Why The CFO—Yes, The CFO—Should Focus On Security

Risk assessment and prevention is right in the finance chief’s wheelhouse. Here’s how to make sure you’re avoiding unexpected costs and damage in a volatile world.

From political and social unrest that results in deadly combat to a climate crisis that delivers increasingly punishing weather events, the world is becoming less predictable. 

Ever-changing scenarios are pure anathema to CFOs, as these individuals are required to plan for the future. And planning for the unknown can be a tricky, and often daunting, task. 

Careful investments in security spending, however, can help navigate a path forward and avoid pitfalls that could torpedo a company’s trajectory.

When a chief financial officer hears the word “security,” their gut response might be: “That’s the security chief’s job.” And while most organizations do have security departments, it does not mean the CFO should remain in a silo. In fact, CFOs should be a key influence in this space. 

The CFO’s role in an organization’s security strategy 

Security should be viewed as mitigation measures that companies put in place to reduce risk and help them respond to incidents in a resilient fashion. Given that CFOs tend to sit on the risk committee, security is squarely in their wheelhouse.

The question then becomes: How should the CFO determine how to allocate and invest resources toward security? 

This is not an insignificant question. Failing to properly manage waves of risk that are swelling across the world can have a grave impact on the business. A supply-chain snag caused by catastrophic weather or a political uprising could pose significant financial fallout and reputational risk. Careful investments in security spending, however, can help navigate a path forward and avoid pitfalls that could torpedo a company’s trajectory.

If a CFO doesn’t have the insight and analysis to anticipate those events, there could be even more downstream consequences. These might take the form of higher insurance premiums that dent the bottom line, a higher cost of capital or potential legal exposure if shareholders suspect poor risk management. 

Two security musts for CFOs

So, what’s a CFO to do?

It’s impossible to know what crisis is lurking around the corner, as health epidemics, government unrest and environmental disruptions are difficult to anticipate. But if CFOs are routinely monitoring the horizon and forecasting what may or may not happen, they can be updating their mitigation plans and always have a plan at the ready. 

Here’s a great way to help a CFO get involved in the security strategy:

First, conduct a holistic risk assessment in conjunction with the risk committee to understand internal and external threats. These assessments should encompass everything from a threat by a bad actor within the organization, outdated software running on in-house servers, earthquakes, the outbreak of a pandemic, local protests or unrest in manufacturing locations and so on—the list is long and seemingly endless.

Second, the CFO needs to allocate resources to help navigate high-likelihood, high-consequence risk events, and avoid unlikely edge cases. Because of the complexity in the world, an automated global threat analysis may be worth paying for.  

That said, the CFO also needs to ensure there’s a way to monitor and measure the performance of these investments. How effectively are new tools protecting assets, operations and employees worldwide?

For example, are the investments into these tools preventing you from being caught off guard like the many businesses that had to abandon Russia and move operations elsewhere?

If the political situation in Taiwan goes sideways, would your supply chain be crippled?

The ability to anticipate these types of events and take the appropriate countermeasures is a litmus test for whether you’re making the right investments in security spending.

The world is too complex to try to manage risk the old way. CFOs, as financial stewards, also need to step forward and ensure security investments help chart a secure course for the business.


  • Get the StrategicCFO360 Briefing

    Sign up today to get weekly access to the latest issues affecting CFOs in every industry
  • MORE INSIGHTS

    StrategicCFO360

    CYBERSECURITY:

    What CFO's Need to Know

    Cybersecurity Is Not Just an IT Problem

    CFOs and senior finance executives need to become active members of the security team, given the enormous financial risks involved.  

    StrategicCFO360’s complimentary white paper, Cybersecurity: What CFOs Need to Know Now, gives you a concise overview of the cybersecurity issues you should be most concerned with, and a blueprint to help you protect your organization.