Financial execs may be overconfident about cybersecurity: Survey
Reprints
Top company financial officers may be overconfident about their companies’ ability to handle cybersecurity issues, according to a survey released Tuesday.
The global survey of 180 chief financial officers, CEOs and other financial executives conducted by New York-based Kroll Inc. showed “a sharp disconnect” between their confidence in their organizations’ cybersecurity abilities and the actual damage cyber incidents inflict, the report said.
The survey found that 99% of the respondents were confident to some extent, including 87% who said they were “very” or “extremely so.”
Yet 61% said their company had suffered at least three significant cyber incidents in the previous 18 months, and only 40% of finance teams get regular briefings or updates from the information security team. Almost 37% have never received such updates, the report said.
The report noted that it has only become commonplace in recent years to include security risks on the board-level agenda.
James McLeary, a managing director in Kroll’s cyber risk practice, said in the report that CFOs should participate in cybersecurity planning at multiple layers within the company, including crisis and incident response planning and tabletop exercises. This will enable them “to understand the overall investment strategy around cyber and to evaluate financial risk and possible expenditures,” he said.
