Strategy Robert Half | Protiviti

Cyber Security Tops List of Concerns for CFOs


Sponsored by Robert Half | Protiviti

CFOs and their finance functions view data security and privacy as their highest priority, according to results from a new survey of global corporate finance leaders.

© scyther5/iStock/Getty Images Plus

The now-ubiquitous observation that “every company is a technology company” has a corollary with growing relevance for chief financial officers (CFOs) and finance leaders: All business functions – including finance – are technology functions.  

CFOs and other finance executives appear well-aware of the consequences of this statement, according to key takeaways from Protiviti’s 2019 Global Finance Trends Survey, a report surveying more than 800 senior-level financial executives representing a cross-section of public and privately held companies. Specifically, in assessing a broad range of strategic and operational issues within the finance organization, CFOs and finance leaders view the security and privacy of data to be their most important priority to address over the next 12 months. Moreover, based on the potential impact of security and privacy issues on the finance organization, most finance leaders have increased their budgets to help address these issues.  

Finance leaders and their teams clearly place high importance on managing cyber security matters proactively, and they are supporting this with related funding increases where possible. This is both expected and positive to see. When it comes to addressing and managing data security and privacy effectively, finance organizations should keep in mind the following three considerations as they invest their time, attention, and budgets:  

  1. The use and protection of data increasingly defines the finance organization’s success: It’s not just about protecting data – it’s also about ensuring the protection of data that drives the finance organization’s success. Other top priorities for CFOs and finance leaders – “enhanced data analytics,” “process improvement: process and data analytics,” “changing demands and expectations of internal customers,” and “embracing new technologies”– all hinge, on strengthening information security and defending data the finance organization requires or produces to meet the needs of the business. For example, data governance and data-driven metrics are critical components for meeting or exceeding the expectations of finance’s internal customers, as fulfilling these expectations depends in large part on the finance organization’s ability to derive actionable insights from its data.  
  2. CFOs should focus the entire finance organization on data security: Finance leaders recognize that failing to make progress in protecting and leveraging data assets, whether on-premises or in the cloud, could result in a failure to meet the business’s strategic objectives. As a result, CFOs should ensure their entire finance team understands and is engaged with the enterprise’s overall security measures and data protection strategies while monitoring data security, privacy, and governance related to all finance and accounting data and activities. These activities notably include the migration of enterprise resource planning (ERP) systems and other finance and accounting applications to the cloud, as well as the increasing adoption of robotic process automation (RPA), artificial intelligence (AI), blockchain, predictive analytics, and other advanced technologies.
  3. Finance professionals should address their cyber security knowledge gaps: Most finance leaders and professionals lack deep knowledge of the technical aspects and requirements of appropriate cyber security and data privacy measures – understandably so – given that these competencies were not an ordinary part of the professional tool kit until recently. As a result, finance leaders traditionally have relied on others — most notably, the information technology (IT) function and IT security teams to articulate and implement specific controls and protections for cyber risk. Yet the issues we’ve identified here suggest that finance leaders and professionals also should engage in their own on-the-job learning when it comes to expanding their knowledge base with regard to information security. Many CFOs are doing so by getting involved in the process of procuring cyber insurance for the organization to help mitigate this risk from a financial perspective. Another opportunity to simultaneously add value and gain valuable cyber security knowledge involves the quantification of cyber risk – a crucial exercise that helps executive leadership and the board understand where the company should invest in cyber security.

Cyber security and data privacy are among the most formidable challenges that all companies contend with due to the ubiquity and magnitude of cyber threats globally. A single cyber security incident can disrupt operations, cause revenue losses – as well as longer-term financial damage, spark regulatory and legal actions, and damage (perhaps irreparably) an organization’s reputation – while sapping the confidence of its customers.

As more leadership teams and boards recognize that cyber security cannot be left to the IT function to address alone, more finance organizations may need to address these issues as an even higher priority.