Cybersecurity: a Major Risk for Chief Financial Officers

Cybersecurity is one of the most critical business risks and Chief Financial Officers must focus on pillars to make their organization more resilient.

Malicious parties such as computer hackers have developed increasingly sophisticated methods to achieve their objectives. They use cutting-edge technologies including artificial intelligence (AI), which makes them even more effective and dangerous and increases the risk and frequency of cyberattacks on organizations.

Reduce the risk of financial losses for businesses

The scope of cyberattacks extends to SMEs and across all sectors (manufacturing in particular) in addition to essential infrastructure. Hackers take advantage of a combination of networks, cloud computing and cloud-based SaaS applications, which multiply the number of potential entry points that can be targeted from any location and at any time.

The CFO has a crucial role in protecting their organization. They must understand the technological risks and, by extension, the resulting financial risks. However, according to our study entitled "A Finance Team in Full Transformation: Challenges and Skills for 2030", 39% of Chief Executive Officers (CEOs) believe that their Chief Financial Officer (CFO) is not adequately or not at all equipped to face this threat. However, close to half of the CFOs view risk management as a key skill that must be acquired for the finance function.

Digital risks can become business risks

While it used to take approximately 180 days to orchestrate an intrusion, cyberincidents can now paralyze an organization within four to six hours. This impacts production, weakens revenue and erodes the trust that clients and business partners have in a company over the long term.

CFOs can struggle to qualify and quantify these risks for the organization. This is particularly challenging in SMEs, where they are not supported by qualified in-house employees. When it comes to cybersecurity, zero risk does not exist. However, CFOs must fully understand their organization's risk tolerance level.

Taking action through strategic measures

Several strategic measures are essential for CFOs:

• Finance, IT and cybersecurity joint committees (internal and external members) allow for a wider visibility of risks and organizational maturity.
• Dashboards that focus on financial risk and quantify the impact of a production shutdown or cyberincident on the EBITDA, for example.
• Shared responsibility policies where IT manages the technical aspects, while the finance team leads budget governance and assumes the risk.
• Targeted training for CFOs (identified as a gap in our study).

Strengthening resilience is an immediate priority

CFOs will require regular reports on all existing cybersecurity programs. They will set a budget based on risk and calculate the financial impact of potential cyberincidents. Regular external audits will serve to validate the relevance and effectiveness of planned cybersecurity programs.

In order to offset the increasing threat level, several measures must be taken now under the leadership of the CFO and based on three pillars.

People

• Ongoing employee training must be offered to reduce the risk of ransomware, fraud and deepfakes.
• Multidisciplinary internal teams must model the threat to better prevent attacks and react more effectively.

Processes

• Incident response plans must be regularly tested by simulating attacks. This allows you to ensure that your response capability is optimal.
• Cybersecurity must be integrated into the strategy of each digital transformation project in order to proactively pinpoint potential threats and vulnerabilities.
• Key performance indicators must be introduced to enable ongoing and efficient analysis.

Technology

• Detection tools that leverage AI are used to quickly detect abnormal behaviour and respond quickly.
• Continuous (24/7) monitoring is essential to detect and counter cyberattacks in real time.
• Email and workspace protection must be implemented.
• Robust access management, including multi-factor authentication and monitoring hybrid and remote IT environments is also necessary.
• Ongoing and tested backups complemented by a business continuity plan are essential to ensure you can quickly resume activities following an incident

Cybersecurity is no longer an isolated or purely technological issue. It has become a key component of sustainable organizational performance.

For CFOs, cybersecurity is a strategic responsibility that involves converting digital risk into informed financial decisions while guiding the organization toward a more mature, resilient and agile posture.