Gartner predicts that by 2020, 60 percent of digital businesses will suffer major service failures due to the inability of IT security teams to manage digital risk[i]. This is a remarkable statistic and should make all business leaders — including the Chief Financial Officers (CFOs) very nervous. Imagine the repercussions of just one breach — a damaged business brand, widespread loss of customer’s faith, sky-high regulation fines, huge remediation costs, etc. All these damages will definitely worry a CFO, as all of these not only have financial implications, but also can put the survival of the company at risk. Thus, managing risks from the use of technology is rightly gaining prominence at various board-level meetings. With this in mind, I have put together a list of top actions for the CFOs to identify, assess and respond to the risks emerging from the use of technology.
- CFOs should have firsthand information of risks and vulnerability from cyber threats, and should be in a position to explain to their teams about the risks both explicit and implicit in the digital era. In order to combat these risks, CFOs should assess the methods, technology and human resources required.
- CFO should prioritize cybersecurity and other technology-related risks in an audit and risk mitigation committee. They must start evangelizing the criticality of data, and the policies to protect them. Further, they should regularly review which of the company’s resources require the highest protection in order to guarantee continuity.
- IT risk and security leaders must move away from trying to prevent every threat. In this era of sophisticated technology, despite the best preventative control mechanisms, it will not be possible to prevent every incident. Instead, companies should invest in having a robust monitoring system, which would facilitate the rapid identification of attacks in real time in order to respond with greater agility.
- Periodically, CFOs with the IT and risk departments should consider organizing simulated attacks to check the readiness of their business environment. This can help review their contingency and business continuity plan in light of a cybersecurity incident and be certain that all stakeholders are well-informed.
- CFOs should partner with an expert service provider who is capable of defining, analyzing and implementing solutions that can provide maximum protection and guarantee minimal disruptions. A partner who has an in-depth understanding of how the company should act when attacked.
I am neither hinting the job of the CIO is at risk, nor I am suggesting that the CFO has to exclusively lead cybersecurity initiatives in their organizations. However, it is important to understand that, today, organizations are so digitally wired that it is mandatory for business leaders (including the CFO) to know the risks and threats new scenarios entail. To me, the evolution of the CFO role is that of a brake in a car. The job of the brake is not to slow the car down, but give the driver confidence. Similarly, CFOs — along with other stakeholders — establish measures and controls in an organization, which help accelerate revenue and profit.
Want to know more? You can start by reading “The CFO Imperative: Managing risk arising from the use of technology” our latest paper with Knowledge@Wharton. Assimilating in-depth perspective from NTT DATA Services experts and Wharton faculties, the paper offers insight into the downstream effect of security challenges and how business leaders can minimize its impact. You can also read about our managed security services here, or follow us @NTTDATAServices to know more.
Gartner Special Report: Cybersecurity at the Speed of Digital Business, Paul E. Proctor and Ray Wagner, August 30, 2016
Post Date: 11/16/2016