By Margaret Michaels, Manager, Brand Content & Storytelling IMA (Institute of Management Accountants)
It’s no secret – the role of CFOs is being transformed by the day. Changes imposed by digitalization were only accelerated during the COVID-19 pandemic and brought with them mandatory skillsets needed to chart the course for the finance and accounting function, and even entire organizations. With the emergence of cyber risk as a serious threat to business continuity, the demand for cybersecurity-savvy CFOs is on the rise. Truth is, digitalization has indeed catapulted and optimized the way we operate and do business but that same notion applies to financial criminals; they too have been presented with ample new opportunities to gain access to company data and the respective funds they hold.
The Middle East saw a 250% increase in cyberattacks in 2020, with phishing and ransomware incidents increasing in frequency. The financial sector was one of the most attacked areas, as well as the health sector, as per recent reports.
It’s no secret that we live in a dangerous world when it comes to cybersecurity. With most companies now storing and dealing with reams of digital data that is stored remotely, news such as this will give just about any CXO a new chapter of sleepless nights. And the financial impact of a data breach or cybercrime such as this is guaranteed to make most CFOs fear Armageddon. The raging pandemic has not made things any easier. With organizations forced to shift to a new way of working, almost overnight, the newly distributed workforce has become a focal point for malicious actors. Globally, the first half of 2020 saw an increase of approximately 35% in total attack volume compared to the second half of 2019 according to a recent Microsoft report.
Cybercrime – a digitalized form of financial crime that stands to be even more devastating to businesses the world over – has become a major business risk. Given their holistic organizational perspective, CFOs are ideally placed to understand the sophistication of hackers and how exploitable their own organizations can be; even more so than anyone else in the C-Suite. The evolving landscape of cybercrime is one of the most pressing problems CFOs face, but also the one where they have the greatest chance of saving the day. Accountants and finance professionals can, and should, play an active role in ensuring that their own businesses, as well as affairs of their clients, remain safe and sound. They are well placed within business to help in dealing with the issues of risk management as they know how to quantify the costs and comparative cost-effectiveness of different security measures. And, they typically possess required industry knowledge and understanding of the overarching strategy and end-to-end operation of the business(es) for which they work.
That’s why CFOs need to familiarize themselves with new IT security issues and master legal frameworks. They should be at the helm of these efforts, drawing on their risk management know-how and developing additional skills through continuing education. In order to do this, they need to be fully aware of the cyber-threat landscape and “mind the knowledge gap.” If today’s CFO wants to fulfil his or her role, they will need to filter critical and confidential data, and make the company’s protection a priority.
There is a real need to educate stakeholders to ensure widespread compliance. As the number of data breaches increases, CFOs need to be proactive and continuously partner with IT experts. The continued exposure means that it’s increasingly important for finance professionals to be tech-inclined. All this means that a different approach to cybersecurity is required that will involve a process of upskilling, identifying, researching, and assigning priorities to relevant risks.
Professional accountants and finance professionals can play an important role in helping businesses by evaluating the financial position of the company and identifying the most vulnerable employees and securing individuals in critical roles to protect sensitive data and intellectual property.
For those accountants who have a knack for information technology, there is a distinct opportunity to take on “hybrid” roles that, in addition to core financial skills, would require understanding and hands-on experience with IT technologies. What is needed, but is still often lacking, is a strategic approach to mitigating cybercrime risks. As much as everyone would like to have an off-the-shelf solution to the problems that cybercrime presents, such a solution simply does not exist, nor can it: the problem area is too complex, too diverse and too fluid. Professional accountants and other finance professionals should always be mindful of the saying: “A fool and his money are soon parted.” Now, and for as long as the profession heavily relies on computers, a reliance that is most likely to increase over time; exponentially at that.