Two thirds of CFOs make cybersecurity a high or very high priority, while 71% have increased involvement in IT in the last three years, according to a study by big four accountancy firm Ernst & Young.
CFOs and CIOs are becoming increasingly connected, with 61% of CFOs saying their collaboration with the CIO has increased over the past three years.
Although the relationship has grown closer, CFOsâ€™ insufficient understanding of IT issues is the number one barrier in their relationship with CIOs, as financial executives also claim they add most value by managing costs and profitability. Their IT investment mindset is still driven by cost discipline, and lack of mutual understanding is still a common problem, respondents said.
â€œThe more sophisticated attackers are looking at economic manipulation as an objective. This might involve trying to manipulate the share price. Their aim may include attempts to change the value of an organization through sustained attacks over a long period and then capitalize on that change in value,â€ EY Global Cybersecurity Leader Ken Allan says.Â â€œMany CFOs know that they need to spend more on cyber risk management. But they donâ€™t know where to focus their efforts, because the technologists trying to tell them are blinding them with science.â€
Most CFOs now recognize that robust cybersecurity is fundamental to shareholder value, the study shows, but a lack of understanding of IT issues can prevent CFOs from recognizing what a mature cybersecurity capability looks like and where they need to invest.
According to the report, CFOs and CIOs should treat cyber risk as an enterprise risk management issue, rather than as an IT problem. CFOs should also lead board-level conversations to identify which assets need protection.
Disagreement often arises among members of the C-suite, so the CFOâ€™s perspective across the whole organization and its data is crucial, the report says. CFOs and CIOs should view cybersecurity as a series of rolling processes to be reviewed and revised as the organization changes. Every new product or service, geographic expansion or M&A transaction creates cyber risk to be managed.
Finally, CIOs who outline cybersecurity issues to their CFO in technical language can block quick and effective action. Many CFOs who are aware of the scale of cyber risk are slowed down in working out how much to invest and what initiatives to prioritize because of this communication breakdown.
Here are 5 CFO-CIO relationship success factors found in the â€œPartnering for performanceâ€ study:
- Take joint responsibility for driving innovation through digital IT
- Shift the IT operating model emphasis from CAPEX to OPEX
- Manage risk exposures of new digital technologies
- Build finance executivesâ€™ understanding of IT issues
- Work as peers
The results are based on a global survey of 652 CFOs conducted by Longitude Research on behalf of EY, and a series of in-depth interviews with CFOs, CIOs and other professionals.