Waypoints: Ideas and Insights to Navigate Enterprise Complexity

During the primetime of the 2017 10K filing season, the SEC issued additional guidance and expectations for cybersecurity disclosures. Cyber has been a hot topic for the SEC in the last several years. The financial impact to companies to prevent and then respond to a breach cannot be overstated.

The AICPA has issued a much-anticipated standard on cyber security. The new guidance, referred to as the “Cyber SOC,” creates a process that CPA’s can use to review and report on a company’s cyber security. In the past, organizations relied on various consultants, internal resources, and sometimes just plain luck, to identify and mitigate cyber risks. The Cyber SOC fundamentally changes how cyber threats are evaluated and managed. It allows for an independent, objective look at an organization’s processes, policies and controls around cyber risks. 

As we continue in our series, Top Middle Market CFO Challenges for 2017, the growing threat of cybercrime is becoming top of mind for today’s CFOs. Cyberattacks are on the rise. In 2016, the number of US data breaches increased 40%—an all-time record high according to the Identity Theft Resource Center.

It may be easy to assume that the responsibility for addressing cyber risks rests with your IT department, because after all, these appear to be mostly IT-related risks. However, what may be less obvious are the very significant financial risks involved with a cyber breach. This should be keeping most CFOs up at night. 

Developing a cybersecurity strategy can give your organization the foundation and mandate to develop good policies and procedures for improving resilience. As 2016 comes to an end and we begin looking into 2017, I want to reflect and provide a few observations of strategic cybersecurity mistakes we have seen this year resulting in major losses for many organizations.

If the recent financial crisis taught us anything, it taught us the value of a high-functioning board of directors. An educated, involved board can help steer an organization away from needless risk and into a balanced governance structure – the board handles oversight while management handles day-to-day operations.

If I had to guess, I’d say you are reading this on your iPhone, iPad, Galaxy or some other mobile device. I’m not clairvoyant; research shows more than half of all emails are opened on mobile devices.

It’s Halloween, and tiny goblins will be out for trick or treat on Saturday night. In this week’s blog, I thought I’d give you a few tips so you won’t be tricked by your vendor’s cybersecurity.

How secure is your business data?

If you’re like many CEOs and CFOs, you hope it’s safe, but you have other, more pressing issues to address. I’ve heard many business leaders explain the reasons hackers wouldn’t be interested in their data: they’re too small, they don’t handle medical records, they don’t process credit cards, or they don’t sell anything over the Internet.

With the rapid evolution of cloud based computing, many organizations face the fundamental question of whether or not they should employ third party solutions to facilitate convenience within their entity.