Light Dark
April 8, 2015 By Christopher Burgess 2 min read
Banking & Finance
CISO
Data Protection
Fraud Protection
Incident Response

If there was ever a question as to the symbiotic nature of the relationships between the chief financial officer (CFO), chief information officer (CIO) and chief information security officer (CISO), the current data security calamities of 2015 have served to remove any doubts.

The IBM X-Force Interactive Security Incidents visualization of the 53 noteworthy incidents between Jan. 1 and March 30 highlights the cost of such incidents and how they can and do have a deleterious effect on a company’s bottom line. The visualization shows the magnitude of these incidents through the millions of dollars lost. While the information security responsibilities, including incident response, undoubtedly fall within the purview of the CIO and CISO, the company’s bottom line is the direct responsibility of the CFO and the rest of the C-suite.

The aphorism, “The Golden Rule: He who has the gold makes the rules,” applies to the CFO and the resources available to the CIO and CISO to maintain the necessary level of data security required to keep the company’s assets safe and secure. As such, control over the purse strings of the company ensures CFOs have a significant role in the company’s cybersecurity.

The CFO’s Data

The CFO’s office handles some of the company’s most sensitive data on a daily basis. The CFO, working in tandem with the CIO and CISO, must ensure the information is adequately protected as the company’s financial data traverses the company’s network. Similarly, the company’s sales pipeline must accept and process business if revenue generation is to be continued. Again, the CIO and CISO must ensure the availability and accessibility of the revenue portals. It stands to reason that the CFO’s office will also wish to ensure appropriate resources have been availed to the CIO and CISO to make sure that in the event of a data breach, the appropriate incident response has been created, either internally or via a third party.

If you need convincing that the CFO’s office is being directly targeted, refer to the FBI’s January 2015 alert to businesses concerning the sophisticated targeting of businesses via email scams that target the CFO and others in the C-suite. The criminals either spoof or hack the legitimate email of the CFO and request the transfer of company assets to a third party.

The CFO and the Board

The CFO is responsible for reporting to the board about the level of risk being monitored and managed, including the company’s exposure and compliance to its data security regime. The Financial Industry Regulatory Authority provides guidance on cybersecurity practices for the financial industry, which are also appropriate for most other industries. This guidance includes the following:

  • Defining a governance framework to support decision-making based on risk appetite;
  • Ensuring active senior management and board-level engagement with cybersecurity issues, when appropriate;
  • Identifying frameworks and standards to address cybersecurity;
  • Using metrics and thresholds to inform governance processes;
  • Dedicating resources to achieve the desired risk posture;
  • Performing cybersecurity risk assessments.

The roles of the CIO and CISO are obvious, yet all must use the available resources in an effective and timely manner within the constraints of the company’s risk appetite.

View the infographic: Insights from the 2014 CISO Assessment

 |  |  |  |  | 
Christopher Burgess
CEO at Prevendra

More from Banking & Finance
December 19, 2024

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

November 26, 2024

What’s up India? PixPirate is back and spreading via WhatsApp

8 min read - This blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this content. PixPirate malware consists of two components: a downloader application and a droppee application, and both are custom-made and operated by the same fraudster group. Although the traditional role of a downloader is to install the droppee on the victim device, with PixPirate, the downloader also…

November 7, 2024

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature