Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Building a Cyber Resilient Business

You're reading from   Building a Cyber Resilient Business A cyber handbook for executives and boards

Arrow left icon
Product type Paperback
Published in Nov 2022
Publisher Packt
ISBN-13 9781803246482
Length 232 pages
Edition 1st Edition
Arrow right icon
Authors (3):
Arrow left icon
Dr. Magda Lilia Chelly Dr. Magda Lilia Chelly
Author Profile Icon Dr. Magda Lilia Chelly
Dr. Magda Lilia Chelly
Hai Tran Hai Tran
Author Profile Icon Hai Tran
Hai Tran
Shamane Tan Shamane Tan
Author Profile Icon Shamane Tan
Shamane Tan
Arrow right icon
View More author details
Toc

Table of Contents (14) Chapters Close

Preface 1. Chapter 1: The CEO Cyber Manual 2. Chapter 2: A Modern Cyber-Responsible CFO FREE CHAPTER 3. Chapter 3: The Role of the CRO in Cyber Resilience 4. Chapter 4: Your CIO—Your Cyber Enabler 5. Chapter 5: Working with Your CISO 6. Chapter 6: The Role of the CHRO in Reducing Cyber Risk 7. Chapter 7: The COO and Their Critical Role in Cyber Resilience 8. Chapter 8: The CTO and Security by Design 9. Chapter 9: The CMO and CPO—Convergence Between Privacy and Security 10. Chapter 10: The World of the Board 11. Chapter 11: The Recipe for Building a Strong Security Culture—Bringing It All Together 12. Index 13. Other Books You May Enjoy

The CFO’s understanding of cybersecurity

Shamane Tan, chief growth officer at Sekuro and founder of Cyber Risk Meetup, a global community for prolific cybersecurity conversations and exchanges, and co-author of this book, commented on a discussion with the CFOs that she was involved in: “Even amongst the CFOs, they recall that the conversation about cybersecurity only started to come up a decade ago when the insurers asked corporate CFOs what the company was doing about cybersecurity.

When insurers began asking about cybersecurity over ten years ago, it was likely one of the first times CFOs would have heard about cybersecurity. It’s worth noting that these first conversations did not begin within an organization but were driven by those asking from outside the organization. Within an organization, it has not been a concern generally. Magda (co-author of this book) had a CFO mention to her that he trusted his security team and so wasn’t going to purchase cyber insurance.

With the increase in cyber risk and inevitability of cyberattacks, it is critical to understand that foolproof security does not exist. Within such a complex and interconnected environment, cybercriminals nowadays can find weaknesses within people, processes, and technology. A cyberattack can also happen through a supplier or vendor. It is just a matter of time.

A group of hackers known as “London Blue” targeted more than 50,000 finance executives, including 35,000 CFOs, with bogus requests to transfer money. The scams were estimated in an Agari report (https://www.agari.com/cyber-intelligence-research/whitepapers/london-blue-report.pdf) to have caused hundreds of thousands of dollars in damage. CFOs and the finance executives within an organization are not immune to being targeted and are not necessarily cyber-savvy to such scams. That must change.

In today’s world, insurers take cyber risks into consideration and provide cyber insurance to organizations as a risk transfer option. This requires risk profiling of a company. Cyber insurance helps CFOs to become cyber aware and requires a shift in their perception of cyber risk. This switch in mindset also correlates directly with both the frequency and the cost of cyberattacks. As a result, cybersecurity is now formed as part of the risk register.

Nevertheless, for CFOs, understanding cyber risks and cybersecurity as a whole can be a lengthy and frustrating process. Cybersecurity is complex, the solutions not always enough to mitigate risk, and confusing technical jargon are just a few of the reasons CFOs find it challenging. Your organization might have cybersecurity hardware and software to protect your business against cyberattacks. However, it only takes one weakness to incur financial losses.

People, processes, and technology are not immune to cyber threats. Specific to the finance team, phishing, social engineering, and Business Email Compromise (BEC) have been some of the most common cybercrimes. The FBI’s Internet Crime Complaint Center (ICCC) cybercrime report found BEC schemes to be the costliest of all cybercrimes, leading to losses of approximately $1.8 billion in 2020 alone.

A good example is an employee processing the payment of a fake vendor invoice, which can lead to the misdirection of tens of thousands or even hundreds of thousands of dollars. Those social engineering cyberattacks work by targeting humans and processes. This type of cybercrime has increased in recent years, and while some companies have addressed this cyber risk to prevent financial fraud/loss, others continue with their traditional approach and ignore critical cybersecurity pillars, people, and processes. “It can’t happen to us” remains the pervasive perspective.

Importantly, a CFO is not required to learn technical cybersecurity concepts. But they do need to consider cyber risks that might materialize from a weakness in people, processes, or technology. Understanding and communicating that foolproof security does not exist is among the first steps, along with increasing the budget to help address strategic initiatives. Further, it requires continuous support and the company’s readiness to respond when an attack happens.

It is also worth noting that when it comes to cyber insurance, not every single cyber event will be covered, which means that companies will not be able to transfer all of their risk through insurance. Take, for instance, a ransomware attack—insurance companies now deny insurance payouts for ransomware payments.

Yet ransomware attacks are only one cyber risk to a company. The following section outlines key aspects of cybersecurity that are helpful for CFOs to consider.

You have been reading a chapter from
Building a Cyber Resilient Business
Published in: Nov 2022
Publisher: Packt
ISBN-13: 9781803246482
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image