The average total cost of a data breach is now $3.5 million globally, a 15% rise from last year, according to a 2014 study by the Ponemon Institute. The likelihood of a company having a data breach “involving 10,000 records or more stands at 22%,” finds the same study.
Consequently, CFOs have become increasingly fixated on “identifying potential cyber risks and planning their corporate responses,” writes ITWeb. With many CFOs also in charge of overseeing information technology, “they are equally committed to determining how and where to invest company resources on prevention.”
However, for CFOs to win the battle against cyber-criminals, they will need to understand several truths, according to accounting firm Deloitte.
1. Your information network will be compromised. In today’s increasingly sophisticated 24/7 tech world, this is a certainty on par with death and taxes. The sooner CFOs accept this reality, the more they’ll be to minimize data breaches at their company.
2. Physical security and cyber security are increasingly linked. Although these two turfs tend to be viewed individually, threats like espionage, intellectual property theft, fraud, counterfeiting and terrorism can begin with physical access.
“In a common example, certain administrators may have full control over a system such as payroll, customer data or billing,” writes ITWeb. “Armed with that access, those employees or contractors might pay themselves with false invoices, approve loans with special rates, or copy customer credit-card data and employee files that contain sensitive information such as social security numbers, with the purpose of selling the data, creating identity theft, embezzlement or other fraud.”
3. Cyber damages go beyond dollars. Data breaches can damage a company’s brand equity and drastically reduce customer confidence. Because of this, some firms are contemplating taking out cyber insurance to “limit excessive damages,” says ITWeb.
4. Everything can’t be protected equally. This relates back to the first point. What are the most important data at your company that need protecting? By establishing a hierarchy, a company can prioritize its security spending.
5. Your walls are probably high enough. Most likely, a company’s firewalls are “about as high as [they need] to be.” With that in mind, Deloitte suggests that CFOs “should focus more on the detection side to increase their vigilance against attacks and on recovery after the fact.”
Although the formula is different for each company, the accounting firm advises “of the typical IT cyber-risk spend, 30% might be allocated to wall-building, 50% to detection and another 20% to resilience preparation.”
Source: ITWeb: Five Cyber Risk Insights for CFOs