Cyber Risk and CFOs – Over-Confidence is Costly – 2022 Edition by KROLL

Our research has shown that CFOs are highly confident in their companies’ abilities to ward off
cyber security incidents, despite being somewhat unaware of the cyber vulnerabilities their business
faces. Almost 87% of the surveyed executives expressed this confidence, yet 61% of them had
suffered at least three significant cyber incidents in the previous 18 months. Moreover, they
admitted to being out of the loop: 6 out of 10 were not regularly briefed by the cyber team, and nearly
4 out of 10 had never received such an update, according to the survey conducted by Kroll and
studioID of Industry Dive.
The CFOs also put a price tag on the cyberattacks they had suffered in the previous 18 months:
between $10 million and $25 million for about one-third of companies who suffered a significant
security incident, and more than $25 million for almost 16% of the companies. It is imperative that
CFOs and their finance teams up their involvement in cyber investment, from planning to prevention
and response strategies. Failing to do this leaves CFOs out of the loop on cyber issues and threatens
the business with significant—and, critically, unexpected—financial consequences.

Key Points
• A total of 87% of CFOs are confident in their companies’ cyber security capabilities,
but 4 out of 10 had never had a briefing from information security leadership
• Comparatively, 66% of Chief Information Security Officers (CISOs) in the State of
Incident Response 2021 report thought that their organization was vulnerable, and 82%
said that the average organization in their industry was vulnerable to cyberattack
• 71% have suffered more than $5 million in financial losses stemming from cyber
incidents in the last 18 months

• 82% of the executives in the survey said their companies suffered a loss of valuation
of 5% or more following their largest cybersecurity incident in the last 18 months
• Cyber security spending is increasing: 45% of respondents plan to increase the percentage
of their overall IT budget dedicated to information security by at least 10%
• CFOs need to understand cyber security strategies and the resulting investments
required, as well as potential financial risks from cyber incidents.

Leave a Reply

Your email address will not be published. Required fields are marked *