• About
  • Subscribe
  • Contact
Wednesday, April 30, 2025
    Login
FutureCFO
  • Business Insights
    • Competencies and Capabilities
    • Digital Transformation
    • Leadership and Roles
    • Mergers and Acquisitions
    • Risk and Regulation
    • Strategies and Tactics
  • Operations
    • Audit and Compliance
    • Finance Accounting and Reporting
    • Operational Accounting and Control
    • Tax Management and Optimization
    • Treasury and Cash Management
  • Technology
    • Artificial Intelligence
    • Automation
    • Big Data
    • Blockchain
    • Business Applications
    • Cloud, Platforms and Ecosystems
    • Future Technology
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
  • Awards
  • Knowledge Hub
    • Sustainable Finance
No Result
View All Result
  • Business Insights
    • Competencies and Capabilities
    • Digital Transformation
    • Leadership and Roles
    • Mergers and Acquisitions
    • Risk and Regulation
    • Strategies and Tactics
  • Operations
    • Audit and Compliance
    • Finance Accounting and Reporting
    • Operational Accounting and Control
    • Tax Management and Optimization
    • Treasury and Cash Management
  • Technology
    • Artificial Intelligence
    • Automation
    • Big Data
    • Blockchain
    • Business Applications
    • Cloud, Platforms and Ecosystems
    • Future Technology
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
  • Awards
  • Knowledge Hub
    • Sustainable Finance
No Result
View All Result
FutureCFO
No Result
View All Result
Home Business Insights Digital Transformation

Gartner: CFOs must treat cybersecurity as a business decision

FutureCFO Editors by FutureCFO Editors
May 27, 2024
Photo by Life Of Pix: https://www.pexels.com/photo/brass-colored-metal-padlock-with-chain-4291/

Photo by Life Of Pix: https://www.pexels.com/photo/brass-colored-metal-padlock-with-chain-4291/

Chief financial officers must start, if they hadn't already, to treat cybersecurity as a business decision, according to Gartner, Inc.

The technological research and consulting firm says that with more executives identifying security as critical for enterprise revenue growth, CFOs need to be comfortable handling cybersecurity investments that provide defensible performance and outcomes to business stakeholders.

“There is no such thing as perfect protection,” says Paul Proctor, distinguished vice president analyst at Gartner “No matter how much an organisation spends, it can still get hacked the next day, so the real question is: can finance leaders defend the choices they have made on cybersecurity to their key stakeholders?”

Paul Proctor

Proctor points out on the importance of developing an approach to cybersecurity that balances protection with running the business during the Gartner CFO & Finance Executive Conference.

According to Gartner, executives must develop a cybersecurity posture they can defend to shareholders, to regulators, to employees, customers, and partners, in the event of an incident. Doing so results in more effective cyber protection. The best way to do this is to treat cybersecurity as a business investment.

This means that CFOs need to determine the business value of cybersecurity using outcome-driven metrics and a business value benchmark.

“The emergence of protection level benchmarks is a critical step in the development of a cybersecurity standard of due care,” says Proctor.

This enables CFOs to make informed cybersecurity investments that balance the need to protect and run their business while also better managing chief information security officer (CISO) demands for budget.

“Treating cybersecurity in a manner that reconciles measurable levels of protection with the needs of the business, which are called Protection-Level Agreement (PLA) decisions, creates a defensibility of their implementation,” Proctor says. “This kind of defined agreement leads to better cybersecurity investment decisions, better execution and a safer world overall.”

For example, instead of reporting on the number of attacks an organisation receives, Gartner says executives should report on the number of days to patch critical systems.

This has a direct line of sight to the value proposition of patching, which is to limit the number of days a vulnerability is available for hacking. Then executives can weigh the cost of faster patching against the reduced risks to critical systems which is a business decision based on a measurable level of protection.

“If an organisation’s PLA is for 30-day patching of critical systems, and those systems get hacked via an unpatched vulnerability after 35 days, that is a control failure: security and IT have failed to deliver on the agreement,” says Proctor. “However, if the same vulnerability is hacked in 25 days, that is as a result of a business risk decision: a concrete, measurable, enforceable assertion of risk-appetite.”

There are two measures of cybersecurity value, first is operational value delivery, and second is the target level of protection. Both are important to create defensibility for executives.

“The organisation must make conscious decisions regarding what it will do, and more importantly, what it will not do to protect itself,” says Proctor. “Residual risk must be accounted for, and as the business grows, CISOs, CFOs and other executives must continually reassess how much risk is appropriate.”

Related:  ASEAN+3 regional economic outlook: October 2023 update
Tags: CFO strategycybersecurityGartner
FutureCFO Editors

FutureCFO Editors

No Result
View All Result

Recent Posts

  • Modernising Days Sales Outstanding (DSO) for 2025
  • A Day in the Life: Shelly Maneth from Red Hat Asia Pacific
  • Singapore Inc: Expanding horizons in ASEAN and beyond
  • Technology essentials for the modern CFO
  • Transforming budgeting through automation

Categories

  • Artificial Intelligence
  • Audit and Compliance
  • Automation
  • Big Data
  • Blockchain
  • Business Applications
  • Business Insights
  • Case Studies
  • Cloud, Platforms and Ecosystems
  • Competencies and Capabilities
  • Digital Transformation
  • eBooks and eBriefs
  • ESG and sustainability
  • Finance Accounting and Reporting
  • Future Technology
  • General
  • Infographics
  • Leadership and Roles
  • Mergers and Acquisitions
  • Operational Accounting and Control
  • Operations
  • Polls and Surveys
  • Resources
  • Risk and Regulation
  • Strategies and Tactics
  • Tax Management and Optimization
  • Technology
  • Treasury and Cash Management
  • Videos/Tutorials
  • Webcasts/Podcasts
  • White Papers

Strategic Insights for Finance Executives

FutureCFO.net is about empowering the CFO and the Finance Team to take on the leadership position in the digitalization of the enterprise. It's more than just a portal for the exchange of industry best practices, it is about creating and growing a community of finance professionals able to share learned experiences, providing a platform for the current and next generation of finance leaders and professionals.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO
  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Business Insights
    • Competencies and Capabilities
    • Digital Transformation
    • Leadership and Roles
    • Mergers and Acquisitions
    • Risk and Regulation
    • Strategies and Tactics
  • Operations
    • Audit and Compliance
    • Finance Accounting and Reporting
    • Operational Accounting and Control
    • Tax Management and Optimization
    • Treasury and Cash Management
  • Technology
    • Artificial Intelligence
    • Automation
    • Big Data
    • Blockchain
    • Business Applications
    • Cloud, Platforms and Ecosystems
    • Future Technology
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
  • Awards
  • Knowledge Hub
    • Sustainable Finance
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe