The responsibility of cybersecurity has long been thought to belong to the IT professionals. In recent years, some companies have placed a high enough importance on securing the data and systems to justify appointing a CISO (Chief Information Security Officer). But for many companies, particularly SMBs, the CIO is still the one expected to ensure that the company is safe and sound. While the buck may stop at the CIO, the truth is that cybercrime cannot be thwarted by technology alone. Ultimately, it takes a culture of cyber-aware professionals from all departments to prevent cybercriminals from gaining a foothold.
How Can We Get Their Buy-In for Cybersecurity Initiatives?
How can a CIO convince non-IT business leaders to join forces in cybersecurity initiatives? The key is to reframe the conversation into one of business value creation rather than simply risk avoidance. My colleague and fellow Acceleration Economy Analyst, Chris Hughes articulates this viewpoint very nicely in his recent article, Creating Business Value Through Cybersecurity.
I’ve seen this concept first-hand in the midmarket manufacturing company where I am CIO. When it came time for the private equity owners to sell the company to a new investment group, there were a number of factors that made the company desirable. Obviously, profit and earnings played a large role, but as potential investors began the process of due diligence, they looked for assurances that the company showed strong resilience to cybercrime threats. A company with a strong cybersecurity program, which has demonstrated a consistent effort to stay ahead of cybercrime, makes a much more attractive addition to an investment portfolio than similar companies that may be less mature in their cyber initiatives.
Engaging with Accounting and Finance
Once the value to the business can be quantified, then it is an easy conversation to bring the CFO into the picture. That will help fund the necessary costs for technology but can go beyond that into active engagement by the finance and accounting professionals. Finance and Accounting are often targeted by cyber-criminals since they are the ones most likely to have access to the money. Such processes as Accounts Payable and Payroll are common avenues of criminal activity. The potential payoff is huge, whether from directly stealing through fraud or by locking up the assets through ransomware. In fact, a recent study by IBM found that in 2021, the average cost of a data breach was $4.24 million, and the most common attack vector was compromised credentials, accounting for 20% of the breaches.
This information is resonating with Accounting and Finance leaders. According to a survey by Protiviti, 84% of CFOs and VPs of Finance now prioritize cybersecurity as a critical part of their job function. CIOs should take this opportunity to help empower the Finance and Accounting teams to play a part in defending against the threat of cybercrime. One of the best ways to do this is education specific to their individual roles. While general cybersecurity training such as how to spot phishing emails is certainly helpful, we can also drill down deeper into methods of attack used by cybercriminals that are specifically targeted at Accounting and Finance professionals.
One great way to ensure these skills are adequately learned is through a certificate course offered by the Association of International Certified Professional Accountants (AICPA), called Cybersecurity Fundamentals for Finance and Accounting Professionals Certificate. According to the website, it will “help [them] gain an understanding of the importance and impact of cybersecurity risks on [their] organization… including an introduction to AICPA’s cybersecurity risk management reporting framework.” Not only will this help them acquire these skills, but they can also advance their career and earn CPE credit.
Final Thoughts
We CIOs need all the help we can get in helping keep our companies safe from cybercrime and also demonstrating that we play an important role in building value, not just managing a cost center. Partnering with the CFO and the Accounting and Finance teams is a great way to accomplish both.