Traditionally, the responsibility of protecting company information has fallen on the chief information officer and the IT department. As the most technologically savvy members of the organization, it's believed they possess the expertise and skills needed to ensure that enterprise and customer data remains safe and secured.
But such a model for data security may no longer apply During the past decade or so, the volume of information produced by the average organization has increased to historic proportions. At the same time, the companies have begun relying on the information like never before.
As is the case, the protection of information has become key for all aspects of an organization and is no longer conducted solely by the IT department. That means numerous areas of a business should now be getting involved with the process. And This is nowhere more true than with the chief financial officer, according to a recent CFOworld report.
"[W]hile CIOs may manage the Wi-Fi networks and servers that criminals target, CFOs approve IT spending, and are often responsible for handling repercussions of a breach," contributor Fred O'Connor wrote for the news provider. "That suggests that they should have a lot to say about data security planning, too, to go with their deep involvement in dealing with the fallout."
It's true that data breaches have very much become an issue of resources during the past few years. An incident not only impacts the operations of the company, but the bottom line as well.
When cut off from data, an organization's production may grind to a damaging halt, forcing it to remain at a standstill until the information can be restored. Additionally, the organization could face penalties levied by legal and industry regulators, as well as litigation brought on by irate customers.
Earlier this year, the Ponemon Institute revealed that the average data breach now costs a company a total of $7.2 million. That's approximately $214 per compromised record.
That alone is reason enough to get the CFO involved in data security practices before an incident strikes. It's best, according to the CFOworld report, if the CFO and CIO work together to ensure that information is protected. Using the expertise of both will ensure that all bases are covered, the report noted.
"It's unrealistic to expect the CFO to understand security completely, as it is for the security professional to understand finance completely," Gartner analyst Jay Heiser told the publication.
Within this partnership, however, each side has to understand its role and be careful to listen to the arguments of the other side while not overstepping its boundaries.
For example, making the case for a data security investment will fall on the shoulders of the CIO, who knows what has to be done in order to protect the company. But it's important to verbalize these needs in easily digestible terms so that the CFO will get on board and approve the funds.
A good place to start for CIOs, the report said, is to explain how money spent now will save the company at a later date. Or they could just show the CFO the Ponemon Institute research.
Although this partnership is necessary, it's not where data security cooperation should stop. According to a recent Forbes report, the board of directors should also have a hand in data security practices. Specifically, the board should determine the consequences of a breach and be made aware of any risks, among other things, the report said.
Data Security News from SimplySecurity.com by Trend Micro