The role of CFOs and CMOs in cyber security

The internet has made it possible for people to work together even when they are on different continents and yet there seems to be nothing technology can do to erase the barriers that can stop different departments from fighting over competing priorities and internal territorial rights. Getting them to come together for the common good is, ironically, usually what is best for their departments too, as individual departments cannot exist in isolation.

While there is a lot to be said for flatter management structures and a high level of employee engagement, at the end of the day, managers who “walk their talk” are best placed to get their employees to follow them willingly and, since cybersecurity now has the potential to impact everyone’s lives, senior IT professionals need to make it a priority to educate their colleagues on its importance and their first approach should be to the Chief Financial Officer (CFO) and the Chief Marketing Officer (CMO).

The CFO is the person who is responsible for ensuring that a company’s shareholder equity is as high as it can be, which means not only maximising income but also minimising expenses.

CFOs are generally quite capable of understanding the benefits of insurance against relevant risks, which, fundamentally, is what IT security is all about, but since they are not usually IT experts, they generally need someone to take them by the hand and explain what IT security means in practical terms, which, ultimately boils down to financial ones.

CFOs may also be heavily involved in shareholder communication and therefore by educating the CFO, you can help to push to message out to (potential) shareholders that your company takes data protection seriously.

Reinforcing to the CFO that investment in cyber security pays for itself is a good approach if they are wary of releasing the cash. If your customers feel confident that their data is safe with you, and your stakeholders know that unexpected expenses to cover breaches of data security are unlikely, your CFO will be doing their job effectively.

In the analogue world, marketers had relatively little data at their disposal compared to their modern counterparts and the data they had was relatively hard to abuse. These days, however, the CMO’s job is much more data-driven, in fact today’s CMOs are in charge of vast amounts of highly sensitive and highly valuable data in a world where the internet has made it much easier to communicate with people under a false identity and in a way that is difficult to impossible to trace.

IT professionals may understand this, but they need to make sure that the CMOs with whom they work are also aware of their responsibilities and of the vital importance of ensuring that they have end-to-end knowledge of each and every piece of data they are collecting, storing and/or processing.

A good CMO will understand the risks associated with the marketing data their company owns being exploited, and the long-term lack of trust it would lead to. Taking active steps against data theft and hacking must be a priority, even above getting that new software out quickly or encouraging customers to embrace an exciting but untested new app.