Arsgera - Fotolia

What do CFOs need to know about customer data security?

With cyberattacks a growing concern for many companies, the CFO must take a leadership role in securing organizational and customer data. Here's how to start.

Customer data security is a hot issue today, for companies as a whole and for their CFOs. Indeed, information security and cybercrime has consistently ranked as a key concern for CFOs in recent years. Despite these concerns, however, the ability to lock down and protect sensitive data is constantly being compromised. In the last year alone, a number of authoritative reports outline the formidable challenges faced in ensuring data security. These include:

  • Verizon's 2015 Data Breach Investigations Report
  • The 2015 US Association of Corporate Counsel's State of Cybersecurity
  • KPMG's Cyber security: A failure of imagination by CEOs
  • Ponemon's Cost of Data Breach 2015
  • The Defender's Dilemma 2015, by the RAND Corporation

The last report, in particular, paints a bleak picture: The reality is that the bad guys appear to be winning at cybercrime.

As a CFO, part of your job is to change that reality. To that end, here are a few pointers to creating a proactive and comprehensive approach to customer data security.

  • Cyber-risk awareness and mitigation should be a core element of your organization's business strategy. It should be ingrained within your organization's DNA. The assumption that information security can or should be left to your IT department alone to attend to has to be rigorously scrutinized and tested.
  • Don't leave data security to external vendors. What protections does your organization have in place in the event that your IT, or cloud, provider has a data breach of your company's or your customers' data?
  • Can you transfer the risk? Cyber-risk insurance, or cyberinsurance, is now big business, with some estimates suggesting that the global expenditure on cyberinsurance premiums is in excess of $2.5 billion. Be aware that the cyberinsurance industry has not matured as compared with other insurance products that have been around for a long time. A fundamental challenge facing cyberinsurance policyholders remains defining what exactly is being insured, not to mention the opacity over the precise definition of contributory negligence.
  • People can be the weakest link in your information security chain. Organizations with a disenfranchised, disgruntled and disengaged workforce are at greatest risk -- case in point: Edward Snowden. Ensuring an engaged workforce is the responsibility of all executives.

As a CFO, ensuring customer data security is a key component of your job. You are well placed to ensure that a unified, well-architected cyber-risk framework is implemented organization-wide, backed by a high degree of staff and management engagement. Only then can the risks be optimally identified and treated. Are you up for the challenge?

Next Steps

Software maker finds success with cloud-based ERP

Taking a look at financial close management software

What it takes to better automate financial reporting

Dig Deeper on ERP accounting software