Canadian Underwriter

Robust cybersecurity at risk as 44% of CFOs cite insufficient understanding of IT issues: EY study

September 21, 2015   by Canadian Underwriter

Print this page Share

Almost three-quarters (71%) of global chief financial officers (CFOs) have had increased involvement in the IT agenda in the last three years, but 44% cite insufficient understanding of IT issues as a barrier to collaboration with chief information officers (CIOs), according to a study from Ernst & Young (EY).

Released last week, the Partnering for Performance, Part 3: The CFO and the CIO study found that the relationship between CFOs and CIOs is becoming more collaborative, with CFOs playing a greater role in vital IT-related activities. The study from the global provider of assurance, tax, transaction and advisory services surveyed 652 global CFO and financial leaders. [click image below to enlarge]

The study surveyed 652 global CFO and financial leaders

Six in ten (61% of) CFOs reported increased collaboration in the last three years, with CFOs reporting that they add most value by managing costs and profitability.

CFOs’ access to all financial data means they can identify signs of a breach, EY added in a press release. They’re also well-positioned to help identify assets attackers are trying to obtain, such as intellectual property (IP), financial data or other information about the company that could be used to damage it.

“Today’s attackers have more sophisticated goals as opposed to just stealing classified information. They may be looking to manipulate the company share price, for example,” said Abhay Raman, EY’s cybersecurity leader, in the press release. “Or, they may be looking to devalue the company so it can be acquired at a much lower price. These are issues the CFO must be involved in.” [click image below to enlarge]

71% of global chief financial officers (CFOs) reported an increased involvement in the IT agenda in the last three years

Sixty-six percent of CFOs said managing cybersecurity is a “high” or “very high” priority, but they face a number of challenges in their relationship with CIOs. “While most [CFOs] can recognize the scale of a cyber threat, they can’t visualize what a mature cybersecurity capability looks like, in order to invest in the right initiatives,” the release said, pointing to the fact that the lack of understanding was identified as the top obstacle to a closer relationship with the CIO (44% of CFOs said it’s one of the top three barriers). “In addition, the tendency for CIOs to discuss cybersecurity issues in technical jargon, rather than plain language, can also hinder meaningful action,” EY added.

“Effective collaboration on cybersecurity starts with treating cyber risk as an enterprise risk management issue, rather than as an IT problem,” the release said. “It should be integrated into the broad set of enterprise-governance functions, such as HR, vendor management and regulatory compliance.”

Raman said that CFOs can lead “board-level conversations to identify which of the organization’s financial, IP and data assets need protection. Working with the CIO, they should ensure that the whole organization has a tested plan in place to respond when a breach does occur.”