Cybersecurity survey calls out UK CFO disconnect
Given the major financial implications associated with cybersecurity violations, it would be reasonable to assume that CFOs play an important role in preparing for and responding to cyberattacks. However, a survey published in May suggests that this is not the case.
The survey, published by UK cybersecurity firm Deep Instinct, reveals that only 12% of CFOs are actively involved in cybersecurity planning and only 14% of these CFOs believe their companies are well-prepared for “cyber-resilience”. ‘The study, based on a survey of 200 CEOs, senior financial and IT security managers at medium and large UK companies, reveals a major disconnect in the perspectives of CFOs compared to 63% of CEO respondents which indicated that their companies were well prepared.
The Deep Instinct survey also reveals a disconnect in understanding related to the real financial implications of cyberattacks. Above all, attacks tend to be more expensive than higher-level decision makers expect them to be. On average, respondents indicated that they would be willing to pay up to £ 760,000 as a result of a beach safety; however, in reality, rescuers who paid ransoms paid an average of more than £ 3 million, four times more than expected.
Decisions to be taken in the field of cybersecurity
From a decision-making point of view, CFOs surprisingly seem to take a back seat to determining whether to pay a ransom and how much, assuming responsibility for this decision in only 14% of attack situations. And even when companies suffered ransomware attacks, only 32% were able to recover data even after paying malicious actors.
The answer, according to Deep Instinct: “studious financial planning” to better understand how vulnerable a company is to a cyberattack. This is confirmed by the results of the survey which indicate that only 38% of respondents are confident in giving monetary value to the data within their organization, and almost half gave answers that showed a lack of understanding of vulnerabilities. real or have not made any assessment to determine how economically vulnerable they may be.