CFOs and financial leaders have a new top priority: data security and privacy. A new study released today from consulting firm Protiviti finds that 61% of global finance leaders at companies rate this issue as a major concern.

Data security and privacy have long been a concern for CFOs, though it wasn’t always a top priority. Protiviti conducts a similar study every year, and data security was ranked fifth a year ago. Previously, this issue was thought to be more in the purview of a company’s IT department, said Christopher Wright, global leader of Protiviti’s Business Performance Improvement solution.

“Now, new cybersecurity disclosure and reporting requirements, along with customers’ and vendors’ growing expectations for organizations to keep data private and secure, also require the CFO’s hands on the wheel to remain compliant and maintain high data governance standards,” Wright said in a statement about the results.

Financial leaders also may have been responding to a June Securities and Exchange Commission settlement with RR Donnelley & Sons Company about the company’s handling of a 2021 ransomware attack. Forbes contributor Priya Cherian Huskins writes the SEC fined RRD $2.1 million for insufficient internal accounting controls. In a 2021 hack, a threat actor was able to access data belonging to 29 RRD clients, but not RRD’s financial systems or corporate financial and accounting data.

According to the June settlement, RRD did not act quickly enough or conduct its own investigation of security alerts raised by its internal security team, and failed to protect company “assets”—-which are in this case RRD’s IT systems and networks. This is a departure from what the SEC has historically deemed a company’s “assets”: the funds, properties and products managed by internal accounting controls, Huskins points out.

The decision was controversial, with two SEC commissioners issuing a dissent that calls the commission’s decision to punish a company for being the victim of a cyberattack “concerning.” “Any departure from what the Commission deems to be appropriate cybersecurity policies could be deemed an internal accounting controls violation,” it states.

CFOs have eyes and understanding about most of a business’s financial functions, though what HR does with its recruiting budget may not be crystal clear. I talked with Neil Costa, CEO and founder of recruiting marketing firm HireClix, about how CFOs can make sense of a recruiting budget and find appropriate areas to trim spending that won’t hurt the candidate pipeline. An excerpt from our conversation is later in this newsletter.

Read full article here