Four Ways Finance Leaders Strengthen Cybersecurity Download As CEOs and boards become more informed about the extreme threats that cybersecurity lapses pose, their expectations are growing. CFOs’ expanding contributions to fortifying organisational data security, the highest priority identified in Protiviti’s latest Global Finance Trends Survey, play a pivotal role in satisfying those high expectations. Board members demand coherent, relevant and timely updates from their organisations’ CIOs and CISOs on the state of data security and privacy capabilities, as well as clear insights from CFOs on cybersecurity investments: Are we protected? Are we spending enough? Are we investing wisely? How do we know? Download Topics Cybersecurity and Privacy Business Performance Leading CFOs provide real-time answers and updates to these questions via the following practices: Benchmarking cybersecurity spending – CFOs can contribute significant value in helping CIOs and CISOs assess whether the company is allocating sufficient funds to mitigate cybersecurity risks. Leading finance executives benchmark the organisation’s data security and privacy investments – which, in most companies, comprise anywhere from 5% to 12% of the total IT budget – relative to industry peers and in consideration of the organisation’s type as well as the type of data (consumer, employee, etc.) it must protect. Since these percentages can vary greatly by industry and depending on the inherent risk given the nature of the business, it is crucial to calibrate this assessment properly. Evaluating investment allocations – Once the cybersecurity budget has been determined, leading CFOs work closely with CIOs and CISOs to determine whether these funds are being invested in the right combination of capabilities (e.g., data governance, identity and access management, incident response, cyber insurance) that deliver the highest returns on investment. More boards expect management to have a firm grasp on those allocations, which help determine whether the company is spending the right amount on the right processes given the magnitude of its cyber risk exposure Quantifying the dollar amount of cyber risk – Board members have grown dissatisfied with the three-tiered risk ranking system (e.g., red, yellow, green) information security professionals have traditionally used. The CFO’s dollars-and-cents mindset can deliver much more precision by assessing cyber risks via a quantitative versus judgmental approach so that both business value and risk value are measured in the same way. Leading cyber risk quantification approaches rely on existing models and probabilistic simulation methods to pinpoint the cyber risk confronting an organisation. This risk analysis involves a broader group of business users, asset owners and other professionals who may not have been included previously in cyber risk assessments. Expressing cyber risk in business terms – The output of cyber risk quantification exercises helps CFOs translate technical data security and privacy matters into business terms that resonate with board members, CEOs and stakeholders throughout the organisation. In their board and C-suite updates pertaining to cybersecurity, finance leaders should keep in mind that directors and CEOs expect concise answers to fundamental questions: How much would a breach cost us? Do we have enough cyber insurance? Are we doing enough to minimise risk? Are we spending enough, and are we spending on the right things? What’s the ROI of our cybersecurity spend Interested in learning more? Further insights and our full report, Finance Priorities in the COVID Era: Digital Dominance and Flexible Labor Models, are available at www.protiviti.com/financesurvey. Top 10 Overall Priorities – CFOs/VPs Finance* 2020 Survey 2019 Survey Security and privacy of data 80% 84% Enhanced data analytics 78% 79% Changing demands and expectations of internal customers 74% 73% Financial planning and analysis 72% 71% Cloud-based applications 72% 70% Challenges with regulations 72% 69% Internal controls 71% 73% Profitability reporting and analysis 71% 70% Process improvement: process and data analytics 71% 75% Strategic planning 70% 71% * Source: Protiviti Global Finance Trends Survey (www.protiviti.com/financesurvey). In our survey, respondents were asked to rate 42 finance areas based on a 10-point scale, where “1” reflects the lowest priority and “10” reflects the highest priority for the finance organisation to improve its knowledge and capabilities over the next 12 months. Rankings are based on the percentage of respondents who scored these areas at “8” or higher.