“Data is the new oil,” proclaimed The Economist magazine in 2017, succinctly making the point that data has become extremely valuable and that those who have it need to keep it secure. Losing important company data can be the equivalent of a country losing control over its most precious energy resource.
Finance executives certainly have received the message. CFOs responding to Protiviti’s 2019 Finance Trends Survey ranked data security and privacy as their top priority overall, and their second-highest budget priority. This was even more important for CFOs of companies with data in the cloud.
The stakes are high. A single breach can instantly affect millions of people across the globe. It can cause significant brand damage and lead to litigation — both from consumers and from stakeholders. And as the constant drumbeat of data breaches becomes louder, it creates anxiety, compounding concerns among finance executives that their organizations may not be prepared, or that they themselves may not properly understand the technical aspects of data security.
Complicating matters is the fact that the way people interact with data changes constantly. Data on hard drives can be shared or moved to the cloud easily, often using unsanctioned cloud services. Security measures must constantly evolve to keep up with the new ways data is handled. This can be difficult, considering that most of the changes — third-party applications, cloud computing and mobile devices — are external to finance. If finance executives don’t pay attention to the evolving use of finance data on an almost daily basis, it is easy to fall behind the risk curve.
One way to alleviate the anxiety CFOs feel with regard to the security of their organizations’ finance data is to understand the key aspects of data protection.
In the broader scheme of things, good data security is about visibility and response — having broad visibility across all of the applications, systems, processes and partners that store or have access to data, and understanding what measures are in place for when any of that data is compromised. CFOs today should be interacting regularly with their IT colleagues to understand the following:
- What procedures are in place to protect data and provide data privacy?
- What visibility and control does the organization have over those processes?
- Are there response teams with coordinated and tested plans to respond to potential breaches and reduce “dwell time” (the time between a breach and its discovery, which currently is 106 days on average)?
There are a number of advanced technologies that are used by security teams today to address increasingly sophisticated hackers — from artificial intelligence to blockchain. A CFO’s understanding of his or her organization’s defense capabilities will certainly help to set their minds at ease. The fact that many organizational functions are reporting on their current or planned adoption of some of the same technologies (RPA, predictive analytics and blockchain to build smart contracts) in their own environment should help to facilitate these conversations and build trust.
Other Ways to Reduce Risk
In addition to doing everything possible to secure data from the inside, many organizations have been turning to cyber insurance as a way to transfer a portion of the risk in the event of a cyber breach. In this sense, data risk is no different from any other risk, and organizations may want to avail themselves of this protection if they can.
Moving data to the cloud is another way to reduce risk of data loss, even if that sounds counterintuitive to some. Back in the days when cloud was new, a CFO’s response to the suggestion to put the company’s financial data in the cloud would have been “No way!” Today, cloud environments are managed better from a security standpoint than many on-prem servers. This is because large cloud providers have more resources to dedicate to security and they often are a magnet for the industry’s skilled workforce for which there is a fierce competition.
In fact, more and more executives are moving finance applications previously hosted on-prem to the cloud. According to our survey, this trend is the second most important factor prompting finance leaders to make adjustments to their budget and resource allocations. The survey results also indicate that CFOs who have embraced a cloud strategy for finance are both more aware of the dangers (reporting higher level of concern) and better prepared to meet them — a phenomenon known as “digital paradox,” where those who are ahead of their peers in digital preparedness are also more likely to sound the alarm on the risks.
While data security and privacy is likely to remain a top concern for finance leaders in the foreseeable future, the proper response is not alarm, but to be informed, collaborate, and hire people who are aware of the importance of keeping data safe. The best candidates are often not those best trained in specifics (the knowledge of yesterday is old news today) but people with inquisitive minds — creative and adaptable thinkers with a security mindset. Because, at the end of the day, the best data security strategy is understanding the risks, maintaining a constant state of vigilance and always asking: “What’s the worst that could happen?” — and be prepared to address it.