Deep Dive: How CFOs Can Take Proactive Approaches To Cybersecurity

Corporations are up against steep cybersecurity challenges, and chief financial officers (CFOs) have key roles to play in bringing their firms’ fraud-fighting capabilities to the next level. Cyberthreats have long confronted businesses, but the pandemic-related disruptions have created even more opportunities for criminals to act. 

This month’s Deep Dive examines the state of such fraud threats and explores how CFOs are taking more proactive roles in combating them. 

Data Breach Losses

Hackers are launching sophisticated attacks against organizations’ data stores, and the reality of staff members working from home during the COVID-19 pandemic means more companies than ever are storing their data on the cloud. Putting information on the cloud may allow employees to access it remotely, but it also means criminals could gain remote access.

Companies that are adopting new technologies to help operations run smoothly from home are also often dependent on third-party solution providers. Such businesses must ensure that they have robust methods for vetting these providers, however, or they could find themselves exposed to new risks. Any mistakes could be devastating, as third-party data breaches can cost companies as much as $7.5 million. Other types of data breaches result in average losses of $4 million. 

Pandemic-related challenges are only part of the puzzle. Fraud attempts were already on the rise before bad actors took the global crisis as a cue to put their efforts into overdrive. A 2019 survey of banks found that 60 percent said the number of fraud attacks made against them had risen, for example. 

Investing In Data Security

Some companies struggle to combat threats because they lack clear insights into the risks they face and the best practices for mitigating them. Another 2019 survey of board directors found that only 24 percent were “highly familiar” with their organizations’ data breach response plans, while 10 percent knew nothing about them. This could be shifting, however, as companies realize the importance of tight cybersecurity. 

A Q2 2019 global survey of 800 finance leaders found that 84 percent of CFOs and vice presidents of finance believed that data privacy and security should be the top priority. CFOs can play primary roles in helping their organizations budget and invest in tools, strategies and staff to help fend off cybercrime. 

Companies are actively trying to get ahead of threats by spending more on cybersecurity, according to a recent survey of companies across corporate and retail banking, consumer and financial services, financial utility, insurance and service provider sectors. The study reported that those companies had invested an average of 0.3 percent of their annual revenues into cybersecurity in 2019 — reflecting 10.1 percent of their total IT spending. These figures were upped to 0.5 percent of overall revenue and 10.9 percent of their IT expenses in 2020. 

Risk Assessment And Fraud Detection

Boosting defenses will often require investing more staff time on these initiatives. Companies that aim to safely collaborate with third-party providers can direct employees to develop strategies for carefully vetting vendors prior to onboarding them, for example, and can hire more personnel with the expertise for conducting these provider reviews. This approach could lead to businesses implementing new, more robust procedures for assessing the extent to which prospective new partners may introduce risks and evaluating whether the benefits those providers pose are worth it. 

Old-school, reactionary approaches to security hamper many organizations, which need new strategies. Companies have historically taken narrow, inflexible approaches to reducing risks, in which they analyzed attacks to determine how they were conducted and then created new rules and approaches to block those specific kinds of attacks from happening again. This post-event analysis remains useful, but it can only go so far. 

Firms that do not supplement this practice with other strategies can encounter threats from criminals who learn how to adjust their attacks just enough to avoid discovery. Businesses should also set up methods to proactively detect ongoing attacks and thwart new attempts that may not match up exactly with known fraud threats. 

ML And AP Platforms

Proactive approaches to recognize and foil threats could entail investing in machine learning (ML) tools. These intelligent technologies can help firms monitor their payment flows and pinpoint any that seem unusual and could indicate fraud. These tools can then send alerts to AP staff, prompting the investigation of suspicious activities. 

AP management platforms can also provide businesses with clear oversight into the statuses of invoices and payments, granting workers the most up-to-date data. The platforms can also be programmed to send alerts if certain behaviors occur, such as changes to suppliers’ payment details or receipt of unusually high-value invoices. Managers can then evaluate the situations to determine whether fraud is at play.

Businesses need to investigate whether certain payment updates are legitimate requests from vendors or if fraudsters have sent them. Criminals can pretend to be existing vendors and send messages to trick AP staff into changing details on file so that money will be sent into fraudulent accounts. Managers can also check to see whether unscrupulous employees have tweaked especially high invoices. Such bad actors may try to inflate the value of payment requests so they can skim extra off the top, meaning that firms must confirm that pricey invoices are genuine.

The cybersecurity and fraud risks facing companies during the pandemic are likely to become more sophisticated as bad actors seek to take advantage of this year’s disruptions. CFOs who invest now in the right strategies, personnel, ML tools and AP technologies can best protect their organizations and prepare for future threats.