The average total cost of a data breach is now $3.5 million globally, a 15% rise from last year, according to a 2014 study by the Ponemon Institute. The likelihood of a company having a data breach “involving 10,000 records or more stands at 22%,” finds the same study.

cyber securityConsequently, CFOs have become increasingly fixated on “identifying potential cyber risks and planning their corporate responses,” writes ITWeb. With many CFOs also in charge of overseeing information technology, “they are equally committed to determining how and where to invest company resources on prevention.”

However, for CFOs to win the battle against cyber-criminals, they will need to understand several truths, according to accounting firm Deloitte.

1. Your information network will be compromised. In today’s increasingly sophisticated 24/7 tech world, this is a certainty on par with death and taxes. The sooner CFOs accept this reality, the more they’ll be to minimize data breaches at their company.

2. Physical security and cyber security are increasingly linked. Although these two turfs tend to be viewed individually, threats like espionage, intellectual property theft, fraud, counterfeiting and terrorism can begin with physical access.

“In a common example, certain administrators may have full control over a system such as payroll, customer data or billing,” writes ITWeb. “Armed with that access, those employees or contractors might pay themselves with false invoices, approve loans with special rates, or copy customer credit-card data and employee files that contain sensitive information such as social security numbers, with the purpose of selling the data, creating identity theft, embezzlement or other fraud.”

3. Cyber damages go beyond dollars. Data breaches can damage a company’s brand equity and drastically reduce customer confidence. Because of this, some firms are contemplating taking out cyber insurance to “limit excessive damages,” says ITWeb.

4. Everything can’t be protected equally. This relates back to the first point. What are the most important data at your company that need protecting? By establishing a hierarchy, a company can prioritize its security spending.

5. Your walls are probably high enough. Most likely, a company’s firewalls are “about as high as [they need] to be.” With that in mind, Deloitte suggests that CFOs “should focus more on the detection side to increase their vigilance against attacks and on recovery after the fact.”

Although the formula is different for each company, the accounting firm advises “of the typical IT cyber-risk spend, 30% might be allocated to wall-building, 50% to detection and another 20% to resilience preparation.”

Source: ITWeb: Five Cyber Risk Insights for CFOs

Image: Thinkstock

, , , ,

One response to “Five Truths About Cyber Security”

  1. I agree that “that CFOs should focus more on the detection side to increase their vigilance against attacks and on recovery after the fact”, but less than 14% of breaches are detected by internal security tools according to the annual international breach investigations report by Verizon.

    Detection by external third party entities unfortunately increased from approximately 10% to 25% during the last three years. Specifically notification by law enforcement increased from around 25% to 33% during the last three years.

    Unfortunately, current approaches with monitoring and intrusion detection products can’t tell you what normal looks like in your own systems.

    Advancements in security analytics may help over time, but we don’t have time to wait, so we need to protect our sensitive data itself.

    I think it is time to secure the sensitive data in the entire data flow with modern approaches.

    Studies have shown that users of data tokenization experience up to 50 % fewer security-related incidents (e.g. unauthorized access, data loss, or data exposure) than non-users.

    Ulf Mattsson, CTO Protegrity

Leave a Reply

Your email address will not be published. Required fields are marked *