CFO hires need to understand cybersecurity

risk management

The qualities necessary in a CFO are numerous, but one thing that hiring managers seem to overlook is a thorough understanding of cyber risk and the importance of protecting digital critical assets.

The role of a CFO is changing, as is the world in which they work. An EY survey from 2010 found that, even then, finance executives were handling more than organizations’ finances, they were contributing to their companies’ strategic visions. The important role that a CFO plays in any organization makes it even more essential that hiring managers find the right individual for a job – someone who understands more than financials, but rather, every aspect of running a business.

Today, with cybersecurity taking an increasingly prominent role in strategy, one may think that the majority of CFOs would understand the importance of investing in protection against hacks and similar attacks. However, research indicates that many companies’ CFOs are more apt to brush technology security issues aside rather than invest in preventative solutions.

“Cybersecurity is taking an increasingly prominent role in strategy.”

‘Starved’ for a CFO who invests in cybersecurity
A Global Cyber Risk study sponsored by Georgia Tech Information Security Center found that CIOs are “starving” for the technology they need to prevent cyberattacks because CFOs often brush their security issue reports aside to save money.

“When you start looking at why [a] company had a weak security program, it usually comes down to allocation of resources,” Jody Westby, the chief executive officer of Global Cyber Risk, a consulting firm, told “The CFO should be very concerned, because often it’s the security programs that have been starved for cash.”

A CFO who doesn’t understand the importance of a CIOs reports is essentially putting the organization’s critical assets at risk by failing to address CIOs’ concerns. And when a company is hit with a cyberattack, what finance executives may not know is that the hunt for blame usually comes back to them. Not only is it important for the company to employ a finance executive who understands technology, it is important for the CFO him or herself.

The strategic importance of the CFO position today, as well as these executives’ roles as gatekeepers when it comes to the critical expenses, means it is crucial for hiring managers to look for financial officers who have a deep understanding of cyber  risk and what it takes to prevent attacks.

Cyber risk a growing issue
Cybersecurity is a growing issue, with major attacks occurring seemingly annually. In fact, Pricewaterhouse Cooper found that in 2015, 38 percent more attacks were reported than in 2014. Many of these cyberattacks weren’t minor either. The theft of “hard” intellectual property – a term which refers to assets such as patents – increased 56 percent in 2015. With the frequency of cyberattacks not decreasing by any means, it remains vital that companies of all sizes do everything they can to implement protections against such incursions.

All sorts of systems are vulnerable to these sorts of attacks, and they can be costly, though exactly how much so hasn’t quite been quantified, according to Cybercrime has a short history. However, the frequency of these sorts of attacks is constantly on the rise.

A study that saw Ponemon Institute partner with HP attempted to calculate the average total annual cost of such attacks, though. The study determined that the average annualized cost of cybercrime for those companies surveyed was $12.7 million. It was also noted that the figure represented a 96 percent increase over five years. With both the risk and the cost of cyberattacks consistently increasing, it is important for companies to do their best to make sure they are well protected from hackers – and often that means hiring a CFO who understands cyberrisks and the need for preventative solutions.

 CFO should understand critical assets are at risk if funds aren't allocated to cybersecurity.
CFO should understand critical assets are at risk if funds aren’t allocated to cybersecurity.

Look for an understanding of cybersecurity when hiring a CFO
When you’re hiring a CFO be sure to look into the individual’s background and highlight any experience that indicates an understanding of the importance of cybersecurity. Did the individual work at a technology company, has he or she worked technology jobs before and did the candidate indicate knowledge of cyber  risks and security in the interview? If so, this is certainly someone to star as a quality hire.

“If you have a CFO who really tries to understand the cyber risk and tries to ensure there is adequate funding – within reason – then that is a very good person [for the CIO] to report to,” Westby explained to “So a lot depends on the mindset of the CFO.”

When it comes to hiring a CFO you aren’t simply making a decision on your company’s financial gatekeeper, you are influencing your organization’s strategic vision and deciding how seriously cybersecurity will be considered in the future.