FEI’s CFO Quarterly Global Outlook Survey: March 2014, reported that:
“Three quarters of CFOs revealed they are currently taking steps to protect against cyber-attacks, most notably upgrading security software and/or encryption protections (71%) and establishing off-site backup systems/plans (67%). Given the increased number of major companies and organizations that have faced cyber-attacks, 67 percent of CFOs are considering increasing their budgets toward improving cyber security. Almost one fifth of respondents (19%) reported experiencing a cyber-attack in the last year. Almost half of those attacks (48%) were foreign sourced.”
FEI’s Committee on Finance & IT (CFIT) is concerned about cybersecurity, and asked Melissa Krasnow, an attorney with Dorsey & Whitney LLP, to draft a whitepaper describing best practices in risk assessment, cybersecurity programs, governance and disclosure. Melissa references a number of sources of information in the whitepaper, including:
- Cybersecurity in the Golden State : How California Businesses Can Protect Against and Respond to Malware, Data Breaches and Other Cyberincidents, issued by the California Department of Justice in February 2014. This document describes how small investments in cybersecurity preparedness can yield significant risk reductions.
- Framework for Improving Critical Infrastructure Cybersecurity, issued by the National Institute of Standards and Technology (NIST), February 12, 2014. This Framework enables organizations of any size to apply the principles and best practices of risk management to improve the security and resilience of critical infrastructure.
- Mass. Regs. Code tit. 201 § 17.03(1), the Massachusetts data security regulation. Massachusetts is the first and only state to require covered organizations to adopt a comprehensive written information security program (WISP) incorporating specific security measures.
CFIT is now partnering with Financial Executives Research Foundation (FERF) and Grant Thornton LLP on a new research project on cybersecurity.
This research project will provide best practices for CFOs on cybersecurity risk management strategy by focusing on the role the CFO plays in mitigating cybersecurity risks to their organization. Traditionally the CFO has not been deeply involved with information technology aspects of an organization, but increasingly the CFO is becoming the point person interfacing with the board of directors and management on cybersecurity issues. CFOs now find themselves in a position where in order to successfully mitigate cybersecurity risk, they need to be the strategist that aligns the cybersecurity efforts of multiple, and often siloed, business units across an organization to develop a comprehensive strategy to manage cybersecurity risk.
The first phase of this project is a survey. This brief 12 question survey asks for your concerns about cybersecurity threats, and what your company is doing to address them. The survey should only take about 10 minutes to complete. All information will be completely anonymous and will be reported in aggregate form only. The first question of the survey asks you if you would be willing to be interviewed (again, anonymously), to provide more details about your cybersecurity initiatives.
To thank you for your participation, respondents who provide their email address will be automatically entered to win a $250 Amazon gift certificate or a donation in their name to the charitable organization of their choosing.
COMPLETE THE SURVEY NOW