights on the financial losses that might incur during a breach. This data can be used to factor in losses such as cost to reputation, stock price impact, damage control costs, and lawsuit charges. CFOs can then use insurance as a mitigating strategy against such losses. Hence awareness of newer insurance products addressing cyber risks is a must for CFOs. These insurance products provide a wide array of protection against cyber risks, including but not limited to costs incurred post cybersecurity/ privacy threats and loss of income post a security threat due to disruption in business.
- Prepare, and stay ahead: Adopting a digitized IT function and information model (encompassing strategy, architecture, and processes) to stay updated and take steps to counter the ever-increasing complexities of cyber-attacks. For e.g., a modern IT organization should have vulnerability assessments and penetration testing as a part and parcel of financial budgets.