Finance is one of the areas most vulnerable to computer attacks. The DAF needs to become familiar with new IT security issues and master the legal frameworks according to its business model. A task almost impossible. What will be the consequences for their decision-making power in terms of technology integration and facilitation of data usage across the enterprise?
Our interviews with CFOs of SMEs and large groups revealed four main ways to approach cybersecurity.
There are more than a million cyberattacks a day. Most of these attacks fail, and few have the devastating effects of Wannacry , the well-known ransomware that infected millions of computers in 150 countries last year. But smaller attacks can also have a significant impact on business infrastructure and, of course, high costs.
CFOs know they have an important role to play in this challenge: “Cybersecurity is a top priority,” says Jose Silva, CFO of investment bank Morgan Stanley. “It’s not enough to install a security update and leave it for 15 years. We must remain vigilant and evaluate our performance continuously. “
But the question remains: what is the special role of the DAF in this process?
The scientist: prioritizing protection needs
Most CFOs who participated in the study agree that a good understanding of data management is essential. A CFO wishing to play its role today must know how to filter critical and confidential data and set priorities for the protection of the company.
“The ability to really understand what can be done with data specialists and to think strategically about the use of big data in finance is very important,” says Philippe De Briey, DAF Europe’s multinational Monsanto biotechnologies.
As data breaches increase, CFOs must be proactive and work in partnership with IT experts. This constant exposure makes it increasingly important for CFOs to know each other in technology.
As Andrea Wesson, DAF of Eversholt Rail, explains: “I am personally responsible for ensuring that the cybersecurity and data security systems of our suppliers are well adapted. From the scientist’s point of view , the DAF should be familiar with computer security issues, ideally within multiple legal systems.
The engineer: ensuring the respect of the procedures
This is only part of the DAF’s role in data protection. In general, the biggest risk lies not in the computer system itself, but in the employees who use it. “Regardless of the number of firewalls and passwords, the unsuitable behavior of any member of the group can jeopardize everything we try to protect with these tools,” says Thiago Oliveira, DAF of the company. estate agency JHSF.
In a typical engineering approach , Oliveira can not overemphasize the importance of fluid, fully operational employee systems; “Compliance by staff with system-related procedures is essential to protect information and reduce the risk of cyber attacks. “
The coach: teaching vigilance
As a coach , training staff on the risks of cyberattacks and prevention measures is now one of the priorities of each CFO.
“We need to educate our employees to be vigilant,” says Bob Braasch, DAF of Marathon Capital Investment Bank, “because the threats that could harm us will begin with someone inadvertently sending a virus in a document which would allow the virus to access our system. Everything really starts with education at the individual level. “
The pilot: find strategies to protect privacy
More and more organizations are monitoring the use of data by their employees to enhance cybersecurity, but this monitoring comes at a cost, not just a financial cost.
“I think for most companies the biggest challenge is to respect privacy while every employee is constantly monitored. I wake up each morning asking myself this question, “says Oliveira.
An adequate solution must be found without necessarily going into operational details. This is a delicate but necessary balance: “It’s easy for an employee to send an email containing the payroll figures of our company,” says Eugene Low, CFO of Mercer Consulting, “but have confidence in my IT team, my legal team, they know what they are doing. And from what I see, the situation is under control. I can not go into details. As DAF, you have to choose your fights. “
Some believe that the cybersecurity challenge will ultimately become too big for the financial team. As David List, CFO of Conotoxia, an online remittance company, observes, “I would not be surprised if in the future a new role emerges at the executive board level. Sooner or later we will see cybersecurity officers on the boards.