Arsgera - Fotolia
Customer data security is a hot issue today, for companies as a whole and for their CFOs. Indeed, information security and cybercrime has consistently ranked as a key concern for CFOs in recent years. Despite these concerns, however, the ability to lock down and protect sensitive data is constantly being compromised. In the last year alone, a number of authoritative reports outline the formidable challenges faced in ensuring data security. These include:
- Verizon's 2015 Data Breach Investigations Report
- The 2015 US Association of Corporate Counsel's State of Cybersecurity
- KPMG's Cyber security: A failure of imagination by CEOs
- Ponemon's Cost of Data Breach 2015
- The Defender's Dilemma 2015, by the RAND Corporation
The last report, in particular, paints a bleak picture: The reality is that the bad guys appear to be winning at cybercrime.
As a CFO, part of your job is to change that reality. To that end, here are a few pointers to creating a proactive and comprehensive approach to customer data security.
- Cyber-risk awareness and mitigation should be a core element of your organization's business strategy. It should be ingrained within your organization's DNA. The assumption that information security can or should be left to your IT department alone to attend to has to be rigorously scrutinized and tested.
- Don't leave data security to external vendors. What protections does your organization have in place in the event that your IT, or cloud, provider has a data breach of your company's or your customers' data?
- Can you transfer the risk? Cyber-risk insurance, or cyberinsurance, is now big business, with some estimates suggesting that the global expenditure on cyberinsurance premiums is in excess of $2.5 billion. Be aware that the cyberinsurance industry has not matured as compared with other insurance products that have been around for a long time. A fundamental challenge facing cyberinsurance policyholders remains defining what exactly is being insured, not to mention the opacity over the precise definition of contributory negligence.
- People can be the weakest link in your information security chain. Organizations with a disenfranchised, disgruntled and disengaged workforce are at greatest risk -- case in point: Edward Snowden. Ensuring an engaged workforce is the responsibility of all executives.
As a CFO, ensuring customer data security is a key component of your job. You are well placed to ensure that a unified, well-architected cyber-risk framework is implemented organization-wide, backed by a high degree of staff and management engagement. Only then can the risks be optimally identified and treated. Are you up for the challenge?
Software maker finds success with cloud-based ERP
What it takes to better automate financial reporting
Dig Deeper on ERP accounting software
Related Q&A from Rob Livingstone
The mobile payment market is experiencing tremendous growth. Get ready to think about cyberthreats, changing operations and opportunity. Continue Reading
Today's CFO needs to have a good grasp on nonfinancial data, says one expert. Here's why expanding your knowledge base beyond finance-driven ... Continue Reading
The need for collaboration between the CFO and the CIO is becoming increasingly necessary. Here's what you need to know about the pressures on both, ... Continue Reading