Cyber security is a top concern in our government, our workplaces and in our personal lives. Everyone makes a personal decision about how much to share with the digital/online world. In today’s business environment, a business will not flourish, and I would argue that it probably could not exist, without some kind of a cyber presence - at the least as it relates to email and cloud services. The use of technology that requires communication outside the four walls of our brick and mortar buildings opens the door of our company servers and allows potential hackers in. It is becoming increasingly urgent that we protect the businesses for which we are responsible from cyber wrongdoers. So why then are we hesitant to take steps to insulate ourselves and block or limit the amount of damage inflicted by a cyber-attack?
I recently worked on a project with several colleagues from The CFO Alliance, and joined a Special Task Force to share thoughts and research on best practices on the topic of cyber security. We developed a report, “Risk Monitoring: Cyber Resiliency Special Task Force Report,” that provides a robust analysis of all aspects of cyber security. It covers topics related to the human element of cyber risk and includes access and information policy suggestions. It also talks about financial readiness for a cyber incident, detailing information about the costs incurred as the result of a cyber-attack.
I forwarded the report, hot off the press, to a few colleagues to get their opinion. One of my colleagues has worked extensively in the digital world, and her response captures the reason the information in this report needs to go viral. She said, “I used to make suggestions around security, but the response seemed more of a ‘wait until something happens’ rather than ‘spend the money to protect the company.’” Although this report is written by CFOs for CFOs, in my opinion, it is a must read for every executive, manager, and employee user of company computer systems.
Kelly Tomlin is Executive Vice President and Chief Financial Officer of Admiral Valve LLC, and was a key participant and contributor to our Risk Monitoring: Cyber Resiliency Special Task Force.