Archive

Archive for May, 2014

CFO’s & Cyber Risk: Protecting Your Performance…& Shareholders

May 2nd, 2014 Comments off

As a CFO, I can’t help but be a bit shocked at the recent article on CFO.com “CFO’s Disregarding Cyber Risks”.  In my position, and more in relation to my past positions, my involvement with IT-related activities typically centered on the ongoing assessments of our ERP platforms, annual budgets, necessary capex, and the standard operational issues. I can honestly say that cyber risks were really not part of our ongoing concerns, nor was the topic ever tabled by the rest of the senior leadership team or the Board. We also weren’t planning in an environment where billion dollar breaches were being reported in the press.

Fast forward a few years and it’s hard not to take note, and initiate an elevated level of planning, in the face of the Target breach that occurred just prior to the Holiday shopping season. I don’t care what industry you work in, any CFO should take note of a company which, in a single Quarter, revises their earnings estimates down by 25%, or approximately $250 million. How about a revision in revenue estimates that takes the topline down by almost $1 billion….in a single Quarter! Even more importantly, at the time of the revisions, the company was unable to assess the potential impact of the breach beyond the current Quarter. That event by itself should have every CFO looking over their shoulder and considering the proverbial “what if”. Evidently not…

In the recent article on CFO.com, which drew 600 responses, CFO’s ranked data privacy only 12th on their list of corporate risks. In comparison, data privacy ranked 26th on their list in 2013. While the level of importance is rising, it’s still not being given the proper level of attention. At the top of their list was legal and regulatory shifts. In hindsight, I would love to have someone provide me an example where legal or regulatory changes resulted in an immediate and material revision to earnings or revenues. These are typically changes that are discussed over extended periods and phased in, thus allowing the company and shareholders to digest the resulting changes in how the company reports its results. This is in stark contrast to waking up and realizing you’ve just compromised the privacy for 70 million of your customers in the most critical shopping time of the year.

What was also concerning about the article is that 57% of the respondents weren’t analyzing whether they had enough cyber insurance coverage or weren’t undertaking additional key activities to sufficiently mitigate the risk of cyber risk. This was not only happening at the senior leadership level, but at the Board level as well. While the public and general investing community is aware of the breaches that are reported in the press, I know I have taken an entirely different approach to my personal cyber security as a result of the work I see our team doing across a wide spectrum of industries and with companies that are very recognizable to us all.

As a CFO, if you want to ensure that all of your costs saving initiatives and EBIT performance aren’t compromised, the investment in a security solution will pale in comparison if you do encounter a significant breach…

Thanks for reading…

Jeffrey Ishmael