Risk-Averse CFOs A Natural Fit For Cybersecurity


The roles of corporate treasurers, chief financial officers and money managers are hustling to keep up with changing times. That means CFOs have a lot more on their plate than they once did.

Risk mitigation is a significant source of this growing priority list. A recent survey of CFOs and corporate finance executives released by Grant Thornton said uncertainty of the U.S. economy is one of the largest worries among this group of professionals.

But the research also uncovered how these professionals are tasked with diversifying their responsibilities. Security, for instance, also topped the list, with about half of CFOs surveyed citing cyberthreats as a chief concern.

It’s all about avoiding factors — like an economy in flux or cyberthieves — that expose a corporation to risk. Indeed, Grant Thornton found that up to 80 percent of CFOs describe themselves as “averse” to riskier growth strategies.

So, how is it that corporate treasurers are now finding themselves in a position to protect their corporations from cyberrisks?

According to new research from the American Institute of Certified Public Accountants (AICPA), more than 95 percent of Chartered Global Management Accountants (CGMA) surveyed said their businesses are worried about database breaches, phishing scams and other types of security failures. Further, 72 percent stated that their corporations have turned to the finance function to help mitigate these risks.

At first glance, it may seem that a CFO is an unlikely line of defense against something as technical as cybersecurity. But, says AICPA Vice President of CGMA External Relations Ash Noah, CFOs can actually be in a prime position to mitigate cyberrisk.

“The finance function has a unique view into the complexities of the business, as well as an in-depth understanding of the industry, markets and risk climate, yielding important insights for a company’s strategic direction,” Noah said in a statement last month when the AICPA released its findings. “As the finance function continues to evolve to become more business-centric, it’s critical for finance executives, from the CFO down, to play a driving role in preparing for and addressing potential cyberrisks for the long-term growth of the company.”

Responding To A Growing Threat

According to the AICPA, nearly one-third of respondents said their company was a victim of a cyberattack in the last two years — a 7 percent increase from 2014. More than one-fifth said these attacks are worse than what is portrayed in the media and news reports.

In an interview with PYMNTS, Noah said that corporations have been gradually placing more attention and resources in the area of cybersecurity over the last four or five years. But it was the infamous Target data breach that really got CFOs acting.

As corporations impose stricter policies with their suppliers and obtain insurance, financial professionals are recognizing their position of strategy.

“Although it is a technical area and you need IT systems knowledge and IT expertise, what you need is a CFO or a finance team understanding the different implications of sets of data across the organization,” Noah explained. “You need an organizational view, rather than a functional view, of a piece of data as it moves around the organization, so finance is in a position where they can actually bring that view.”

[bctt tweet=”‘CFOs are becoming more engaged in risk management within a business.'”]

He added that this is a natural progression of the evolving role of the CFO. “CFOs are becoming more engaged and more involved in risk management within a business, and risk management is a process of understanding and applying organization-wide policies and procedures to manage financial risks,” Noah said. “But, more and more, CFOs are becoming involved in managing the nonfinancial risk.”

Those nonfinancial risks, as separate research has also found, include cyberthreats.

But Noah pointed out that financial managers aren’t going solo to combat this issue.

“Naturally, CFOs are the ones that the business turns to, because they have the disciplines, rigor and systems knowledge. And when you partner with IT, then you’re able to really let an organization become more secure from a cyber point of view,” he explained.

While a CFO may be including cyberthreats under his or her growing list of priorities, partnering with chief information officers and IT functions is what makes a CFO effective against cybercrime, Noah added.

This collaborative approach to fighting cybercrime is essential to understanding not only how the CFO’s role within a company is changing but what exactly this function can provide in the process.

“We, as CFOs, don’t want to claim we’re the tech experts,” Noah said. “But what they’re bringing to the table is expertise in being able to manage the risk and identify it, look at a company’s process flows and systems flows, and put in a process which detects and evaluates risk then mitigates it.”

[bctt tweet=”‘Risk detection, risk evaluation, risk mitigation is what finance brings to the table.'”]

“This whole risk detection, risk evaluation, risk mitigation is what finance brings to the table,” he continued. “When you layer on top of that the technology expertise, that’s what makes the combination really powerful in defending against cybercrime.”