Why CFOs must collaborate across teams to overcome cyber threats

The ever-evolving digital landscape exposes organisations to significant security risks, making them vulnerable to cyber threats regardless of their size or operations.

CFOs hold some accountability for safeguarding against these risks and must use their collaboration and influence skills to protect their businesses. According to the American Express 2023 CFO Survey, 63% of CFOs from large organisations in France, Germany, and the UK expect increased cyber threats in the next year.

It’s crucial to focus on cyber threats in 2023, and beyond. Developing resilience and recovery skills while complying with evolving cyber regulations become vital components of their toolkit.

The Hiscox Cyber Readiness report reveals that 48% of businesses have faced at least one cyber-attack in 2022 [1], costing businesses $8 trillion in 2023 alone. [2]

High-profile cyber-attacks like those on the Guardian newspaper, Royal Mail [4], British Airways, Boots, and the BBC [5] underscore the urgency of addressing cybercrime. Geopolitical and economic volatility amplify the risk, making it more pressing than ever.

CFOs play a crucial role in managing the financial costs of cyber threats, from lost revenue due to reputational damage to remediation expenses and potential regulatory fines resulting from data breaches. Cybersecurity is no longer just an IT consideration; 71% of CFOs in our survey expect digital transformation to impact their role, with 73% emphasising the importance of virtual payments to reduce fraud risk.

CFOs can encourage key actions that will help their organisation overcome cybercrime and reduce associated costs at the same time, which may include:

Due to the nature of their role and responsibilities, CFOs may be a prime target of cyber threats, and they have a critical part to play in strengthening their organisation’s digital presence and navigating cybersecurity challenges. The CFOs we spoke to in our survey told us that risk management is increasingly taking up more of their time, and 62% expect greater collaboration with other functions.

CFOs need to strengthen their organisation's digital presence by collaborating with other C-suite peers, such as CIOs and CISOs, to assess risks and develop appropriate actions. Engaging procurement departments in security policies for suppliers can also reduce risk points.

As with any threat to an organisation, a joined-up effort is needed to tackle cybercrime. But many businesses lack a cohesive way of sharing information and best practices, leaving knowledge gaps that may inadvertently lead to cyber-attacks. For example, many employees are required to perform online training courses as part of their onboarding process when entering a new role, but how effective and sufficient are these?

Anyone who works in an area that is identified as particularly vulnerable to cybercrime, no matter what level they are, will need more in-depth training. Finance departments, for example, are often popular targets for cybercriminals, particularly in relation to methods such as ransomware and phishing. CFOs should proactively engage their organisation's cybersecurity professionals and experts to help train their team on an ongoing basis.

But with today’s expanded CFO role, responsibility doesn’t end with finance departments. CFOs influence overall organisational cybersecurity strategy and should therefore collaborate with other C-suite executives to implement more stringent and ongoing training policies company-wide.

Any measures taken to safeguard against and overcome cyber threats should be carefully evaluated to make sure they’re the right path for an organisation to take. Whether it’s external training, technology, insurance, or other factors, it’s important to weigh up the options and the potential cost. Bearing in mind, however, that the potential cost to an organisation of a serious cyber-attack could be catastrophic.

CFOs have a crucial responsibility in assessing the financial impact of any investment made into cybersecurity. The cost should align with the potential risk exposure of cyber threats while being enough to protect the organisation’s long-term reputation and value.

Promoting a holistic, business-wide approach to cybersecurity allows CFOs and other senior leaders to deflect cyber-attacks, detect potential threats and recover from even the most serious of attacks with minimal serious consequences.