• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Spotlight   »   What role does the CFO play in data security strategies?

What role does the CFO play in data security strategies?

  • Posted on:November 30, 2011
  • Posted in:Spotlight
  • Posted by:
    Trend Micro
0

Traditionally, the responsibility of protecting company information has fallen on the chief information officer and the IT department. As the most technologically savvy members of the organization, it's believed they possess the expertise and skills needed to ensure that enterprise and customer data remains safe and secured.

But such a model for data security may no longer apply During the past decade or so, the volume of information produced by the average organization has increased to historic proportions. At the same time, the companies have begun relying on the information like never before.

As is the case, the protection of information has become key for all aspects of an organization and is no longer conducted solely by the IT department. That means numerous areas of a business should now be getting involved with the process. And This is nowhere more true than with the chief financial officer, according to a recent CFOworld report.

"[W]hile CIOs may manage the Wi-Fi networks and servers that criminals target, CFOs approve IT spending, and are often responsible for handling repercussions of a breach," contributor Fred O'Connor wrote for the news provider. "That suggests that they should have a lot to say about data security planning, too, to go with their deep involvement in dealing with the fallout."

It's true that data breaches have very much become an issue of resources during the past few years. An incident not only impacts the operations of the company, but the bottom line as well.

When cut off from data, an organization's production may grind to a damaging halt, forcing it to remain at a standstill until the information can be restored. Additionally, the organization could face penalties levied by legal and industry regulators, as well as litigation brought on by irate customers.

Earlier this year, the Ponemon Institute revealed that the average data breach now costs a company a total of $7.2 million. That's approximately $214 per compromised record.

That alone is reason enough to get the CFO involved in data security practices before an incident strikes. It's best, according to the CFOworld report, if the CFO and CIO work together to ensure that information is protected. Using the expertise of both will ensure that all bases are covered, the report noted.

"It's unrealistic to expect the CFO to understand security completely, as it is for the security professional to understand finance completely," Gartner analyst Jay Heiser told the publication.

Within this partnership, however, each side has to understand its role and be careful to listen to the arguments of the other side while not overstepping its boundaries.

For example, making the case for a data security investment will fall on the shoulders of the CIO, who knows what has to be done in order to protect the company. But it's important to verbalize these needs in easily digestible terms so that the CFO will get on board and approve the funds.

A good place to start for CIOs, the report said, is to explain how money spent now will save the company at a later date. Or they could just show the CFO the Ponemon Institute research.

Although this partnership is necessary, it's not where data security cooperation should stop. According to a recent Forbes report, the board of directors should also have a hand in data security practices. Specifically, the board should determine the consequences of a breach and be made aware of any risks, among other things, the report said.

Data Security News from SimplySecurity.com by Trend Micro

Related posts:

  1. State-of-the-art Security: The role of technology in the journey to GDPR compliance
  2. The Role That IT Security Teams Need to Play in Connected Hospitals
  3. Companies need new strategies for data security
  4. Making security strategies more sophisticated with big data

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.