Recent cases of high-profile cyber attacks on commercial firms have demonstrated the resourcefulness and persistence of cyber criminals. Even while cybersecurity is now a matter of concern for every company, financial services remains the industry most susceptible to malicious email traffickers, as consumers are seven times more likely to be the victim of an attack originating from a spoofed email with a bank brand versus one from any other industry. Nearly 95% of all cyber attacks were carried out via email messages, despite common knowledge of data hygiene such as verifying and evaluating sources of information.
A Deloitte report noted that US financial services companies lost on average $23.6 million from cybersecurity breaches in 2013 – the highest average loss across all industries. To underscore the rapid rise in cyber threats, this number is 43.9% higher than in 2012, when the industry was ranked third, after the defense and utilities & energy industries. Financial services companies remain among the most vulnerable to cyber attacks, as the industry typically tops the list of industries that cyber criminals most targeted.
Cybersecurity is now one of the topics on everyone’s list – from the most senior managers and boards of directors, all the way down to line managers. Cybersecurity is not a topic or an issue just for the IT staff or the CIO to address; it is a risk that is not exclusive in who, what, or where it targets. With so much at stake, it is not surprising that conversations around cybersecurity and solutions are taking place increasingly in boardrooms among the C-suites, as it becomes more important than ever to ensure that the right protection is in place at all levels of engagement with data.
The question then is, what can companies – in particular CFOs – do to stay ahead in cybersecurity?
Staying on top of threats
Most organizations lack an end-to-end view of their infrastructure, which means that email can leak and privileged information can inadvertently be disclosed. Without adequate and advanced protection, all it takes for hackers is a single point of entry, via someone’s email, to gain access to all the information stored by a corporation.
The financial sector is vulnerable to a broad spectrum of cybersecurity threats that are increasingly complex and challenging to identify and navigate. Cybersecurity experts have already developed sophisticated tools and systems that support rapid protection that can be applied to the entire network all at once or in a more targeted way. For instance, the latest technology in cybersecurity is able to offer segmented protection to networks by building agile firewalls around departments or authorized users.
While CFOs may not be entirely familiar with the specific technology around cybersecurity solutions, they can still be deeply involved in the company’s cybersecurity strategy and implementation. CFOs can play a significant role in steering the company forward in these troubled waters. Here are some tips they can look into:
- Understand the company’s risk universe and educate people. It is essential that the board receive training on cybersecurity trends and threats, and/or nominate a cybersecurity subject matter expert to advise the board. Given the high stakes, even though corporate directors are concerned about cybersecurity, they are often not equipped with the right knowledge to inform their decision making. Education and training can and should become one of the CFO’s key cybersecurity roles, where CFOs can make sure board members understand the risks of cyber attacks on sensitive and confidential information.
- Setting up a cybersecurity task force. CFOs can take the lead to establish a formal task force to help implement the strategic objectives of the organization’s cybersecurity mission by reaching out and identifying the vulnerabilities in the data supply chain within their organization. The task force should include, at a minimum, IT, legal, and finance.
- Develop a robust cybersecurity risk-management strategy. To fine-tune the strategy, CFOs should consider questions such as: What has the organization invested in most heavily? Is the level of protection appropriate to that area’s strategic importance? In most cases, this area of investment is the organization’s intellectual property, and loss of this information would be severely detrimental to the organization. CFOs can optimize cybersecurity risk management in the following ways.
First, CFOs can get started by understanding what cybersecurity resources are being applied across the company, and what risks are being addressed with these investments. Second, make sure the goals are clearly defined. What do you expect of the people running cybersecurity? Finally, drive awareness of cybersecurity enterprise-wide. For example, make sure individual people across the organization understand what a phishing attack could look like, and educate them on what is considered to be sensitive information.
For more on this topic, see 7 Questions CFOs Should Ask Themselves About Cybersecurity.