Evaluating the CFO's Role in Mitigating Technology Risk

Evaluating the CFO's Role In Mitigating Technology Risk

A CFO establishes and maintains adequate risk management and mitigation strategies for an organization. In the fast-paced world of rapidly evolving digital innovations, the current business faces ballooning business risks. Cybersecurity is in the front line of any business, ensuring business efficiency but also exposing companies to multiple risks. What's more, cybersecurity risks spill over into financial risks for a company, hence a CFO's pivotal role. The CFO's role has evolved from the basic number cruncher to a strategic player in a company's tech risk. How can the current CFO adapt to the modern cyber world and mitigate technological risks?

What Is The Traditional Role of A CFO?

There is no doubt that the traditional responsibilities of a CFO still applies to the modern CFO’s role. The CFO plays an integral role in managing a business's present and future financial situation. Duties under the CFO typically include:

  • Financial reporting

  • Investments

  • Capital structuring

  • Optimizing organization's financial performance

All controllership duties such as reporting a company's financial status promptly help stakeholders, investors, creditors, and shareholders make critical decisions. In addressing capital structuring issues, the CFO helps the company manage debts, equity and organize internal financing. The CFO also plays a crucial role in the company's future. They apply economic forecasting and to help an organization find the best to maximize financial success.

The CFO performs their duties as the team leader for the financial team. While these duties remain critical for any CFO, they're now considered minimal requirements for managing any financial department. What's changed significantly is a CFO's ability to use financial data to make strategic decisions.

How Are CFOs Traditionally Responsible for Mitigating Risk?

As a financial expert, CFOs play a critical role in managing a business's risks. A Deloitte CFO Signals™ survey found that 48% of CFOs provide direct reporting for audits and compliance. 55% of the CFOs in the survey stated that they participate in enterprise risk management, while 35% stated that their teams report to them directly for all risk management matters. Generally, CFOs have cited undertaking more risk-related responsibilities over the years.

To ensure better risk management, CFOs generally oversee reporting in the organization. The majority of the CFOs cited direct reporting for management reporting, financial reporting, and development/M&A departments.

Technology Risk is Increasingly Becoming a Financial Risk

The modern CFO is undertaking broader responsibilities for business planning and enterprise risk management. As the nature of risk continues to evolve due to technological advancements, CFOs are increasingly acting as partners to CEOs to assist with strategic planning. Technological risks have become financial risks. According to a report by IBM and the Ponemon Institute, the average cost of a data breach is $3.86 million.

High-profile companies have reported spending millions after data breaches that expose private information. For example, Desjardins Group spent over $53 million in handling a breach. British Airways and Marriott had to budget for more than $100 million each after failing to meet the requirements of the GDPR, a regulation that monitors data privacy and protection in the EU. With such high costs on the line, CFOs can't remain uninvolved.

The cybersecurity landscape is ripe with attacks that are cause for concern for all organizations. Statistics indicate that cyberattacks are on the rise. When the COVID-19 pandemic started, more organizations shifted to remote workers. Attackers also shifted their focus to ransom-as-a-service to take financial advantage of vulnerable businesses. A study by Crowdstrike of its customer networks found more intrusion attempts at the beginning of 2020 than in 2019. Security vendors blocked more than 41,000 intrusion attacks between January and June compared to 35,000 threats for the whole of 2019. '

What Are the Experts Doing to Mitigate Technology Risk?

In a recent IT Pro webinar, Risky Business: The CFO's Role in Managing IT Risk, Electric's CFO, Vic Russo, offered the following advice: "The most common cyber risks that impact financial data are largely going to be social engineering attacks. Malware, Phishing, Eavesdropping — any attack that targets individuals rather than devices or software. This is why employee security training is so important, especially since if someone doesn’t follow your internal policies and makes a mistake, you won’t be covered by your cyber-insurance."

Dave Wardell, CFO, Chubbies, also shared insight into the security controls implemented at his organization relating to adapting to the pandemic: “The first security measure we implemented at Chubbies when we went remote was tighter controls around payment approvals, which I think all CFOs can speak to. We also moved quickly to make sure we had a much more robust management of everyone’s devices, onboarding/offboarding, etc. Lastly, we continued to make sure we were fully compliant with GDPR, CCPA, and any other relevant compliance frameworks, and how our integrations to those platforms work.”

Ron Gilboa, VP of Finance, Perimeter 81, advised the following for modern finance leaders: “In order to protect sensitive financial data in the cloud, our approach at Perimeter81 is to first gain visibility into cloud and network usage. You can access potential risks to your organization, and gain insights into how to combat these risks, and how to secure confidential information. Second, control & access the transition of data. You can prevent data loss and unauthorized access to your network by enforcing stricter policies for your data in the cloud. Third, overcome breach notification requirements. You can secure all data in the cloud by using private encryption keys.”

Steve Gentry, CSO, Clari, offered the following compliance advice: “With the shift to remote work for many this past year, the purchase and use of SaaS vendors has exploded, so understanding your third party risk management process as part of your overall compliance program has become even more critical. What controls have you put in place? How are you assessing those vendors? Have you defined minimum standards for those vendors as part of your compliance? These are all questions you should be asking as you look to establish your own compliance program.”

“The three main solutions when talking about risk are: mitigate, remediate, or accept. Accepting risk is part of running a business.”

What Is The Role of The Modern CFO?

As the pandemic, growing dependency on technology, and new digital innovations continue to dominate the business world, CFOs increasingly become facilitators for digital strategy. CFOs are now expected to handle the security risks an organization faces. According to Accenture, 72% of CFOs have a final say in a company's digital strategy.

Rather than look at technology as a risk, CFOs can adopt digital solutions to improve their services. Traditional financial functions are heavily automated at the moment. CFOs can use advanced financial modeling to identify risks and economic opportunities for companies.

What's more, CFOs can adopt technology to ensure information visibility and accessibility across the organization. By collaborating with the tech and cybersecurity teams, CFOs have a better chance at advising the C-suite on the way forward. By adopting digital skills, CFOs can advise the company about adopting technology for future change, despite breaches and attacks. The key is to not only focus on mitigation but also encourage a culture of informed risk-management decision-making.

4 Reasons Why CFOs Need Be Vigilant About Technology

1. Cybersecurity attacks have substantial financial risks. There are high direct financial costs after a breach, legal fees, regulatory penalties, business loss, and lost trust and reputation. There are huge expenses on the line, and CFOs have to step in to mitigate technological risks.

2. CFOs should become active members of the security and IT team. Investing in secure software, hardware, and networks is a collaboration between security experts and the finance department. By understanding the risks and consequences of a cyberattack, CFOs are better equipped to advise on spending. What's more, understanding the company's security needs helps CFOs align the security strategy with the overall business strategy.

3. CFOs play a critical role in regulatory compliance. Since finance and technology are now entwined, CFOs have to ensure correct reporting. Most cybersecurity laws call for organizations to disclose and report breaches. Regulations also impose penalties on organizations that fail to disclose breaches.

4. As financial advisers, CFOs need to adopt new technologies and advise top executives on the same. New tech provides opportunities for remote collaboration, better communication and lower costs for organizations. Thinking digitally and adopting new digital skills helps CFOs advise on tech spending to remain competitive.

The Tech-Involved CFO Is The Future

The modern CFO is expected to mitigate tech risks. To do so, a CFO has to use tech and participate in tech-related decisions. A forward-thinking CFO should step up to the challenge and embrace digital change to better their organization.

  • Cybersecurity measures for remote & hybrid teams to effectively safeguard sensitive financial data.

  • How to manage vendor risks when your organization outsources its IT functions.

  • How CFOs can collaborate with internal IT and security teams to mitigate IT risks, create and implement incident response plans, and more.

To register for the event and learn more about the panelists, click here.


Stay up to date

Subscribe to the blog to stay up to date with all the latest industry news and updates from Electric.