In today’s high-stakes digital business battleground, cybersecurity isn’t just for the IT team.
Cyber threats are a growing challenge for businesses of all sizes, and against that backdrop the role of chief financial officers (CFOs) and senior leaders in cyber resilience is growing as critical as their oversight in finance or compliance.
Finance functions, after all, tend to hold the keys to the enterprise kingdom: high volumes of sensitive data around payment information, financial forecasts, internal strategies, external partners and more.
A cross-functional approach that includes finance helps ensure cybersecurity measures are in line with business priorities and can adapt to evolving threats without sacrificing innovation.
And the evolution of the CFO from bean-counter to business partner to cyber-savvy leader is particularly relevant as finance teams play a growing role in digital initiatives — including the embrace of automation, artificial intelligence (AI)-driven financial analysis and eCommerce payments. The expertise of CFOs in risk management, regulatory compliance and resource allocation leaves them well-positioned to champion cybersecurity.
Read more: How Finance Leaders Mitigate Uncertainty’s Invisible Expenses
Standing Up a Cross-Departmental Cyber Defense
Rather than viewing cybersecurity as a cost center, finance leaders should position it as a strategic asset that mitigates risk, strengthens operational continuity and sustains investor confidence.
Bank of America stressed earlier this month that, “If cybercrime damage were a state, it would be the world’s third-largest economy.” The global bank noted that the cost and prevalence of cyberattacks is growing alongside the increases in digitization and AI.
A finance-led approach to cyber resilience establishes security protocols that protect these digital assets while enabling growth, adding an extra layer of accountability and oversight.
“The role of the treasurer and the CFO has evolved and will continue to evolve,” Adrienne Bloom, managing director, head of Asia Pacific financial institutions, corporate banking at Bank of America, told PYMNTS. “It’s becoming a bigger and broader job.”
CFOs can introduce frameworks that assess the cybersecurity risks of new initiatives alongside their projected return on investment (ROI). By calculating the risk-adjusted benefits of implementing security-enhancing measures early, CFOs ensure innovation can proceed without exposing the company to heightened cyber risks.
While many C-suite executives, including CFOs, may lack deep technical knowledge of cyber threats or may feel cybersecurity is outside their domain of expertise, cyber resilience is no longer a responsibility that can rest solely with IT, particularly as it impacts not just an organization’s cyber perimeter but also its payments processes.
“Fraud is growing as fast, or faster, than the pace that the overall B2B market is growing,” Eric Frankovic, general manager of business payments at WEX, told PYMNTS.
Read more: CFOs Suit Up for Cyberwar as Risk Management Evolves
Cyber Resilience as a Strategic Imperative
For companies to build defenses that adapt to evolving threats without stifling progress, CFOs and the C-suite must embrace a proactive approach to cybersecurity. By fostering cross-departmental collaboration and embedding resilience into digital initiatives, finance leaders can secure their organizations’ digital futures while safeguarding growth.
Alicja Cade, director of financial services in the Office of the CISO at Google Cloud, told PYMNTS that cybersecurity must be “baked into the DNA” of a business. It cannot be siloed within the IT department but must be integrated into every part of the organization, from business processes to leadership decision-making, adding that this is especially true in financial services.
In separate interviews for the “What’s Next in Payments” series, executives also told PYMNTS that a multilayered security strategy, also known as defense in depth, is crucial for reducing risks at various levels. This approach means implementing multiple defensive measures across the enterprise network.
One of those key defensive layers is increasingly the digitizing of legacy and paper-based payment workflows. With workflows digitized, businesses are able to turn to AI and machine learning (ML) technologies to detect anomalies in payment transactions in real time. These systems can analyze vast amounts of data to identify unusual patterns that may indicate fraud or cyberattacks.
“What you want to do is catch it before it becomes a crisis,” said Rick Kenneally, chief technology officer at Boost Payment Solutions. By partnering with companies that provide early warnings about threats and scams when they see them independently, such as domain spoofing attempts, businesses can stay ahead of potential threats.