Rise of the ‘cybercountants’
12 April 2018
As part of the 2017 cyber security month, BDO released a report (https://bit.ly/2kiZ8tA) indicating that chief finance officers are now also cyber security custodians. The report identifies several key levels of finance executives’ strategic engagement with cyber security.
Cyber security compliance oversight engages the chief compliance officer, who is usually located in the finance department. In mid-market companies where roles are combined, it may be the finance manager who finds cyber compliance within his or her remit.
Cyber incidents cause reputation damage which affects valuation, jeopardising a company’s position in merger and acquisition negotiations. Finance managers engaged in deal making leverage their cyber security knowledge to estimate the value of an organisation’s cyber defences, as well as the impact of a breach on overall valuation.
Cyber supply chain risks require a coordinated effort to address because they touch sourcing, vendor management, supply chain continuity and quality, transportation security and many other functions – all of which intersect inside the finance department.
Risk managers manage the risk to the organisation, its employees, clients, reputation, assets and the interests of stakeholders. Cyber risk has made its way to the desk of the corporate treasurer who becomes a key factor in an effective and holistic cyber risk defence programme, evaluating cyber risk exposure and ensuring adequate cyber insurance coverage for non-remediated risks.
Gregory Garrett, head of international cyber security, BDO, comments: “…organisations are facing ever more stringent cyber security regulations – it is not surprising that many of them feel overwhelmed. The recruiting, staffing, training and retention of cyber security talent is a significant challenge for nearly all companies – and the global shortage of experienced cyber security professionals is expected to increase over the next three to five years. It is vital that finance, risk and compliance management professionals in public and private organisations – in particular [small- to medium-size enterprises] step up and take ownership of the growing financial responsibilities in cyber security”.
Cyber security month
The European Union’s cyber security annual awareness campaign takes place in October. Its aim is to raise awareness of cyber security threats, promote cyber security among citizens and organisations, and provide resources to protect themselves online, through education and sharing of good practices (https://cybersecuritymonth.eu/). Events in the UK for 2018 are being planned (see https://bit.ly/2EDlvij).