Page 59 - Cyber Warnings
P. 59
The Evolving Role of Today s CFO to
Chief Protection Officer
By Drew Del Matto, CFO at Fortinet
No one expected the torrential flooding of Louisiana in August of this year. Some homeowners
scrambled to gather what belongings they could and escape, while others were confident that
the flood wouldn’t affect their neighborhood and did nothing. Many of the latter then had to be
rescued by understaffed emergency crews, whose agencies also failed to estimate the size of
the disaster. If everyone could have foreseen the level of severity and planned accordingly,
some of the $8 to 10 million in damage could have been mitigated and an entire region’s
citizenry could have been kept safer.
Of course, it’s not always possible to anticipate how severe a weather emergency will be, but
proper planning can go a long way toward lessening its effects. The same reality can apply to
an organization that experiences a security breach. CFOs and Board members are always
keeping an eye on costs and are focused on proper budgeting and spending to meet bottom-
line targets. However, if a meaningful security breach happens, expense control can go out the
window as companies desperately try to beef up previously lacking security defenses. Even
worse, the brand is affected and top-line sales are lost.
Though the price of keeping organizations secure continues to rise, budget allocation for
security simply hasn’t kept up. The typical company only spends between one and five percent
of revenue on IT security, which seems small when compared to the risk of lost sales and
productivity, as well as brand damage associated with a breach.
Consider the cautionary tale of the catastrophic data breach of a national retail chain that is now
common knowledge. Following disclosure of their security breach, the company’s sales
declined, causing the company to miss their Q4 guidance. Customers were terrified about their
financial privacy, the company’s stock fell and the CEO was fired as a result. There have been
many since, from medical and government organizations to all types of global businesses. Each
time, valuable information is lost, and sometimes C-level leaders lose their jobs or face tough
scrutiny.
Surprisingly, most organizations today continue to operate in reactive mode. We need to step
away from merely managing breaches and start working to develop a culture of security, moving
out of reactive and into proactive mode. Culture starts at the top – the C-suite must set the
standard for governing the organization’s cybersecurity posture.
In fact, circumstances have changed to such a degree that one could argue the role of the CFO
has transformed and could very well be called the CPO – Chief Protection Officer. If you think
about it, cybersecurity potentially puts a company’s finances and value at risk, challenges
compliance and regulations strategies, and increases the need for mature strategies to
safeguard a company’s data and overall security. As a strategic business and risk management
59 Cyber Warnings E-Magazine October 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
