Finance and cybersecurity are two distinct departments with completely different sets of goals. Still, the two entities, and the individuals that lead them, are inextricably linked, even if they may not realize it. Chief financial officers (CFOs) and chief information security officers (CISOs) are both critical to the survival of their organizations. A business cannot thrive, much less survive, without the expertise of its CFO and CISO.
One may wonder, though, if both parties are so integral to their business, why it is that they often operate independently from one another. The answer is that they shouldn’t. Instead, CISOs and CFOs need to start working together to accomplish mutual objectives.
Though these professionals seem as though they’re worlds apart, their underlying goal is the same. They want to promote business continuity and growth. The way that they go about it is just a little different.
CISOs proactively work to protect the organization from losing cybersecurity threats, whether they be internal or external. On the other hand, CFOs are tasked with preserving and improving the financial health of the organization.
If a CFO fails, CISOs probably won’t have the resources that they need to fulfill their responsibilities. Conversely, if a CISO fails, the financial repercussions can be severe.
Keeping CFOs in the Dark Has Major Consequences
In a 2022 survey, Kroll polled chief financial officers throughout the nation in order to assess their understanding of the cybersecurity needs of their respective organizations. The survey results were unsettling, to say the least.
While nearly 87% of respondents stated that they were confident that their organization could fend off cyberattacks, 61% of participant organizations had fallen victim to three or more significant incidents in the last 18 months. Perhaps even more concerning is the fact that 60% of those did not receive regular briefings on cybersecurity, and 40% of CFOs polled never received any updates on the company’s cybersecurity stance.
The Kroll survey provides many insights into the relationship between CISOs and CFOs. One of the most notable revelations that it provides is that finance executives are often kept out of the security conversation altogether, which is especially problematic for several reasons.
First and foremost, the actions and failures of CISOs have a direct impact on CFOs, as well as the business as a whole. If a CFO is made aware that cybersecurity is an issue, they can begin to prioritize it when building the budget or conducting scenario planning. CFOs are much more willing to up cybersecurity spending if they realize just how much is at stake.
Counting the Cost of a Breach
The amount that a data breach actually costs a business varies greatly depending on several factors, including the size of the organization and the scope of the breach. According to IBM, the average cost of a data breach in the United States was approximately $9.44M in 2022.
That analysis primarily examined breaches perpetrated against enterprises. The cost to small businesses is typically much smaller, but such entities often do not survive the financial repercussions of the incident.
There are also wholly immeasurable costs associated with a breach. When a breach occurs, countless customer records, as well as an abundance of other confidential data, are exposed, causing consumers to lose trust in a brand. Many current customers may cease business with the company, and prospective clients will likely avoid that brand for months or even years following the incident.
The bottom line is as such: Data breaches cause irreparable damage to a brand’s reputation and cost them millions in lost productivity. With so much at stake, it is vital that CFOs, CISOs, and all organizational leaders do their part in proactively guarding against these incidents.
Why CFOs and CISOs Need to Collaborate
Through collaboration, CISOs and CFOs can create alignment between cybersecurity objectives and the company’s overarching goals. CISOs can break down complex cyber-speak into easy-to-digest information, and in turn, the CFO can convey that information and the CISO’s concerns to stakeholders so that they can all make informed decisions when setting the cybersecurity budget.
For instance, the CISO can relay how much an unexpected three-hour network outage would cost the business. The CFO can then generate a detailed report, including graphics, to relay this information to the C-suite. Once everyone understands the scope and magnitude of seemingly minor cybersecurity issues, they will be much more committed when it comes time to fix them.
Without collaboration between CISOs and CFOs, the board of directors will likely fall victim to common misconceptions. Specifically, those outside of the cybersecurity space have difficulty assessing varying degrees of risk. Instead, they believe that the company is either at risk or safe from said risks.
When the CFO and CISO work together, they can shed light on the nuances of cybersecurity and reduce the company’s vulnerability.
Looking to learn more about cybersecurity and technology? Controllers Council is a national community and platform of Controllers, Accounting and Finance professionals focused on accounting best practices, information and resources, recognition and networking. Membership has many features and benefits to propel your career and expertise, and to be an active participant in our exciting community. Discuss topics like today’s job market and more in our forum. Become a member today.