October 30, 2020
October 30, 2020
Contributor: Justin Lavelle
CFOs should recognize a new type of financial risk management related to cybersecurity risk as many finance activities are now conducted remotely.
CFOs often perceive cybersecurity to be the responsibility of IT, but as more finance processes run remotely, CFOs need to develop security measures specifically for the finance function and not rely solely on the organization’s blanket security protocols to safeguard financial data.
A recent Gartner CFO Survey found that nearly 3 out of 4 CFOs intended to shift at least 5% of their previously on-site staff to permanently remote roles post-COVID-19. Many finance processes are already running remotely, and they incorporate some of the most sensitive data within an organization, including customer and supplier financial data.
“CFOs should neither ignore these fresh vulnerabilities nor go it alone,” says Alexander Bant, Practice Vice President, Gartner. “CFOs especially need to collaborate with both IT and risk managers to make sure new cybersecurity risks stemming from the adoption of remote work don’t outpace the policies designed to protect vulnerable data.”
When collaborating with IT security and risk teams, CFOs should prioritize the financial data and systems that are most critical to the business to ensure that those processes are protected. The most common threats to guard against include:
A cross-functional approach will also help CFOs with accurate scenario planning, as they can discuss all possible cybersecurity risks with these expert teams.
Read more: Gartner Top 9 Security and Risk Trends for 2020
Gartner recommends a simple three-step framework to prioritize the key objectives of a comprehensive cybersecurity strategy to safeguard finance processes and data.
Develop policies and guidelines that identify the areas in finance processes most vulnerable to attack or the areas most likely to be intriguing to criminals. The main objective is to minimize the possibility of a successful cyberattack.
A sample mitigation tactic would be to identify key financial data assets and software applications (e.g., cloud finance solutions) and their relative vulnerability.
Clarify the plan of action by highlighting roles and responsibilities in the case of a successful breach of financial data. Highlight the quickest possible resolution(s) when the organization faces a cyberattack.
A plan objective might be to designate a point of contact to whom all finance employees can report any cyberattack instances and a “first responder” in finance, e.g., the chief accounting officer, to analyze the exact financial impact of the attack.
Set governance policies that encourage regular check-ins on the health of the cybersecurity measures in place for finance processes to make sure the organization remains prepared for evolving threats to its financial data and for new workplace realities.
One plan objective might be to create a cross-functional team from finance, IT and risk/audit that submits regular reports on the state of financial data security.
Read more: Security Experts Must Connect Cybersecurity to Business Outcomes
Join the most important gathering for CFOs to explore potential finance tech providers and get actionable insights for how you can prioritize technology investments.
Recommended resources for Gartner clients*:
COVID-19: Why CFOs Must Engage in Cyber Risk Preparedness
*Note that some documents may not be available to all Gartner clients.