Technology Grant Thornton

CFOs Play a Critical Role in Establishing an Effective Cybersecurity Program

Sponsored by Grant Thornton

What can companies – especially their CFOs – do about cybersecurity?

According to a recent Washington Post article, Chinese Breach Data of 4 million Federal Workers, this is the second time in less than a year Chinese hackers have breached the Office of Personnel Management. Unfortunately, China is not the only country to have gained access to U.S. government data. Last year, Russia also managed to compromise the U.S. State Department email system.

As disturbing as these headlines are, the numbers pale in comparison to some of the largest private sector data breaches over the last decade. The following of which are all examples of breaches of 100 million records or more.

  • Court Ventures – 200 million records in 2013
  • Adobe – 152 million records in 2013
  • eBay – 145 million records in 2014
  • Heartland Payment Systems – 130 million records in 2008/2009
  • Target – 110 million records in 2013
  • TJX Retail Stores – 100 million records in 2007
Even with numbers this astonishing, they do not tell the entire story. The numbers that are sure to get financial executives’ attention, particularly CFOs, can be found in Ponemon Institute’s 2015 Cost of Data Breach Study: United States report. The 10th annual study found the average cost per lost or stolen record increased eight percent from $201 in 2014 to $217 in 2015. Additionally, the total average cost of a data breach paid by companies in 2015 was $6.5 million. That is a double digit increase (11 percent) from the $5.9 million in 2014 and $1 million more than the $5.4 million reported in 2013.

Data breaches are costly, damaging to brands and reputations, and happening at a staggering pace. The question is: What can companies – especially their CFOs – do about it? While cybersecurity traditionally has been handled by the CIO and IT function, the escalating risks have driven cybersecurity up the corporate ladder to the desk of the CFO. Financial Executives Research Foundation (FERF), in collaboration with Grant Thornton LLP, surveyed, and conducted in-depth interviews with, CFOs to identify their critical role in cybersecurity, and offer insights and recommendations for establishing as effective cybersecurity program.

Some report highlights include:

  • Respondents’ top cybersecurity concerns include protection of data – including customer data and intellectual property (IP) – from data breaches and compliance with data security laws;
  • Although the CFO is often responsible for cybersecurity, the organization’s IT department typically manages the day-to-day aspects of cybersecurity; and
  • The most common impediment to developing an enterprise-side cybersecurity strategy is a lack of understanding of cyber risks and potential impacts of a breach.
To learn how other financial executives are addressing cyber risks, download your copy of The CFO’s Role in Cybersecurity.