What is your company’s cybersecurity plan?
According to recent data, only 50% of U.S. companies have a cybersecurity plan in place. Of those that do, only 32% have updated their plan since 2019.
Financial personnel and CFOs should take a proactive stance regarding digital security. Here’s why.
Cybersecurity Is a Major Source of Risk
Cybercrime cost American businesses $6.9 billion in 2021 alone. Only 43% of U.S. businesses reportedly felt confident they could withstand the financial repercussions of a cyber-attack in the coming year.
That says nothing of the supply-chain disruptions and data breaches that can occur with digital attacks. These sorts of attacks cost more than mere dollars — they can also jeopardize a company’s reputation among its customers or stakeholders.
A company’s finances and reputation are the unique responsibility of its CFO, controller, or other financial personnel. If you work in finance, your organization will look to you to mitigate these sources of risk and work with other departments to adapt and respond to evolving digital threats.
Technology Increases Vulnerability
Modern corporations have increasingly adapted new technologies to manage their administrative and financial processes and store their most important data.
Think about how much information you store in your customer relationship management (CRM) or enterprise resource management (ERP) platforms. Unfortunately, these tools also represent new areas of vulnerability, especially when data is stored on cloud-based systems with no centralized method of storage and security.
In many cases, these systems unite entire organizations, offering end-to-end visibility for financial personnel as well as senior management. But the most valuable company data is usually related to its finances, which places a high degree of responsibility on CFOs, controllers, and other financial staff.
Because financial workers understand these areas of vulnerability, they’re in a unique position to ask for input from cybersecurity experts. Financial workers can and should have an important voice alongside the company’s IT department, helping to devise a cybersecurity plan that addresses areas of concern.
CFOs Must Align Security and Strategy
CFOs have an advisory role, meaning they assist the other members of the C-suite (i.e., the CEO, CIO, and CTO) with strategic decisions. Because of their unique position, they also need to come up with ways to align cybersecurity concerns with a company’s larger strategic goals.
Senior leadership has the power to allocate resources to deal with threats, and a CFO can help company leaders understand weak points and the risks associated with them. The CFO can then help leaders understand the benefits of instituting a new cybersecurity policy and how to integrate this plan into the company’s budget.
Financial Workers Understand Compliance Issues
Cyber threats represent more than just a financial burden on an organization. They also intersect with a company’s regulatory compliance protocols, which are often the purview of controllers and other financial personnel.
For example, the Securities and Exchange Commission (SEC) has been pushing companies to report cybersecurity risks in annual Form 10-K reports. In other countries, businesses face fines if a security breach occurs, and it’s not inconceivable that U.S. companies may one day be subjected to similar penalties.
If a data breach occurs, CFOs and controllers need to work with both the legal and technical teams to understand exactly what happened and how best to disclose the breach to regulatory agencies, shareholders, or even the company’s customers.
CFOs Must Train Other Employees
While CFOs and controllers occupy senior-level positions within an organization, many other employees usually play a role in mitigating cybersecurity risks. After all, data security is everyone’s responsibility, and it’s up to each employee to conform to the company’s security protocols and operating procedures.
CFOs, controllers, and management accountants can provide training to other staff members in the finance department and ensure compliance with established procedures.
At larger organizations, these financial leaders may even provide reports on training and compliance among their team members and adapt new policies based on new vulnerabilities identified by other leaders.
Modern Businesses Are Connected
How do you currently handle accounts receivable/payable? There’s a chance you regularly connect with your customers’ or vendors’ financial software to submit or receive payments. It’s important that you connect only with payment platforms that comply with your company’s security protocols.
Again, this is largely the responsibility of financial personnel, but these decisions may be made in conjunction with upper-level management. Ultimately, it’s important to set clear standards regarding how you interact with other business entities or customers to prevent data breaches and maintain high standards.
Keep Learning About Cybersecurity
If you work in finance, you already understand the importance of continuing education and adapting to new challenges.
To learn more about cybersecurity, visit the IT Executive Council’s website and browse its articles on cybersecurity to discover ways your organization can adapt to changing threats and regulations in 2023 and beyond. Finally, join the growing Controllers Council community to stay informed on cybersecurity and discuss with your peers.
Additional Cybersecurity Resources
A Controller’s Guide to Cybersecurity
Eight Tips to Reduce Fraud in Financial Reporting
Risk Mitigation and Management: Cybersecurity Basics for Controllers