How to Communicate the Value of Security Management to the Board
Effective security management requires help from finance departments.
Before the threat of a cyberattack became a top concern for business leaders and board members alike, finance played a limited role in security management. Today, finance leaders increasingly find themselves part of the team responsible for developing and implementing their employers cybersecurity strategy. So why the change? Why do finance leaders now play such an important role in protecting organizations from the never-ending, and increasingly damaging stream of cyberattacks?
The reason is quite simple to appreciate, especially for those who have watched the finance department evolve from its role of corporate check-signer, to a critical department with a permanent position in the C-suite. By virtue of its role as corporate accountant, the finance department is often the only area within the organization that possesses a detailed view of the firm's entire operations, warts and all. Therefore, since cybercriminals look for security gaps across the enterprise, finance's detailed knowledge of the organization's inherent strengths and weaknesses can help ensure the deployment of an effective cybersecurity program.
Educating the Boardroom on Security Management
This overarching view of the organization's operations is just one reason why finance leaders continue to play a bigger role in stopping cyberattacks. Cybersecurity is complex topic with the potential to overwhelm board members, especially those with limited technical knowledge and experience. Since finance leaders distill and present complex financial data to the board on a regular basis, they often know how to deliver information in a way that builds trust and triggers action. When discussing cybersecurity-related topics, they can leverage their existing relationships with each board member, anticipate the types of objections individual directors might raise and consequently, present an insightful, detailed and compelling case to justify the investment in cybertechnology.
Further, given that finance leaders know where a firm's critical assets reside within the corporate network, they can provide context for requests to invest in cybersecurity technology. Using layman's terms, they can describe what a proposed technology investment will accomplish that the existing software and hardware is unable to do. They can explain to board members in specific terms why it's important to invest in a next-generation firewall, for example, and how that software protects the firm's critical assets.
Providing such context can make the difference between the board accepting or rejecting a request for an investment in technology. Without context, a CIO's request for a more advanced firewall might fall on deaf ears if the board fails to understand the "why" driving the purchase decision. Finance leaders can also function in their traditional role by explaining the impact of any cybersecurity-related purchases on the organization's existing budget and projected financial statements.
A New Era Creates a New Role for Finance Leaders
The rush to automate business transactions means that technology will play an increasingly larger role in how businesses operate as a whole. Unfortunately, the more technology that businesses embed within their operations, the greater the threat posed by cybercriminals. Finance leaders excel at the basic elements of their role, yet today, they must also help bridge the gap between the board and the IT department. In extreme examples, the ability of an organization to withstand a cyberattack and remain in business depends on it.