Every executive team and board of directors is asking themselves the same question in regard to their cyber risk right now: what can we do differently to avoid being the next Equifax, Yahoo! or Target, and protect our shareholder value?
CFOs Don’t Worry Enough About Cyber Risk
Research has shown that data breaches result in an average stock price drop of 5%, while average revenue decline is $3.4 million. And, once the EU’s General Data Protection Regulation (GDPR) comes into force beginning in May 2018, data breaches could lead to fines of up to €20 million. Given the growing relationship between cyber risk and financial risk, the CFO should ultimately be accountable for cyber risk. But CFOs cannot manage the company’s security alone, and should partner closely with others who have a clear and vested interest in managing this risk, including the CIO and the CISO. To that end, the most forward-looking CEOs will ultimately consider factoring security measures and successes into the CFO’s bonus and require regular updates given by the CFO and CISO to the board. Afterall, customers’ data and trillions of dollars at stake.