March 20, 2023 By Michelle Greenlee 3 min read

Consumers are becoming more aware of the data companies collect about them, and place high importance on data security and privacy. Though consumers aren’t aware of every data breach, they are justifiably concerned about what happens to the data companies collect.

A recent study of consumer views on data privacy and security revealed consumers are more careful about sharing data. The majority of respondents (87%) say they wouldn’t do business with companies that appear to have weak security. Study participants also rated trustworthiness across multiple industries. Healthcare and financial services ranked higher than other industries, yet none scored especially high. Properly securing this sensitive data makes good business sense. That’s where an organization’s finance department can step in to help secure data and build trust.

The link between finance and cybersecurity

A company’s finance department holds the company’s crown jewels: They ensure financial transactions and systems are secure. The finance department is a key component of a company’s overall security.

Even though the finance department isn’t focused exclusively on cybersecurity, they secure vital operations on a daily basis. These teams are very familiar with financial regulatory reporting and compliance. Digital transactions make up the bulk of most business transactions, and each one must be secure. The nature of modern business requires this department to work in tandem with IT and security operations to ensure regulatory compliance. Data privacy and protection regulations are varied, especially for businesses with international operations. The complexity of regulatory compliance grows with each new regulation.

Finance is essential to the risk assessment and business continuity planning process. The finance department is familiar with all company financial assets and how they’re organized. They can be helpful in assessing risk to these assets. The finance department understands risk, especially third-party risk and how a partner of a partner becomes a risk. Finance is able to quantify potential risks, such as reputational or economic damages, across a variety of scenarios. They understand that they, too, can become a risk without appropriate training and procedures.

Finance departments make appealing targets

The finance department is a regular target for cyber criminals. As a result, this department must remain vigilant on all fronts since attacks can come in many forms. Social engineering and phishing are particularly popular cyberattacks since business email compromise through this department can yield banking details or direct currency transfers. Phishing emails commonly use the lure of an unpaid invoice or similar approach to garner clicks on their malicious links.

The Society for Worldwide Interbank Financial Telecommunications (SWIFT) wire transfer system was manipulated to steal $81 million from an account at the New York Federal Reserve Bank in 2016. A small town municipality in Washington lost $50,000 when an employee transferred funds to a scammer in response to a series of spoofed emails which appeared to come from the department supervisor.

These risks present real challenges to finance departments, whose main focus is not cybersecurity, to begin with. But these departments do not need to become cybersecurity experts themselves to work with the CIO to help establish and champion a culture of risk awareness throughout the entire organization. The department’s mix of experience as a target and defender gives them a unique perspective on the value of security awareness training and how well it prepares current employees for potential threats. The finance department can offer valuable feedback on the current approach.

Risk management builds trust

As part of a risk management team, finance department leadership brings expert risk assessment skills to ask the right questions during planning. Cyber incident first response teams should include a knowledgeable leader from the finance department to analyze the potential financial impact of an attack. It’s important to include this person as a primary contact in official incident response policy and planning documentation. The designated finance contact should also participate in cyber incident response drills or simulations whenever possible.

Consumer perception of a company’s data privacy and security protection measures influences their purchasing decisions. The finance department helps protect customer and company data, lessening the likelihood of compromise. By securing financial transactions and systems, these departments contribute to the overall operational security of the company. Finance brings deep knowledge of regulatory compliance that can help the company navigate domestic and international privacy and security regulations that govern how data is used, stored and transmitted. Overall, keeping finance departments in the cybersecurity loop helps organizations reduce their risk and quickly respond to threats.

More from Risk Management

How will the Merck settlement affect the insurance industry?

3 min read - A major shift in how cyber insurance works started with an attack on the pharmaceutical giant Merck. Or did it start somewhere else?In June 2017, the NotPetya incident hit some 40,000 Merck computers, destroying data and forcing a months-long recovery process. The attack affected thousands of multinational companies, including Mondelēz and Maersk. In total, the malware caused roughly $10 billion in damage.NotPetya malware exploited two Windows vulnerabilities: EternalBlue, a digital skeleton key leaked from the NSA, and Mimikatz, an exploit…

ICS CERT predictions for 2024: What you need to know

4 min read - As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights…

How I got started: Ransomware negotiator

4 min read - Specialized roles in cybersecurity are proliferating, which isn’t surprising given the evolving threat landscape and the devastating impact of ransomware on many businesses.Among these roles, ransomware negotiators are becoming more and more crucial. These negotiators operate on the front lines of cyber defense, engaging directly with cyber criminals to mitigate the impact of ransomware attacks on organizations.Ransomware negotiators possess a unique blend of technical expertise, psychological insight and negotiation skills that allow them to navigate the high-stakes environment of ransomware…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today