CFOs and Cybersecurity

The CFO As “War Hero”

It’s been said more than once: cybersecurity must be fought by a united front. What needs to be stated just as often, however, is the increasing importance of a select member of said front: the CFO. In the mounting war between prevention and losses, the role of the CFO is modifying beyond that of mere foot soldier. It’s not simply a matter of minding the war chest anymore; the finer points of data breach preparedness command that a creative, visionary hand be at the helm, lest the corporate hatches be inadequately battened.  

Cyber-Attacks By The Number

According to a variety of sources, U.S. companies are dramatically ill-prepared against the possibility of a major security violation. The statistics astound:

• Last year, U.S. companies faced 421 million attempted breaches, an increase of 98% compared with 2020 – The Senate Committee on Homeland Security and Government Affairs  
• Ransomware, “business email compromise” schemes, and the criminal use of cryptocurrency exceeded $6.9 billion – FBI report.
• The average ransomware payment surged 78%, to $541,000 – Palo Alto Networks 
• The average ransomware demand averaged $2.2 million, a 144% increase from 2020 – Palo Alto Networks  

And yet, fewer than two out of five CFOs and CEOs (38%) worldwide believe that their company’s cybersecurity adequately shields more than 75% of their operations, according to figures quoted in cfodive: https://www.cfodive.com/news/cfos-ceos-see-cybersecurity-gaps-accenture/624831/

One of the leading causes of this unpreparedness: weak accountability.

The Grayhawk CFO

As a leading supplier of top-tier financial talent, Grayhawk Search is intimately acquainted with the range of competencies today’s CFOs require to serve as a driving force in the effort to shield institutions against data breaches and system violations.  

It’s a highly specialized, ever-evolving discipline rooted in an acute awareness of the range of crimes at large, and the quantification of their prospective impact. 

Top Security Issues

The major security issues in question include:

Ransomware – It’s the daunting responsibility of any organization to entertain the reasonableness of paying criminals to unlock unlawfully appropriated data—but it’s the CFO’s responsibility to ensure that money is imminently available for all such incidents and that a variety of exchange scenarios have been tested and qualified.

Insurance – The dramatic uptick in ransomware offenses, a fear furthered by the recent Russian crypto attacks on Ukraine, has led to a corresponding rise in cyber insurance premiums and the insertion of sophisticated clauses. As a result, a molecular knowledge of cyber-attack insurance policies has become a core CFO competency. 

Regulation – Increasingly, Big Government is responding to the collective corporate concern over cyber security. Once the U.S. Security and Exchange Commission’s cybersecurity risk management requirements are finalized, CFOs will become prime determinants of the validity of an attack, putting a premium on their reportorial capacities. As a result, CFOs won’t just be CFOs anymore; they’ll be key arbiters of investor risk, keepers of the market, and legitimate figures in the national security ecosystem. 

Top Security Solutions

Given the aforementioned issues, it’s imperative that your company’s CFO be the possessor of a wide swath of prescriptive competencies. 

These include:   

• Ability to properly audit a company’s security status – This often involves the development of tangible metrics to measure a comprehensive range of potential offenses, from large-scale attacks to the thwarted, often unreported variety.
• Ability to cultivate a productive CFO-CISO relationship – Of all C-suite relationships, none is more crucial to the success of a secure organization than the CFO-CISO tandem. Together, the CISO-CFO duo can determine the appropriate budget for designated security requirements and measure them against prospective losses.  
• Ability to support and promote internal awareness – Many security lapses are directly attributable to human error within an organization. Having the foresight to allot for internal education and technical fail-safes is a critical skill in sustaining a company’s overall security.
• Ability to foresee damages and their impact – Contingencies against breaches of data take myriad forms. CFOs need a deep knowledge of the various styles of insurance related to the issue, but also those required to stem the fallout of reputational damage, which can seriously disrupt business continuity.
• Ability to promote and underwrite cross-board security – Breaches need to be anticipated at source; no one is above suspicion, from the Employee of the Month to the weekend cleaning staff. Security governance must be leveraged and ingrained across the culture.                                            

Grayhawk – The Secure Choice

The evidence is irrefutable: if your current CFO isn’t a key architect in the development of your company’s cyber security stratagem, you’re in financial and reputational jeopardy.   

Only Grayhawk Search, with its proven, scientific researching and recruiting practices, can help you locate and procure the proactive personality required to keep your company free from risk in this age of increasing criminal sophistication.

Grayhawk Search – Let us secure the talent that will keep you secure. 

Read our further insights!