EXECUTIVE SUMMARY:
In today’s world, where cyber insurance is arguably more critical than flood insurance, the importance of a tight alliance between a CISO and a CFO cannot be overstated.
As one CFO says, “Good cybersecurity is expensive, and bad cybersecurity is, well… even more expensive,” expertly pinpointing the need for unobstructed channels of communication between what are sometimes seemingly opposed sectors of a company.
CISOs are often accustomed to soliciting executive buy-in, and CFOs all too often see cyber security as a line item that will put a company in the red.
Here are a handful of tips and tricks to strengthen the CFO-CISO alliance in your company:
- A point of contention is often ‘how much cyber security to invest in,’ with a CISO advocating for a force field between the company and the hackers, and the CFO weighing the probabilities of certain types of attacks, and proposing a more modest plan. CISOs can advance their points of view by outlining the specifics of the threat ‘who, what, where, when and why’, clearly articulating the value of investments. With a broader picture of the risks, CFOs will also be able to better understand the ROI.
- Actively avoid the “ROI Death Spiral”, a situation where CFOs demand exacting proof of ROI prior to rubber stamping their CISO’s budget. Yes, world-class cyber security is a financial necessity.
- As Krebs on Security notes, “…considering how much marketing (think consumer/customer data) and human resources (think employee personal/financial data) are impacted by your average data breach, it’s somewhat remarkable that more companies don’t list their chief security personnel among their top ranks.” Insure that your CISO receives the recognition and voice that he/she deserves. After all, you’ve already expressed how important they are vis-a-vis their compensation package. Equal footing will lead to a stronger partnership, and better overall security.
