With financial information so inordinately sensitive for any company, chief finance officers may also have to act as chief cyber officers, as Ramona Dzinkowski explains
This article was first published in the June 2017 international edition of Accounting and Business magazine.
Much has been written on the evolving role of the CFO, and just when we thought the scope of the job had been maxed out it appears that the ever-changing risk environment is calling on chief finance officers to be chief cyber officers as well.
Experts in this space are encouraging finance chiefs to up their cyber security game, pointing to rapid advances and investments in new technologies that may pose unprecedented and unforeseen risks. Steve Durbin, managing director at the Information Security Forum, says: ‘The information under the CFO’s control – including revenues, profits, investments, acquisitions and forecasts – is some of the most sensitive and important data found within any organisation. To fulfil their fiduciary duties, CFOs must cultivate a deep understanding of where this vital information is at all times. How it is secured. Who might want to steal it. And most important, how they might gain access to it.’
Earlier this year, the Information Security Forum released its latest research on nine major threats CFOs should be aware of over the next two to three years as a result of technology change. The report, Threat Horizon 2019: Disruption. Distortion. Deterioration, identifies three major areas of concern:
- disruption – from overreliance on fragile connectivity
- distortion – as trust in the integrity of information is lost
- deterioration – when controls are eroded by regulation and technology.
The same research warns that core internet infrastructure will become a target for hackers and internet criminals aiming to disrupt business continuity. It also predicts that deliberately spread misinformation will extend to cover commercial organisations, driven by advances in artificial intelligence (AI).
Meanwhile, attacks that compromise the integrity of an organisation’s internal information will increase in number, scale and complexity. Blockchains will be subverted for fraud or money laundering, which could result in affected blockchains being abandoned – and process efficiencies with them. Ultimately, the report warns, the use of AI will result in outcomes that go beyond the understanding of business leaders, developers and system managers, creating new vulnerabilities.
Which CFOs will be affected by these emerging risks? Among Canadian companies, almost all. My latest survey of Canadian CFOs reveals that 92% reckon that new technology investments will be either somewhat or very significant to corporate strategy in 2017. Replacing legacy systems, post-M&A integration, keeping up with the competition on AI and cloud, and the information requirements of the new revenue recognition standard are all driving the agenda. I expect this to be the rule rather than the exception, with CFOs everywhere making room on their personal agendas to expand their role in data security.
Ramona Dzinkowski is a Canadian economist and editor-in-chief of Sustainable Accounting Review
"Blockchains will be subverted for fraud or money laundering, which could result in affected blockchains being abandoned"