A cyber risk worth millions of dollars is ignored by executives, study shows
By Puja Sharma
As cyber security takes on more importance for a company—impacting operations, revenue and costs, reputation, and company value—so does the financial risk of cyberattacks. Judging by the survey results, CFOs are out of the loop when it comes to cyber planning. To engage, they need to participate at multiple levels, from tabletop exercises for simulated cyberattacks to close coordination with CISOs in advising and participating in audit and risk committees at the board level.
Cyber risks and their consequences are ever-evolving, and CFOs’ understanding of them must be as well. At a time when cyberattacks are rife and continue to cause millions of dollars in costs while shaving off company value, failing to become involved in cyber security would be a misstep by the CFO, one that needs to be rectified fast
Kroll, the provider of global risk and financial advisory solutions, in its report Cyber Risk and CFOs: Over-Confidence is Costly, found chief financial officers (CFOs) to be woefully in the dark regarding cyber security, despite confidence in their company’s ability to respond to an incident.
Greg Michaels, Global Head of Cyber Governance and Risk in the Cyber Risk practice at Kroll, said: “We often see that CFOs are not aware enough of the financial risk presented by cyber threats until they face an incident. At that point, it’s clear that they need to be involved not only in the recovery—including permitting access to emergency funds and procuring third-party suppliers—but also in the strategy and investment around cyber both pre- and post-incident. Ultimately, cyberattacks represent a financial risk to the business, and incidents can have a significant impact on value. It is, therefore, critical that this is included in wider business risk considerations. A CFO and CISO should work side-by-side, helping the business navigate the operational and financial risk of cyber.”
The report exposed three key themes among the 180 senior finance executives surveyed worldwide:
- Ignorance is bliss. 87% f CFOs are either very or extremely confident in their organization’s cyberattack response. This is at odds with the level of visibility CFOs have into cyber risk issues, given only four out of 10 surveyed have regular briefings with their cyber teams.
- Wide-ranging damages. Nearly three-quarters (71%) of the represented organizations suffered more than $5 million in financial losses stemming from cyber incidents in the previous 18 months, and 61% had suffered at least three significant cyber incidents in that time. 82% of the executives in the survey said their companies suffered a loss of 5% or more in their valuations following their largest cyber security incident in the previous 18 months.
- Increasing investment in cyber security. 45% of respondents plan to increase the percentage of their overall IT budget dedicated to information security by at least 10%.
David Ball, Managing Director in the Valuation Advisory Services practice at Kroll, said: “Cyber incidents have the potential to cause material damage or impairment to the assets of a company, particularly intangible assets, including intellectual property, customer relationships and brand. It is important for CFOs to understand the impact of cyber incidents on these assets and be in a position to assess and quantify the financial impact and potential risks to the company.”
IBSi FinTech Journal
- Most trusted FinTech journal since 1991
- Digital monthly issue
- 60+ pages of research, analysis, interviews, opinions, and rankings
- Global coverage