TechTarget: 3 reasons why CISOs should collaborate more with CFOs

On December 11, NetSPI Managing Director Nabil Hannan was featured in TechTarget:

At the end of the day, cybersecurity is a financial issue. Breaches can result in significant financial loss and reputational damage. Consider these statistics:

  • The global average cost of a data breach is $3.86 million, according to the
    Cost of a Data Breach Report 2020,” with the U.S. having the highest average at $8.64 million.
  • Another report found that insider threats are the most expensive category of attack to resolve, costing an average of $243,101. And this number is increasing.
  • Lastly, in just the first six months of 2020, 3.2 million records were exposed in the 10 biggest breaches – eight of the breaches occurred at medical or healthcare organizations. Healthcare was deemed the costliest industry by the “Cost of a Data Breach Report” with the average cost of a breach reaching $7.13 million.

Now forget those statistics; push them aside. While it’s important to understand the financial aftermath of a breach, security teams need to uncover more proactive methods for communicating the value of their investments with organizational leadership to get buy-in (and funding) upfront. However, communicating the return on investment (ROI) of a security program, in which the results are not always tangible, has proven to be a challenge for security leadership.

The shift to a more proactive security program assessment can only occur if the chief information security officer (CISO) first has a greater voice at the table in the boardroom. As the individual most responsible for ensuring information assets and technologies are adequately protected, the CISO can serve as a bridge between the highly technical voices in infosec and other C-suite executives who are more financially, operationally or innovation focused.

And who among the C-suite can make this shift a reality? The chief financial officer (CFO). CISOs need to establish a stronger relationship with their CFO and financial team to better communicate the value of existing, and future, security investments. Here are three ways – and reasons why – the CISO and CFO should work more closely together.

Read the full article here:

Discover why security operations teams choose NetSPI.