You and I are playing a word association game and I say, “Target. Sony. Equifax.” If what comes to mind are the costly data breaches each company suffered, the millions of dollars lost and the loss of customers as a result of tarnished brand reputations, then we should talk – particularly if you are the CFO of a middle market business where the vast majority of these types of attacks occur.
Cyber liability is a tremendous issue for all types of organizations today: small, medium and large, public or private. According to cybersecurity firm Centrify, “Only 39 Percent” of IT executives “say their organizations have a high ability to prevent a data breach.” No wonder 31% of organizations have experienced cyber attacks on operational technology infrastructure.
It would be nice to think that your CIO is on top of this threat, but the fact is: 42% of finance chiefs are the owner or co-owner of cybersecurity at their companies, according to a recent CFO report. And Harvard Business Review writes: “Given the increasingly new relationship between cyber risk and financial risk, the CFO should ultimately be accountable for cyber risk.”
Now, I know your to do list is already a million miles long, but there are three straightforward steps you can take today to protect your organization and become a cyber risk hero.
But first let’s get acquainted with what your top concerns should be.
CFO’S TOP CYBER CONCERNS
Let’s keep it simple. Insurance firm CRC and Investor’s Business Daily stipulate what CFOs’ top cyber concerns should be:
- Loss of customer data may be particularly costly as consumers, whose patience continues to wane in light of such breaches – increasingly seek legal redress.
- Business interruption due to a security event is not covered under a typical business interruption policy. It needs to be secured within a cyber risk policy.
- Hackers’ efforts are more of a full-scale attack on potential system exposure. They will pursue any and all vulnerabilities to obtain available information, determining post-breach if any value exists.
- Not all cyber incidents result in immediate financial loss; some may take months or years to harm a company’s competitiveness and earnings. Don’t be focused only on short term earnings. Now let’s tackle the first three steps a CFO should take to address these concerns.
3 BEST PRACTICES FOR ADDRESSING CYBER LIABILITY
CFOs should develop what legal consulting firm UnitedLex calls “an incident response plan with clearly defined roles and processes.” To begin, follow these three steps today:
For reprint and licensing requests for this article, CLICK HERE.
Stories You May Also Be Interested In
- CFO Awards 2018 Nominees: CEO Watch - Cyber Security Remains Real Threat, Especially For Small-to Mid-Size Firms
- 100 Fastest Growing Private Companies 2017: Four Ways to Manage Cybersecurity Risks
- The Executive’s Guide to Purchasing and Using Cyber Insurance
- Intellectual Property & Licensing Law Roundtable: Intellectual Property Cyber Theft on the Rise
- Most Influential IP Attorneys in L.A.: Intellectual Property Cyber Theft Expected to Rise
- CUSTOM CONTENT: Are You Still Operating Business As Usual? GROWING RISKS FOR LAW FIRMS
- CFO Awards 2017 Nominees: Get Ready for the New Rev Rec Rules
- Business Insurance in 2019: Preparing CFOs for the Year Ahead