Question 1

What are the financial consequences of a data breach?

Accepted Answer

Data breaches happen more frequently in today’s business landscape — and they’re expensive. 30% of major security incidents result in damages between $100,000 to $500,000 according to the 2020 Insider Threat Report from Cybersecurity Insiders. Business email compromise scams alone have results in over 166,000 incidents around the world and $26 billion in loss since 2013, according to the 2020 Trustwave Global Security Report. Recovery costs can exceed estimates very quickly. Information security should be considered a high-level risk because of its financial implications; it can directly affect an organization’s bottom line. Beyond direct financial loss, other potential financial consequences include: Reputation damage Intellectual property theft Regulatory fines Cybersecurity insurance may be able to help you recoup direct financial loss, but it won’t protect against intellectual property losses or a hit to your organization’s reputation.

Question 2

What is an information security program?

Accepted Answer

An information security programs supports an organization’s technology framework by protecting IT assets, data, and business processes.

Question 3

What are the steps of the information security program lifecycle?

Accepted Answer

Financial executives regularly decide which risk mitigation controls to implement based on risk trade-offs and regulatory pressures using a risk management framework. This framework includes: Identifying the risk Measuring and assessing it Mitigation Reporting and monitoring Governance When you tailor your current risk management framework to information security, it will also include more detailed and nuanced steps such as: Performing audits and assessments Establishing policies and procedures — testing recovery procedures, for example Conducting penetration testing

Question 4

Why is it important for finance and technology teams to collaborate?

Accepted Answer

Senior management’s commitment to robust internal controls is the top factor to a strong control environment. However, developing a cohesive, inclusive approach to cybersecurity can’t happen if finance executives aren’t working closely with their technology team. As you’re aligning your cybersecurity and corporate strategies, consider implementing a top-down approach. Finance executives should become familiar with the language of the technology team, so they can spot potential financial risks faster. It’s important the technology team understands information security isn’t just a technology function; it’s a risk management function as well. They should receive help interpreting finance priorities, risks, and business drivers from finance executives. Sharing expectations and concerns can help open up lines of communication between teams and lead to a more robust information security program.

Question 5

What steps can you take to encourage collaboration between finance and technology teams?

Accepted Answer

Below are some steps finance executives and technology teams can take to strengthen the effects of your organization’s information security program: Establish policies and procedures Perform risk assessments Conduct audits and penetration testing

How to engage CFOs in information security programs

What are the financial consequences of a data breach?

What is an information security program?

What are the steps of the information security program lifecycle?

Bryan Schader

Findley Gillespie

Why is it important for finance and technology teams to collaborate?

What steps can you take to encourage collaboration between finance and technology teams?

Establish policies and procedures

Perform risk assessments

Conduct audits and penetration testing

Have questions? Baker Tilly can help.