CFO’s unique role in cyber security

Aug 06, 2015
Written by

Cyber risk experts have begun to work on the assumption that it's impossible to keep networks perfectly free from attack.

cyber security

“Traditionally, cybersecurity has been focused on the front protection piece,” including internal controls, employee training, and firewalls, according to Heather Crofford, CFO of shared services at Northrop Grumman, the big aerospace and defense contractor. For Northrop and many other companies, however, “detection, response, and recovery are where the increasing investment needs to be,” she says.

Since the risk can’t be complete, eliminated, CFOs are wondering if insurance policies targeted solely at cyber risk can help stem the tide of financial loss once a breach occurs. Some companies have, in fact, bought “dedicated” cyber insurance policies that provide coverage for such risk exposures, writes Lynda Bennett, an attorney who represents corporate policyholders, in “Cyber Insurance Policies: Are They Worth the Money?” Other companies are still in the evaluation phase and are appropriately wondering whether such policies are needed, and, if so, whether insurers are paying claims under them, according to Bennett.