CFOs set to be at the forefront of mitigating cyber risks

Finance leaders are calling for cybersecurity upskilling as they face an increase in cyber risks that threaten operations and the financial health of their organisations.

In 2023-2024 over 87,000 cyber crime reports were received during the financial year which equated to one report every six minutes, based on the ASD Annual Cyber Threat Report for 2023-2024.

Palo Alto Networks Asia Pacific and Japan president, Simon Green, said this uptick in cyber crimes highlighted the role CFOS and other finance professionals played on the frontline against cyber threats and protecting resources more efficiently.

“That’s not suggesting that finance teams, whether internal or external to an organisation, are facing a greater threat than any other part of the business,” he said.

“But with many cyber criminals mostly in it for the money, it’s a good idea for managing corporate finances to be aware of what’s going on when it comes to the risks associated with cyber threats and cyber defences.”

According to the report, cyber criminals started by collecting data they could from vulnerable corporate sources to hack and obtain a set of data complete enough to infiltrate corporate financial networks, making organisations that handled financial information prime targets.

Green noted that risk had always been on the agenda for financial operators; however, as the nature of risks had shifted to cyber, finance professionals and their skills would also need to shift with them.

“The evolving threat of cyber crime to finance operators, their organisations, or those of their customers, is reshaping the responsibilities of CFOs and finance leaders. The impacts of attacks are pushing CFOs beyond traditional financial oversight to embrace a more strategic role in managing enterprise risk,” Green said.

“Such risk is now part and parcel of the task of safeguarding the financial, as well as the reputational health of an organisation.”

“With regulatory bodies such as ASIC increasingly compelling company boards to report on cybersecurity readiness, it often falls to finance leaders to take on the relevant risk assessments and reporting.”

In terms of upskilling, CFOs and finance professionals have been recommended to learn to “objectively understand” where the cyber risks are, where they are emerging from and the best ways to mitigate them.

This could be done by understanding an organisation's cyber posture, assessing vulnerabilities, identifying critical data assets and aligning cybersecurity strategies with business goals, Green said.

Organisations must conduct an in-depth review to reveal any weaknesses that have been previously missed that could potentially lead to unnecessary vulnerabilities.

Green noted it was essential for CFOs and other finance professionals to work together in getting a handle on an organisation's cyber posture to help mitigate and prevent risks effectively.

“With finance leaders often having jurisdiction over some of the most sensitive data of an organisation, it’s essential these leaders make cybersecurity a top priority,” he said.

“By working closely with cybersecurity experts, finance teams can begin building a unified front against threat actors to bolster their defences and protect organisations’ bottom lines.”