CFOs Should No Longer View Cybersecurity as Insurance
Investing in emerging technologies to leverage data adds dynamic cybersecurity challenges.
As external economic factors continue to drive CFOs’ thought processes and allocation decisions, reliance on data to both innovate and cut costs is leaving many organizations much more vulnerable to cybersecurity breaches than they are currently aware.
In a recent survey by Kroll analyzing the relationship between cybersecurity and CFOs, data shows over three quarters (79%) of responding CFOs have encountered at least one security incident that resulted in compromised data or financial loss in the last 18 months.
The impact a breach can have on an organization’s financial health means CFOs have a responsibility to informed about their company’s cybersecurity implementations, regardless of whether those are outsourced or handled internally.
Mitek Systems, a purveyor of AI and machine learning-based mobile capture and digital identity verification software, is in the business of helping organizations protect what is becoming their most valuable asset — data. According to Mitek’s chief technology officer Stephen Ritter, finance executives leveraging data in their businesses must no longer consider strong cybersecurity as a tech suite accessory.
“Cybersecurity is unfortunately no longer an option, but an essential element of any organization’s infrastructure,” Ritter told CFO. “Cybersecurity has become a priority for policymakers, as so many industries will need cybersecurity and the associated infrastructure to comply with [future] regulations.”
The balance between the desire to maximize the efficiency of data while also securing it requires nearly an equal amount of capital, which can be extremely difficult to assess. Once CFOs invest in technologies to innovate all aspects of businesses, their vulnerability to hackers grows if not also taken into account.
Ritter spoke extensively about businesses that are leveraging application programming interface integration (API). He says the demand for data is extremely high among cybercriminals. They have begun targeting companies across the board based on the vulnerability of the sensitive information businesses collect within their networks.
“The technology used to fuel the scalability of modern companies, such as APIs, has a tremendous upside; but also comes with risks,” Ritter said. “APIs are innovation enablers, and they also drive adoption and ease of integration. They provide alternatives for cybercriminals to attack a company and steal data. Fraudsters want this data and intentionally follow high-growth organizations to steal it using sophisticated technological approaches.”
To avoid becoming a victim to sophisticated cybercriminals, Ritter believes CFOs should equally allocate toward data protection and data utilization. But they should also start expanding the conversation around cybersecurity to other parts of their businesses.
Protecting Brand Reputation
Strong cybersecurity can be used in marketing and advertising as a complement to an organization’s brand. A customer should know your organization as a cybersecurity-sound company.
“The most important thing to keep in mind is that security should be thought of as part of your brand,” said Ritter. “Any security incident, whether it’s financial in nature or a data breach, can represent a significant loss to brand reputation. This is the primary reason we need to stop thinking about cybersecurity as insurance and instead think about it as an integral part of our brands.”
Outside of the reputational damage costs, other losses associated with cybercrimes can be broken down into four major categories. CFOs must keep these in mind when assessing the value of allocating funds towards cybersecurity as budgets tighten.
- Productivity loss. The losses incurred when the organization isn’t able to deliver its products or services.
- Penalties and fines. Judgments levied against the organization as a result of a breach.
- Replacement. The costs associated with the replacement of a capital asset or a person.
- Customer impact. Losses associated with managing the event itself, response times, and eroded trust.
To immediately improve data security, CFOs must do an inventory of their data.
“[Assess] what data you have, where it lives, and what its relative ‘value’ is to the company,” said Ritter. “This value might be represented as intellectual property or as some form of risk — typically regulatory and reputational.”
After finding a secure location for a company’s most valuable data, Ritter stressed the importance of maintenance and diligence when it comes to monitoring data security through a third party that specializes in maintaining policies and regulatory standards.
“Once all of your policies are in order, look into a partner to help audit your policies periodically,” he said, “as well as cybersecurity vendors that can help enforce and monitor those policies.”
Written by: Adam Zaki, reporter, for CFO.