Dive Insight: 

• Nearly half of C-suite and other top executives expect the frequency of cyberattacks targeting their organizations’ accounting and financial data to increase in 2023, according to a Deloitte Center for Controllership poll.
• Despite this, only 1 in 5 of those polled say their organizations’ accounting and finance teams work closely and consistently with their cybersecurity teams or CIOs.  
• “One of the absolute key relationships within an organization is between the CIO and the CFO because the mission of the CIO is to make sure that the organization is running not only efficiently, but effectively, and that's the same thing the CFO is concerned about,” Russ Porter, CFO of the Institute of Management Accountants.  

Dive Insight: 

Less than half, 43%, of the 1,100 C-suite and other top-level executives polled say their organizations’ finance and cyber teams only work together as needed “with inconsistent closeness and consistency,” Deloitte found. Just 1 in 5 are closely aligned. 

Meanwhile, CFOs may put IT spend on the back burner in the face of unfavorable economic headwinds. Only 14% of CFOs expect to prioritize IT infrastructure in 2023, while the top priorities are cost management and financial performance, according to Deloitte’s most recent CFO Signals report. 

“As always, CFOs are tasked with optimizing spend, and preparing for a number of different potential scenarios,” Porter said. “I wonder if CFOs are looking at potentially deferring adoption of new technologies in favor of keeping up and refreshing the tech stacks,” he said. 

However, the lack of focus here could come back to bite finance chiefs.

During the past 12 months, more than one-third of polled C-suite execs said their organizations’ accounting and financial data was targeted by cyber adversaries.

“I would not be surprised to hear that some CFOs are evaluating what I'll refer to as maintenance of their existing tech stack versus enhancements to their technology environment,” Porter said. 

These enhancements can take place in the form of adding new capabilities to teams or investing in pursuing new opportunities, according to the finance chief, who also spent three decades at IBM. 

“CFOs are designed to manage risk, not to manage risk to zero, but to manage risk of action versus what's the risk of not taking action? And larger companies are going to make different decisions about ‘how much do I invest in preventive measures, versus what's it going to cost me if I am impacted by a cybersecurity event?’” Porter said. 

As the scope of the CFO’s responsibilities have widened in recent years, Porter stressed how a strong and reliable relationship between a CFO and a CIO is essential in optimizing tech spend for the year ahead. 

When deciding on whether or not to spend big on preventative measures versus reactive measures, the CFO will have to ask themselves a lot of questions. 

“What's the form of that event going to take? What's the exposure potential to my company and my clients, my customers?” Porter said. Additionally, CFOs are going to be making largely appropriate risk balancing decisions about how exhaustive cybersecurity measures need to be. 

“It's not about cost minimization, it's about cost optimization. And that's one of the areas where CIOs and CFOs can absolutely partner to make sure that the company is making good decisions about how it's deploying technology to maximize the value to the employees and the clients,” Porter said.