Now More Than Ever, CISOs Need to Engage with CFOs

3rd June 2020

Just as CISOs used to be back-office technical leaders, CFOs of the past tended to be number cruncher’s only. Both roles have become more strategic over the past decade, and they both have one concern in common: corporate risk management. Between common cyber criminals, nation-state actors, and hacktivists, the CISO and the CFO have a vested interest in working together to protect the organisation.

“The CFO has a duty to provide plain, true and complete disclosure to the board on a wide range of issues that many would argue should include the potential impact of a cyber attack on the financial standing of the organisation.”

Fighting increasingly frequent and sophisticated attacks from a variety of players requires a resilient approach to cybersecurity—as well as collaboration across many groups, including cybersecurity and finance.

The COVID-19 pandemic presents a plethora of risks to an organisation—supply chain disruptions, loss of sales orders, travel restrictions, not to mention temporary closures of factories, construction sites, and retail stores. At the same time, cyber criminals are taking advantage of coronavirus. Ransomware attacks on essential businesses and attacks targeting new remote workers are proliferating. The U.S. Federal Bureau of Investigation (FBI) has seen reports of cyber crime quadruple during the pandemic—including fraudulent charities, fake loan applications, and extortion.

From a CFO’s perspective, the intuitive response to a crisis like this one is to do everything possible to rein in costs. But thoughtful CFOs understand that now is not the time to cut the cybersecurity budget. Security exposures are changing due to a number of factors:

Remote workers – Thousands of organisations have hastily built work-from-home infrastructures because offices were required to be closed. Now it appears that many organisations will have an increased number of remote workers for months or years going forward. Now is the time to secure that infrastructure against cyber threats.

Supply chains – At many companies, just ensuring that the right supplies are in the right place at the right time is a big challenge. But the CFO and CISO must work together to make sure these vendors follow security standards and write that into contracts.

Evolving risk appetite – When the pandemic struck, companies favoured availability of service over confidentiality and data integrity. Now is the time for the pendulum to swing.

The CFO is never going to be a cybersecurity expert. This is why the CISO needs to cultivate a relationship with the CFO—now more than ever.