Organizations must comply with myriad industry standards while managing the security of both their proprietary and customer data, as well as brace for the possibility of unknown breaches and leaks. A data breach can be exceedingly costly and can jeopardize a business of any size. To help senior-level financial executives improve their cybersecurity and protect their organizations, Grant Thornton LLP and Financial Executives Research Foundation (FERF) identify critical elements of the CFO’s role in protecting his/her organization from cyberattacks, as well as practical recommendations for establishing an effective cybersecurity program.
These findings are based on a survey of 98 members of Financial Executives International (FEI) and Grant Thornton clients, conducted between July and December 2014. The survey was followed by in-depth interviews of FEI members to get perspectives on a number of organizations’ experiences managing cyberthreats.
Key findings include:
1. Respondents’ top cybersecurity concerns include protection of data — including customer data and intellectual property (IP) — from data breaches and compliance with data security laws.
2. Either the CFO or the chief information officer (CIO) is usually responsible for the company’s cybersecurity program. However, interviews revealed that collaboration between different groups is more reasonable.
3. Although the CFO is often responsible for cybersecurity, the organization’s IT department typically manages the day-to-day aspects of cybersecurity. General counsel are usually involved as well, advising senior management and board members on legal responsibilities.
4. The CFO is often expected to assess cybersecurity risks, align cybersecurity strategy with business strategy and get buy-in from the board on necessary cybersecurity investments.
5. The most common impediment to developing an enterprise-wide cybersecurity strategy is a lack of understanding of cyber-risks and potential impacts of a breach.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program