As cybersecurity breaches make headlines across the country, one leading benefits technology company is stressing the importance of internal teamwork -- including between chief technology officers and chief financial officers -- to combat the threats both large and small.
In wide-ranging responses to questions from HR Daily Wire, Todd Seiffer, CFO for Businessolver, laid out the dangers faced by companies and delivered advice on the best way to navigate around the threats.
Question: There have been the high-profile breaches, but what about those who do not receive the publicity. From your understanding and knowledge, how big is the problem at mid-level and can you comment?
Answer: While not all breaches make the national news, all breaches have an impact on a subset of the population in some way. The scale of media coverage you see around a security breach will depend on how high profile the company is, the size of the breach and the users it affects. We’ve all heard about the breaches of Equifax, Yahoo, Target, Uber, WannaCry, and more from mainstream media and social media. However, small business and large enterprises are equally affected by the proportion of email malware spam rates, according to Symantec’s 2018 Internet Security Threat Report, which makes them just as susceptible to attacks and breaches. In February alone, local security breach announcements were made in Atlantic City, Charlottesville and Detroit. These attacks you rarely hear about unless you live in the area of the business.
To stay out of the headlines, companies and CFOs need to stay vigilant. Don’t rest on your laurels and don’t get complacent. Continue to raise your own bar and push your organization forward and constantly improve your own security protocols and systems. Have a plan – and a second plan – to improve and invest in proper security for your customers and for your employees.
Q.: In the past, was there a tendency within companies to have arm’s length relationships, maybe in certain areas, between financial and technical officers?
A: Ten or fifteen years ago, many officers stayed in their departmental swim lanes and may be offered advice at leadership meetings. But today – across industries and across multiple departmental functions – officers and their teams are working together to improve the business’ relationship with the customer. When it comes to security specifically, the entire leadership team should have a seat at the table for that discussion including the CFO. A CFO's role in the company is to anticipate, assess and react to risks in whatever form and security breaches are a risk for an entire organization. The financial impact of a potential breach means that CFOs need to play a more strategic role in security, whether it’s planning or understanding day-to-day operations.
Q.: Can you put in words for us what is the potential financial impact on companies if they suffer a data breach?
A: The financial impact of a data breach depends on the organization, the type of information impacted, whose information was impacted and how it was impacted. There are immediate costs around the investigation of a breach, further program development or updates to fix the issue, employee re-training, remediation, and in some cases, mitigation, such as credit monitoring and legal fees, which can be quite costly. But the bigger cost that most companies don’t consider is reputational. Clients and prospective customers will question the company and their relationship or trust in it. Many companies lose clients and customers after a breach, which has a much deeper impact on the brand that is harder to define, quantify, and react to.