Story image

Finance execs must step up and take the lead in cybersecurity

03 Oct 17

Cooperation is a cornerstone of cybersecurity as all the relevant parties team up and take control – especially after a breach has occurred. People must work to get systems online, write to regulators, investors, file insurance claims and compensation.

According to BDO Global, finance directors’ business management must include risk management, ERP, compliance, reporting, valuation and business continuity. While in the past it may have been sidelined, it is now part of cybersecurity leadership.

“We are witnessing a budding crisis in the implementation of cybersecurity information governance, risk management and compliance (iGRC) requirements and organisations are facing ever more stringent cybersecurity regulations: it is not surprising that many of them feel overwhelmed,” comments BDO Global head of international cybersecurity, Gregory Garrett.

“The recruiting, staffing, training and retention of cybersecurity talent is a significant challenge for nearly all companies – and the global shortage of experienced cybersecurity professionals is expected to increase over the next three to five years. It is vital that finance, risk and compliance management professionals in public and private organisations - in particular SMEs - step up and take ownership of the growing financial responsibilities in cybersecurity”.

According to the company, finance executives must now be business partners who understand and integrate key drivers across business models. This extends to cyber defence through resilience and linking everything back to sourcing, systems, people, premises, assets and risk.

The five levels of finance executives’ strategic engagement with cybersecurity are as follows:

Compliance

Since the financial crisis, far-reaching compliance rules have emerged. Mandatory breach reporting followed, now affecting both US and European organisations. Cybersecurity compliance oversight naturally engages the chief compliance officer, who is usually located in the finance department. In mid-market companies where roles are combined, it may be the finance manager who finds cyber compliance within his or her remit

Valuation 

On top of legal, insurance and technology costs, cyber incidents cause reputation damage. This affects valuation, jeopardising a company’s position in M&A negotiations. The finance manager engaged in deal making will leverage their cybersecurity knowledge to estimate the value of an organisation’s cyber defences, as well as the impact of a breach on overall valuation

Partners and vendors

Cyber supply chain risks require a coordinated effort to address because they touch sourcing, vendor management, supply chain continuity and quality, transportation security and many other functions – all of which intersect inside the finance department

Risk

Risk managers manage the risk to the organisation, its employees, clients, reputation, assets and the interests of stakeholders. Converging with operational risk, cyber risk has made its way to the desk of the corporate treasurer. She or he becomes a key factor in an effective and holistic cyber risk defence programme, evaluating cyber risk exposure and ensuring adequate cyber insurance coverage for non-remediated risks

Reporting

Cybersecurity reports are typically jargon-filled reports. Next to this, audit committees typically interact with CFOs, controllers, accountants and auditors. A complicating factor is that responsibility for protecting digital assets is distributed over various roles within an organisation and even external service providers.

In the absence of a dedicated CIO, audit committees benefit from contact with a business owner to assess cybersecurity. Finance executives make for natural cyber owners as they are capable of addressing committees in the language they are most used to: financial.

Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.