Insights In Hindsight - Edition 8

Organizational Information Security Programs in the Age of Data-as-Currency?

One of the most fascinating aspects of the digital era is that data has become the lifeblood of all types of businesses, across size, sector, and geography. With the advent of predictive systems and AI-driven automation in recent years, data is now even more embedded in every interaction, process, and business decision within our organizations.

Today, most of us recognize that data and information are assets that create tangible value for business. And although so far there is no universally-accepted financial model for valuing organizational data or information, we look at data as a currency that we should collect, save and safeguard.

Unfortunately, leakages in business information and data have become fairly commonplace, posing a major financial risk, making it a crucial agenda for leaders across functions, the Chief Financial Officers (CFOs), and Chief Risk Officers (CROs) managing risk-mitigation controls.

Whether it is due to human error, system glitches, negligence, or a deliberate attack by cybercriminals, loss of data not only results in financial loss, but also reputation damage, intellectual property theft, regulatory fines, hefty legal expenses and more.

Cyber breaches are a dynamic data point that is growing exponentially with every passing day ?

As per Flashpoint’s annual data breach report , there were over 4,100 publicly disclosed breaches that exposed over 22 billion records in the year 2022. The impacted sectors include finance, insurance, healthcare, education, technology, retail, telecom, automotive, and more. While a majority of the cyberattacks impacted businesses in the U.S., businesses in India ranked number 4 amongst the top 10 most targeted. Some of the top hacking mechanisms included phishing, Distributed Denial-of-Service (DDoS) attacks, and ransomware. Currently, the average total cost of a single data breach globally is approximately $4.35 million , while in India this number is $2.32 million . On average, it takes 277 days to identify and contain a data breach and experts say that by 2025, cybercrime will cost the world $10.5 trillion .

Cybersecurity is a moving target

Despite advances in information security technology, threat actors motivated by greed continue to do whatever it takes to gain illegal access to valuable business data and information. Regardless of sector, geography, or size, it is only a matter of time before an organization faces some kind of data loss incident.?However, those organizations that fully deployed security AI and automation experienced a 65.2% lower average breach cost compared to those where information security processes were driven by manual inputs or across dozens of complex tools and non-integrated systems. Moreover, organizations with sophisticated AI-driven cybersecurity protocols took 77% less time to identify and contain the breaches.?

CFOs play a critical role in strengthening information security programs

As CFOs, we may not have any direct reporting relationship with the CIOs or CISOs. However, as partners of the CEO and board members, we are in a unique position to add value to this area by:

• Reviewing the organization’s risks and vulnerabilities at periodic intervals by ensuring the completion of IT security audits.
• Building risk assessment plans and mitigation strategies that not only try to prevent cyberattacks but also improve the chances of surviving cyberattacks and recovering from them quickly.
• Helping CIOs justify the costs and ROI of investments in cybersecurity policies and initiatives, including resourcing of cybersecurity projects.
• Supporting the IT, Information Security, and Legal teams during the creation and ongoing fine-tuning and implementation of enterprise-wide cybersecurity, integrated policies, and programs.
• Educating and informing the CEO and Board about the latest risk trends, the company’s risk profile, and cyber mitigation efforts.?

In addition to the above, we can also apply our expertise for:

• Benchmarking cybersecurity spends.
• Assigning a monetary value to cyber risk so that there is a quantitative and uniform approach for measuring business and risk value. This will also help in translating technical data security and privacy into business terms that resonate with the CEOs and the Board.
• Extending cyber risk management beyond the finance organization’s domain into third-party partners, and ensuring that data security and privacy matters are integrated into vendor applications at an early stage.?

The 2022 Global Finance Trends Survey by Protiviti reiterates that CFOs give cybersecurity the same level of priority as they do for liquidity management, financial planning, and analysis or other core finance and accounting agendas. In fact, this report also confirms my earlier thoughts on the changing role of the CFO , where our accountabilities and priorities go far beyond the boundaries of traditional finance and accounting activities. Thanks to our understanding of the relationships between business strategy and cybersecurity risk, we are in a better position to leverage our cross-functional relationships and make evidence-based decisions that can support cybersecurity program development and implementation in our respective businesses. ?

#informationsecurityprograms #informationsecuritytechnology #cybersecurity #cyberrisks #databreach

Snippets of Articles That May Interest You        

Unlocking Human Ingenuity to Drive Outcomes

Ingenious business solutions are being developed all around us in every sector, industry, and geography. Whether it is for addressing an existing problem, building on a latent need, or creating a new market, human ingenuity is at play. Are you reimagining your business models, value proposition, or any other aspects of day-to-day business operations? How are you activating, unlocking, or channeling human ingenuity in your organizations? Read on

#ingenuity #ingeniousbusinesssolutions #creativity #problemsolving #reimagineourbusinesses

Authenticity – The Essence of Your Personal Brand

Personal branding is not just for leaders, founders, or celebrities, but for anyone who wishes to distinguish themselves from the rest in their field or profession. If authenticity is at the forefront of our personal brand, it is likely to attract authenticity from others around us as well. Sharing some of my thoughts about building a personal brand on the foundation of authenticity. Read on

#authenticity #personalbranding #personalbrand #authenticityinpersonalbrand #authenticitybegetsauthenticity #authentic

Updates From Practus        

I am humbled and elated to share that I was recently recognized as one of the Top 25 CEOs in the Top 100 list of Great People Manager Study 2023!!?I am grateful for this opportunity to be able to represent my organization and the industry. This award is also for each and every team member of the Practus team past and present, business partners, board, friends, and well-wishers who have supported us all through these years. This wouldn't have been possible without my co-founder and my partner Venkat S , for the opportunity that was given to lead the company and for being my mentor for the last 16 years. Here's more .

Undoubtedly, today's CFOs must possess a diverse set of skills to meet the demands of the job. I shared my thoughts on this in my article for The Economic Times. From strategic thinking and data analytics to leadership and emotional intelligence, every new-age CFO must be equipped to drive financial performance and lead the business to success. Read on .

At Practus, we take our sports time as seriously as our dedication to delivering excellent ROI to our clients! No doubt, therefore, that our Practus Premier League 2023 was met with immense enthusiasm and joy! Here's more .

That's all for this month! See you all next month!