The Roles CFOs and CMOs Need to Play in Cybersecurity Protection
There are a lot of players in the C-Suite these days, and chances are good they all have their own strategic priorities. The CFO wants to save money and deliver quality returns to investors. The CMO wants to churn data to find better and smarter ways to reach customers. The CIO wants to find ways to utilize new technology while keeping the company—and its customers—safe. And while all of those priorities are important, the silos and the “divide and conquer” mentality are no longer relevant in today’s digital landscape. In fact, I’d say there is one thing that should be the top priority for every executive—cyber security.
Turns out I’m not the only one thinking about this issue. In December, the Harvard Business Review outed CFOs for being, well—out of touch with cyber security in their companies. And AdAge recently shared similar views for those in the marketing sector. The 2018 Thales Data Threat Report showed that the IT department and the c-suite aren’t on the same page. Each has different cyber security priorities. It turns out, nearly 40 percent of IT professionals don’t even think the executive teams understand the full risk of a cyber-attack. IT decision makers estimate a breach could cost around $27 million while the c-suite estimate it to only be around $6 million—a huge disconnect. That’s bad for building trust among your employees—but it’s also huge missed opportunity for creating trust in your consumer base, as well.
Improving Your Company’s “Security IQ”
This concept of building a stronger “security IQ” is not new. In fact, it’s likely one of the reasons DevSecOps has become a huge asset in breaking down the silos—and overall lack of awareness—surrounding cyber security in companies today. Essentially, DevSecOps works security directly into your workflow processes to ensure it’s considered at every step of production and the customer journey. Even if your company is not ready for a fully structured DevSecOps program, CFO and CMO integration is still a great place to start.
Your company can do similar things simply by incorporating your CFO and CMO into your cybersecurity plans.
Granted, CFOs are more traditionally associated with massive spread sheets and spending approvals than with cybersecurity strategy. But given the huge financial risks associated with possible cyber security breaches, it makes an incredible amount of sense to involve them in cyber security discussions. I’m not just talking about getting their approval to purchase or implement new security measures. I’m talking about getting their help in determining the total cost damage when breaches occur and keeping those losses front and center in the C-Suite when cybersecurity solutions are being debated. After all, cyber security breaches don’t just impact immediate sales or lost files. They have invisible costs many people don’t see—cost to reputation, downed stock prices, attorney fees, OT paid during damage control, etc. Deloitte estimates that the impact of some breaches could be felt for years. CFOs need to be focused on the short-term impact as well as the long-term.
Being apprised of the cyber security policy is no longer enough. The CFO needs to report breaches and security risks to investors proactively and regularly. Several of the largest breaches in the last few years have gone unreported to stakeholders for months or companies have chosen to inform investors and customers with generic boilerplate information— negatively impacting brands. This is a huge opportunity for CFOs to change the game. By keeping investors informed on all potential risks and explaining what tactics are being taken to protect the company, CFOs can build trust—a huge commodity in the digital age. I know I would feel more comfortable investing with a company if they told me how they planned to handle breaches, wouldn’t you? In addition to notifying stakeholders, the CFOs that are actively involved in the cyber security process are developing ways to demonstrate aggressive risk management. Don’t just tell, but show as well—it will make a world of difference.
When it comes to CMOs, their role in cybersecurity is no less important. As customers continue to demand a 24/7 omnichannel experience—including access and sharing of data via the IoT—the chance for security breaches becomes greater than ever before. And though it can be tempting to focus on getting messages out quickly or incorporating new technology before another competitor does it first—I’d say the risk is rarely worth the damage. A data breach can cost you your customers’ trust and loyalty. That means not just immediate cost damage, but a loss of sales long-term and an unknown cost to the value of your company’s brand overall.
Today’s CMOs need to take time to know how their data is collected, where it is stored, and how it will be kept safe from outside intrusion. They need to work with IT to ensure their brand isn’t being scammed via fake email marketing campaigns or hijacked customer log-in screens. All these issues occur every single day in the digital transformation. CMOs can no longer bury their heads in the digital sand, adopting the fun parts of new technology, but rejecting the security responsibilities that come along with it.
As I mentioned, DevOps can be a huge help in creating the organizational structure to make security a top concern for every single employee in your company—from the C-Suite to the customer service center. In the meantime, don’t be shy. Pull your CMO and CFO into the security discussion. Yes, it’s likely a bit outside their comfort zone. But your customers will thank you in the long run.
This article was first published on Forbes.
Latest posts by Daniel Newman (see all)
- Survival Mode: Three Keys to Avoiding an Automation Bust - April 19, 2018
- Futurum Research Review: 2018 Cisco Collaboration Summit - April 18, 2018
- 3 Ways to Embrace Digitization to Improve Productivity - April 17, 2018