5th Jul 2017

I’m a CFO and I’ve been hacked

Rethinking cyber security: Be proactive before it’s too late.

No CFO ever wants to send an email that details how their company’s cyber security has been compromised.

Cyber security and data breaches are common causes of anxiety amongst board members. Often, they mistakenly believe their company has the necessary protections in place to prevent such a problem, and that it’s unlikely to affect them.

Unfortunately, cyber crime remains a reality for all too many organisations and the likelihood of sending the dreaded email to inform your customers, employees and suppliers that you’ve been hacked has increased dramatically in recent years.

In fact, according to a recent survey, 52% of all UK-based businesses fell victims to some form of cyber crime in 2016 – at a cost of £29.1 billion.

And once it’s happened, personalised and sensitive data such as a name, date of birth, bank account number or sort code can fetch big money on the black market. With many back-office systems and databases containing millions of confidential records, the consequences of a cyber attack or a data breach have become too dangerous to ignore.

Why should CFOs care?

Staggeringly high figures surround cyber crime, and this means CFOs can no longer afford to ignore the growing threat of cyber security and data breaches.

Traditionally thought of as an IT issue that could be handled by protecting IT infrastructure and website integrity, today we understand that cyber security and preventing data breaches is all about safeguarding valuable data that is being held in the hardware and software itself.

Protecting this information is of crucial importance to the overall success or failure of an organisation. And ultimately, the responsibility of protecting the bottom line and ensuring the viability of a business falls squarely on the shoulders of the CFO.

Infamous data breach: Supermarket checks out after payroll leak

Recent large-scale security incidents have shown that cyber security and data breaches have a range of adverse consequences.

In 2014, a large UK supermarket chain suffered a major data breach, when highly sensitive payroll details – including; salaries, bank account details and addresses – of a large but unspecified number of its staff leaked online.

Following a police-led investigation, it was revealed that the breach was a result of an internal leak, where data had been copied onto a portable storage device and taken out of their headquarters.

The infringement cost the supermarket more than £2m to rectify, and the sole perpetrator, a senior employee within the business, was jailed for eight years.