Cyber-theft of sensitive data continues to boom and affected organizations are scrambling to deal with the consequences. Wendy’s, Verizon Enterprise Solutions, UC Berkeley and even the IRS all fell victim to breaches that exposed personal records that were then sold on the dark web.
IBM’s Cost of Data Breach Study found the average consolidated total cost of a data breach in the United States is $6.5 million. This cost includes direct expenses, such as engaging forensic experts, outsourcing hotline support and providing free credit monitoring subscriptions and discounts for future products and services. It also includes indirect costs, such as internal investigations and communication, as well as the extrapolated value of lost business.
As CFOs, we are very aware of the financial damage a breach can inflict on an organization. We have to begin safeguarding our companies’ vital information as we do our companies’ physical assets such as cash and inventory. That is why we are playing a growing role in securing the enterprise’s data.
We can no longer rely solely on our CISOs and CIOs to report on our companies’ cybersecurity initiatives. It’s imperative that we educate ourselves on the cybersecurity risks and threats our companies face because the stakes are higher than ever. This is evident after reviewing the results of a recent Deloitte survey of CFOs at larger enterprises in North America. 97% of them acknowledged that cyberattacks were a major threat to their companies. However only 10% felt they were well prepared for cyber threats and 25% felt they were insufficiently prepared for a cyberattack.
One critical area we can become more involved with is our company’s cyber governance initiatives. Cyber governance, like internal controls in finance, ensures that the organization is appropriately following established standards, regulations and best practices.
Some initiatives to consider include:
The cybersecurity challenges we face every day compels us to expand our role into cyber governance. Applying our experience to help protect sensitive data will hopefully eliminate any large scale data breaches and the resulting financial and reputational damage.
Click here to learn more about implementing a cyber governance program.
Share
In July 2023, the U.S. Securities and Exchange Co...
The current regulatory compliance and cyber threat landscap...
by Jasmine Chennikara-Varghese For cyber awareness and thre...
Why the CFO Is Just as Responsible for Cybersecurity as the ...