No Audio There is no audio in this video. ⏸ TRANSFORM 2024 Global Finance Trends Survey Report CFOs Address a Data Security and Privacy Triple Threat A trifecta of cybersecurity risk factors has lifted data security and privacy to the top of the chief financial officer (CFO) priority list. According to Protiviti’s annual Global Finance Trends Survey, 61% of finance leaders and professionals rate this area as a high priority for the coming year due to concerns that include cybersecurity disclosure requirements, rising threats of cyber warfare and extortion, and the soaring value of data assets. Publicly held companies rate the importance of data security and privacy higher (65%) compared to private organizations (57%).The gravity CFOs ascribe to cybersecurity reflects issues such as the rise of nation-backed hacking groups, collateral impacts from cyber warfare in the Middle East conflicts and the Russia-Ukraine war, and the fact that digital assaults from bad actors are growing more powerful, more refined, and more costly to organizations that are on the receiving end of the attacks. In addition, organizations’ insatiable thirst for more data – including financial, nonfinancial, structured and unstructured data – heightens the need to protect data assets, the value of which continues to climb. Finally, as more internal and external data supports regulatory disclosures and reporting requirements, that information must be subjected to the sophisticated controls, accuracy assurance and compliance savvy that reside within finance groups. Given their roles as stewards of the organization’s financial data (and much of its performance data), new and emerging security and privacy regulatory and disclosure mandates loom large for CFOs. Publicly listed companies have begun filing 10-K annual reports and 8-K cybersecurity incident reports in accordance with the amended Cybersecurity Disclosure Rule the U.S. Securities and Exchange Commission adopted last summer. In the European Union, the Network and Information Security Directive 2 expands the scope of the original directive to enhance cybersecurity across the entire European region by unifying national laws with common minimum requirements.Complying with these rules requires a combination of expertise in regulatory compliance and reporting, risk management, cybersecurity, incident response, and data governance. CFOs are working closely with their information security counterparts while performing related activities to strengthen data security and privacy, including the following:Pursuing multilateral education: In addition to educating CIOs and information security leaders on materiality evaluations, board reporting on financial statement disclosures, and the organizational (and personal) risks of cybersecurity disclosure errors and misrepresentations, CFOs are learning about incident recovery costs, remediation efforts and the nature of compromised data from their CISO counterparts. And both CFOs and CIOs are educating boards of directors.Improving board reporting: CFOs need to ensure their boards have timely access to information concerning cybersecurity risks and capabilities by helping to define roles, responsibilities and collaborations among the disclosure committee, individual executives, financial and public reporting preparers, and other contributors to the disclosure process.Establishing and fortifying accountability: While backup signatures provide a “chain of certifications,” they may not provide assurance that reliable information is being furnished to management for timely disclosure. Instead, leading CFOs create a “chain of accountability” by linking required disclosures to internal reporting processes that deliver the necessary information in a timely manner to those making disclosure decisions.Other work related to new disclosure and reporting requirements also reflects the CFO’s increasingly hands-on cybersecurity role. Finance leaders are developing new materiality frameworks for security and privacy breaches and monitoring how cybersecurity disclosures from other publicly listed companies are evolving (and, when called for, recalibrating their own disclosures to reflect leading practices).Additionally, CFOs continue to collaborate with their board and C-suite colleagues to find new ways to strengthen the organization’s overall cybersecurity processes as regulators, bad actors and investors intensify their scrutiny of this crucial capability. Topics Cybersecurity and Privacy Business Performance 2024 Global Finance Trends Survey Explore key findings from our finance survey on CFO transformations and global trends, emphasising tech's role in strategic growth and security. Read more Relevant Solutions Pro Briefcase Finance Transformation Protiviti helps finance leaders address their current challenges, prepare for future challenges, and explore opportunities for continuous growth, delivering innovative solutions and supporting finance as a forward-thinking, strategic partner for the business. Pro Building office Cybersecurity Consulting As technology rapidly evolves and digital adoption accelerates, Protiviti's cybersecurity and privacy team turns risk into an advantage – protecting every layer of an organization to unlock new opportunities, securely. Leadership Christopher Wright Chris is a Managing Director in New York, leads Protiviti's global Finance Transformation and Transaction Services solutions, oversees Protiviti’s Supply Chain, Operations, People and Change practices, and serves on our global ESG steering committee. He is the firm-wide ... Learn More