CFOs may be overconfident in their companies’ ability to handle cybersecurity issues, according to a survey released Tuesday.
The global survey of 180 CFOs, CEOs and other CFOs conducted by New York-based Kroll Inc. showed “a stark correlation” between their confidence in their organizations’ cybersecurity capabilities and the actual damage cyber incidents cause, the report said.
The survey found that 99% of respondents were somewhat confident, including 87% who said they were “very” or “extremely so.”
Yet 61% said their company had experienced at least three significant cyber incidents in the past 18 months, and only 40% of finance teams receive regular briefings or updates from the information security team. Nearly 37% never received such updates, the report said.
The report noted that putting security risks on the board-level agenda has only become common in recent years.
James McLeary, managing director of Kroll̵7;s cyber risk practice, said in the report that CFOs should participate in cybersecurity planning at multiple levels within the company, including crisis and incident management planning and tabletop exercises. This will enable them to “understand the overall cyber investment strategy and to evaluate financial risks and possible expenses,” he said.