• About
  • Subscribe
  • Contact
Wednesday, April 30, 2025
    Login
FutureCFO
  • Business Insights
    • Competencies and Capabilities
    • Digital Transformation
    • Leadership and Roles
    • Mergers and Acquisitions
    • Risk and Regulation
    • Strategies and Tactics
  • Operations
    • Audit and Compliance
    • Finance Accounting and Reporting
    • Operational Accounting and Control
    • Tax Management and Optimization
    • Treasury and Cash Management
  • Technology
    • Artificial Intelligence
    • Automation
    • Big Data
    • Blockchain
    • Business Applications
    • Cloud, Platforms and Ecosystems
    • Future Technology
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
  • Awards
  • Knowledge Hub
    • Sustainable Finance
No Result
View All Result
  • Business Insights
    • Competencies and Capabilities
    • Digital Transformation
    • Leadership and Roles
    • Mergers and Acquisitions
    • Risk and Regulation
    • Strategies and Tactics
  • Operations
    • Audit and Compliance
    • Finance Accounting and Reporting
    • Operational Accounting and Control
    • Tax Management and Optimization
    • Treasury and Cash Management
  • Technology
    • Artificial Intelligence
    • Automation
    • Big Data
    • Blockchain
    • Business Applications
    • Cloud, Platforms and Ecosystems
    • Future Technology
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
  • Awards
  • Knowledge Hub
    • Sustainable Finance
No Result
View All Result
FutureCFO
No Result
View All Result
Home Operations Audit and Compliance

Cybersecurity investments: A strategic imperative for CFOs

Allan Tan by Allan Tan
February 10, 2025
Cybersecurity investments: A strategic imperative for CFOs

Cybersecurity investments: A strategic imperative for CFOs

Imagine a scenario where your company's operations grind to a halt, sensitive data is exposed, and customer trust is shattered — all because of a cyberattack. This isn't just a hypothetical situation; it's a reality that businesses of all sizes face in today's increasingly digital world. CFOs, with their unique understanding of financial risk and strategic planning, must champion cybersecurity initiatives and weave them into the core of their business strategy.

The Cyber Security Agency of Singapore has issued stark warnings about the rising threat of cyberattacks, and the Personal Data Protection Act (PDPA) sets stringent standards for data protection. In this environment, CFOs must prioritise cybersecurity investments that deliver a tangible return on investment. Failure to do so could jeopardise critical assets, disrupt operations and severely impact the bottom line and shareholder value.

One of the main challenges in securing cybersecurity investments lies in the nature of cybersecurity itself. It's difficult to quantify its value proposition until a breach or attack occurs. This leads many CFOs to struggle when justifying the allocation of resources towards cybersecurity initiatives to their stakeholders.

However, a recent roundtable by FutureCFO in partnership with Okta shed light on how CFOs can overcome this challenge. Financial executives from leading Singaporean companies emphasised the importance of treating cybersecurity as a strategic investment, similar to critical CAPEX projects, and offered insights on securing funding for these essential initiatives.

Understanding the importance of cybersecurity investments

In today's digital age, cybersecurity is not just an IT issue but a core business imperative. A single cyberattack can severely impact a company's reputation, disrupt operations, and lead to significant financial losses, potentially requiring unplanned write-downs or impacting EBITDA.

Ben Goodman

"As a CFO, cyber threats and cyber resilience probably wasn't something you were focused on three years ago. Now, you're probably scrutinising your cyber insurance premiums to determine if they're even viable," explained Ben Goodman, Okta's senior vice president and general manager for APJ.

This necessitates collaborating with IT and security teams to identify and assess risks, developing a comprehensive cybersecurity strategy that aligns with overarching business objectives, and ensuring that cybersecurity investments are appropriately capitalised and amortised over their useful life.

Justifying cybersecurity investments to stakeholders

Justifying the cost of cybersecurity investments to stakeholders is a major challenge for CFOs. Many stakeholders view cybersecurity as an operational expense rather than a strategic investment, impacting the company's short-term profitability.

Brett Tighe

"So, I look at it in terms of ROI. How can we maximise the return on these investments while achieving our security goals?" said Brett Tighe, chief financial officer at Okta.

This means highlighting the potential financial impact of a cyberattack, such as lost revenue, damage to reputation, and regulatory fines, which can significantly impact the company's valuation. It's also important to emphasise the financial benefits of cybersecurity investments, such as improved operational efficiency, increased customer trust, and enhanced brand reputation, all of which contribute to long-term shareholder value.

Justifying these investments is further complicated by a fragmented cybersecurity landscape. "Technology keeps changing, and there are so many vendors and products that can be quite confusing," noted a delegate to the roundtable.

Darrell Tan

However, companies do not have the option of sitting on the sidelines. "It's more about what happens if you don't invest, rather than what you directly gain from it," said Darrell Tan Yuan Ching, head of Investment Management & Hotels at Guocoland.

Still, Guocoland’s Tan urged CFOs to take a mid- and long-term view when investing in cybersecurity and working with the IT team to ensure alignment with the existing tech stack. "That's actually quite tricky because if it doesn't fit, it is just a sunk cost."

Okta’s Tighe acknowledged that different companies have different risk profiles and priorities regarding cybersecurity. The vital part is balancing security with usability. "You can have the greatest security on Earth, and it just makes your employees hate their life. On the other end of the spectrum, if you don't have any security... it exposes you. I would think about where you want to be on that spectrum. Not all companies are the same," he explained, pointing to the NIST framework for consideration.

Finding the right balance is never easy

To effectively measure the ROI of cybersecurity investments, CFOs need to develop outcome-driven metrics that link these investments to business value and operational efficiency. This means going beyond traditional metrics, such as the number of security incidents, and focusing on metrics that measure the impact of cybersecurity investments on business outcomes. Some examples of outcome-driven metrics that the participants discussed:

  • Reduction in customer churn due to improved cybersecurity
  • Increase in customer satisfaction due to enhanced trust in the company's cybersecurity posture
  • Improvement in employee productivity due to reduced downtime caused by cyberattacks
  • Cost savings from prevented breaches, reducing the need for unplanned expenditures
Atul Kalyanpur

"We look at KPIs like incident response time, the potential duration of an incident, and the magnitude of the financial risk that could arise from the activity, and so on," added Atul Kalyanpur, finance director at Travel + Leisure Co.

Ultimately, these metrics are part of CFOs' efforts to frame cybersecurity in financial terms. As one delegate commented cybersecurity is a broad term...after five years, we need to take stock and re-evaluate, especially as the threat landscape evolves.

Regulations are guidelines but not guarantees

The line between compliance and security is blurring. Participants like Travel + Leisure Co.'s Kalyanpur noted that reputational risk, which can severely impact market capitalisation, is a major security concern, more so than the actual fines.

Foo Yoke Leong

Foo Yoke Leong, the head of Finance of an insurance company, looks at two regulations when assessing his company's security posture. "One is PDPA, where we need to protect our customers' data. We need to make sure that it's secure and nothing leaks out. The second one is the MAS technology risk management guidelines issued to all financial institutions."

But regulations are just starting points. They are constantly being updated, and new ones are being added. "Which is why we need to invest more in cybersecurity insurance," stated a delegate to the roundtable.

Ng Poh Beng

For conglomerates, Ng Poh Beng, finance director of Aboitiz Food, urged companies to look beyond cyber insurance. Insurance only covers the financial impact, but there are losses beyond Financials such as Corporate Reputation.

The growing importance of third-party risk management

Third-party risks are not new. However, what is new is how integrated partners have become in modern businesses. This creates an additional cybersecurity concern that CFOs fret about, especially with the spate of supply chain attacks due to identity compromises or theft. And not just companies worry; vendors are also vigilant about it.

"We're testing [our partners] regularly, and we pay security researchers on our team to test and penetrate our systems to see how robust our security posture is," said Tighe.

In response, one delegate suggested to reduce dependency.   to the roundtable suggested a good rule of thumb is to reduce dependency

A good rule of thumb is to reduce dependency, an approach championed by a delegate to the roundtable. "When evaluating suppliers, I ensure that we are not reliant on any single provider. I identify potential alternatives and assess how they can align with our cost strategies, allowing us to switch quickly if needed."

Lim Swee Keng

Yet, Lim Swee Keng, group head of Finance at Clifford Capital, believes it still comes down to getting the right balance, and often, the cost is relative. "Yes, cost is always a consideration. But you need to strike a balance between ease of doing business, competing priorities and cost, you can always spend millions of dollars on cybersecurity and have no resources for other things or make the business process more cumbersome. So, it's a delicate balance."

Next steps: maximising cybersecurity investment value

To maximise the value of your cybersecurity investments, it's essential to take a holistic approach that considers people, processes, and technology. This means investing in your employees, developing robust security policies and procedures, and selecting the right technologies for your business needs.

Another overlooked factor is investing in employees and driving cultural change. "So, I think you can see that the important thing is education," says Clifford Capital's Lim.

Another delegate agreed on the significance of cyber awareness within the investment strategy. He noted that in organisations with a large workforce, it's essential to implement cyber security awareness training to enhance understanding and awareness throughout the entire organisation. In their case, they use the opportunity to conduct scenario planning, such as for ransomware attacks.

More importantly, Okta's Goodman pointed out that having the right products, framework, partner, and training drives cultural change. "When cybersecurity impact is well understood at an organisational level, the knock-on effect on the cultural level is visible," he said. And this adds an essential layer of resilience because most attacks are focused on social engineering.

Finally, it's important to remember that cybersecurity is not a one-time investment; it's an ongoing process, pointed out Tighe. As such, businesses must continuously invest in cybersecurity to protect their assets and ensure long-term sustainability and financial health.

Delegates to the C-Engage roundtable on a CFO's Guide to Maximising Value from Cybersecurity Investments jointly hosted by FutureCFO and Okta held on 14 Jan 2025

Related:  Major cybersecurity trends in 2024
Tags: cybersecuritycybersecurity investmentsOkta
Allan Tan

Allan Tan

Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events. Previous Roles He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role. He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications. He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippine. Other sales roles include Encore Computer and First International Computer. He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific. He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific. He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.

No Result
View All Result

Recent Posts

  • Modernising Days Sales Outstanding (DSO) for 2025
  • A Day in the Life: Shelly Maneth from Red Hat Asia Pacific
  • Singapore Inc: Expanding horizons in ASEAN and beyond
  • Technology essentials for the modern CFO
  • Transforming budgeting through automation

Categories

  • Artificial Intelligence
  • Audit and Compliance
  • Automation
  • Big Data
  • Blockchain
  • Business Applications
  • Business Insights
  • Case Studies
  • Cloud, Platforms and Ecosystems
  • Competencies and Capabilities
  • Digital Transformation
  • eBooks and eBriefs
  • ESG and sustainability
  • Finance Accounting and Reporting
  • Future Technology
  • General
  • Infographics
  • Leadership and Roles
  • Mergers and Acquisitions
  • Operational Accounting and Control
  • Operations
  • Polls and Surveys
  • Resources
  • Risk and Regulation
  • Strategies and Tactics
  • Tax Management and Optimization
  • Technology
  • Treasury and Cash Management
  • Videos/Tutorials
  • Webcasts/Podcasts
  • White Papers

Strategic Insights for Finance Executives

FutureCFO.net is about empowering the CFO and the Finance Team to take on the leadership position in the digitalization of the enterprise. It's more than just a portal for the exchange of industry best practices, it is about creating and growing a community of finance professionals able to share learned experiences, providing a platform for the current and next generation of finance leaders and professionals.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO
  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Business Insights
    • Competencies and Capabilities
    • Digital Transformation
    • Leadership and Roles
    • Mergers and Acquisitions
    • Risk and Regulation
    • Strategies and Tactics
  • Operations
    • Audit and Compliance
    • Finance Accounting and Reporting
    • Operational Accounting and Control
    • Tax Management and Optimization
    • Treasury and Cash Management
  • Technology
    • Artificial Intelligence
    • Automation
    • Big Data
    • Blockchain
    • Business Applications
    • Cloud, Platforms and Ecosystems
    • Future Technology
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
  • Awards
  • Knowledge Hub
    • Sustainable Finance
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe