It may be difficult to judge whether contemporary CFOs’ tight focus on data privacy and security is a value-add or a strictly defensive posture that limits their engagement in value-add activities. Either way, study after study shows that among the multitude of concerns finance chiefs must grapple with today, it’s become their chief one.
Most recently, management consulting firm Protiviti surveyed 817 CFOs and other finance leaders worldwide, asking them to prioritize 40 different aspects of finance. Participants rated each aspect on a 10-point scale. More than 8 in 10 (84%) of them rated data privacy/security an 8, 9, or 10. Next on the list was enhanced data analytics (79%).
CFOs’ strong attention to this risk takes into account their awareness that data breaches are commonplace today as well as a lack of confidence in their ability to drive adequate defenses, according to Protiviti.
“In all likelihood, most finance leaders lack sufficient understanding of the technical aspects and requirements of appropriate security and privacy measures, resulting in a fear of the unknown and substantial reliance on the effectiveness of others,” Protiviti wrote in its survey report.
“Essentially, they may be unsure if they should feel comfortable about their current control state, while concurrently having regulatory responsibility to report a breach.”
Unlike their handling of other financial-related risks and controls, Protiviti noted, finance leaders typically rely on others — i.e., IT and security teams — to articulate and implement specific controls for and protections against cyber-risk.
That dynamic drives many CFOs to be involved in the process of procuring cyber insurance to help mitigate this risk.
Asked to identify the single most important priority, among the 40 aspects of finance, for their organization to address over the next 12 months, 17% of surveyed CFOs and finance vice presidents selected security and privacy of data. That was the leading response — 4 points ahead of “changing demands and expectations of internal customers” 6 points clear of “enhanced data analytics,” and 8 points ahead of robotic process automation.
Further, 62% of CFOs and finance vice presidents said their budget for data privacy and security increased for 2019, compared with 16% who said it decreased.
And more than half (51%) of them said they expect to increase their workforce over the next 12 months based specifically on the potential impact of data privacy and security risk.
“Continued reports of data breaches, involving the loss of millions of records, severe financial loss, and significant operational impact have undoubtedly put finance teams on notice that the data they maintain must be secured and properly managed,” Protiviti wrote.