A new report by Deloitte shows how important cybersecurity risks really are at the board room level, as the nation's top financial executives expressed their concerns about how security risks could impact their companies' bottom lines. In its CFO Signals 2015 Q2 survey report, Deloitte found that CFOs consider cyberattacks one of the most threatening crises to potentially impact their enterprise financial health.
Deloitte surveyed 100 CFOs at large North American firms for this poll and found that 97 percent of them considered cyberattacks to be a major threat to their companies. Among those executives, only 10 percent believed their firms to be well-prepared for the threat. And one in four reported they were insufficiently prepared for cyberattacks.
The findings reinvigorate the thought that the CFO has the imperative to lead multidisciplinary partnerships to move the needle for IT security at large organizations today.
"CFOs should establish a formal task force to help implement the strategic objectives of the organization’s cybersecurity mission by reaching out and identifying the vulnerabilities in the data supply chain within their organization," says Kevin Morgan, principal in Grant Thornton's Business Advisory Services practice, in a recent report by the firm on CFO involvement in security. "Who is involved depends on the size and vulnerability of the organization."
Grant Thornton reported that for 38 percent of organizations, the security buck ultimately stops with the CFO. That's proportionally more CFOs ultimately in charge of security than even CIOs, 38 percent of whom reported they were the main person tasked with security. Meanwhile, just 7 percent of CISOs reported ultimate responsibility.
According to Steve Durbin, director of the Information Security Forum, while the CFO hasn't been seen as a key player in the security team in the past, but their role as the shepherd of critical investment and long-term business growth makes them obvious cybersecurity caretakers.
"Given the risks that cybersecurity threats pose in a technology-driven, global economy, today's CFO must focus on cybersecurity and ensure that adequate steps are taken to preserve and protect the company's reputation, stock price and most valuable information," he wrote earlier this year.
One of the biggest ways that will happen is by working to come to a greater understanding of the organization's entire cyber "risk universe," according to Grant Thornton. The firm's report showed that 46 percent of executives believe that a lack of understanding of risks and impacts is the biggest impediment to developing an enterprise-wide cybersecurity strategy.