The Cost to a CFO of Ignoring the Obvious

Companies pay a high price for assuming existing safeguards will prevent a data breach. According to a CB Insights article, Cybersecurity Startups Have Raised $7.3 Billion Over 1,028 Deals, a litany of high-profile security breaches impacting both the private and public sector have made cybersecurity start-ups an increasingly hot area for investment. Since 2010, deals and dollars increased steadily growing by more than 100 percent in both areas. Funding in 2014 broke the US $2 billion barrier for the first time, while deals continued their steady ascent, growing 4.3 percent from 2013 to 269 deals.

The importance of online security and the necessity of companies and individuals to avoid business practices that leave their information vulnerable are in the news several times a week, if not daily. Apple’s Tim Cook, the CEO of the first US company in the world to reach a market capitalization of US $700 billion, spoke recently at the White House Summit on Cybersecurity and Consumer Protection at Stanford University, highlighting that this problem is a concern for even some of the largest players in the market.

The rise of the mobile workforce and the movement to cloud technologies open up more opportunities than ever for hackers, competitors and other potential criminals to access sensitive data surreptitiously. In 2013, more than 13 million Americans were victims of identity theft, now one of America’s fastest growing crimes. The average annualized cost of cybercrime for U.S. companies was US $12.7 million in 2014, up from US $11.6 million the year before, according to the Ponemon Institute.

What should be of particular concern to company CFOs is that the hackers are becoming as skilled as the employees whose job it is to safeguard precious information. They are doing everything they can do to breach virtual protections in place and utilize the gathered data for illegal gains. Cyberattacks happen across all industries and to companies of all sizes, making it important for every organization to create and implement an effective risk strategy.

CFOs can apply a simple yet effective, three-step approach to digital risk mitigation, as noted in Armanino’s recent article. By creating strong internal controls, maintaining open communication across departments and investing in cyberinsurance, CFOs will be well-positioned to adapt to new threats and reduce their company’s digital risk on an ongoing basis.

It is the CFO’s responsibility to keep cybersecurity issues top-of-mind for the executive team, which is always dealing with several priorities vying for the same resources. It is imperative to ensure your company does not lose sight of the fact that digital risk needs to be addressed on an ongoing basis, lest they become part of the growing cost of managing the unfortunate outcome. Keeping in mind hackers’ growing sophistication, the key to warding off their unwelcomed infiltration is to create a culture where cybersecurity is a consistent part of the boardroom discussion.

Jeremy Sucharski, CISA, CRISC
Partner-in-Charge of Armanino’s Governance, Risk and Compliance (GRC) Practice

[ISACA]