Finance leaders can play an important role in cybersecurity by quantifying risks and helping their organizations better understand the threats from cyberattacks. Finance leaders not only have a high level of internal and external visibility, but can also support security investments and influence every department of their organization from IT to HR.
How Finance Leaders Can Manage Cybersecurity
According to Ponemon Institute a typical cybercrime incident costs a U.S. business an average of $17.36 million. While organizations are looking more to initiatives to thwart such attacks, one of the first steps to creating effective security measures is identifying risk, its probability and quantifying its impact on the organizations.
Deloitte notes that many sophisticated approaches to managing risk in the financial industry could be applied to cyber risk management. The financial services industry is already accustomed to adopting complex and complicated computer system architectures. The financial services industry has been using sophisticated quantitative modeling for the past three decades to achieve accurate quantifications of risk, Deloitte reports.
Value-at-Risk Models Could Help Quantify Risks
According to Deloitte, the Partnering for Cyber Resilience initiative has framed a value-at-risk (VaR) model, which is widely used in the financial services industry, and believe it has the potential to serve as an effective cyber risk measurement tool for decision-makers. Often used for information security, VaR models offer a foundation for quantifying information risk and provide structure in the quantification process. This modeling measures the amount of the potential loss, the probability of the loss and the time frame in which it could happen.
A VaR model for cyber risk can help put the risk in financial terms and enable business executives to make cost-effective decisions that achieve a balance between protecting the organization and running the business. Organizations can consider things like the frequency of attacks, security trends and how particular attacks could penetrate their systems and quantify the potential impacts. A business can embed a cyber VaR across its risk management framework to reinforce its cybersecurity program with continuous engagement and support from senior management.
Partnering With HR and IT
Within an organization, finance leaders can play a strong role in cyber risk management because many are already familiar with modeling strategies like VaR. Deloitte reports that 97 percent of finance leaders believe cyber attacks are a significant threat to their organizations, but only 10 percent are well prepared for such an attack.
Finance leaders can take a stronger role by tracking the information that leaves the organization, where it's going, who's accessing it and what software is being used. Grant Thornton notes that finance leaders can work with HR as a change management partner, communicating to the organization in partnership with IT. Financial leadership can also encourage HR to approve and enact data protection policies, help find where employee security practices may be lacking and enact more effective training and education.
Taking the Lead and Setting the Tone
Because many finance leaders are already engaged in security to some extent, most can already understand cyber threats, identify vulnerabilities and help guide how to close them. Finance leaders can serve as stewards of security awareness and educate board members on the importance of protecting sensitive and confidential information. According to Grant Thornton, they can also directly bolster security by advocating for investments that promote security, reduce risk and foster long-term growth.
Financial executives can set a tone of awareness and responsibility throughout their organization and can delegate, approve and oversee security. Grant Thornton notes that a finance leader can help take the lead on driving security initiatives by setting up a team or task force that includes members from finance, IT and legal departments. The finance leader can then optimize cybersecurity by establishing goals, identifying risks and understanding what resources are being applied across the organization.
As organizations face the rapidly-growing threat of cyber attacks, they can help reduce risk by fostering collaborative relationships. With security experience, risk analysis and the ability to affect chance, finance leaders can lead the charge to more cyber resiliency.
SIGN UP FOR THE BOOST NEWSLETTER