Managing cybersecurity As less data is held on company servers that can be protected by the “On the one hand, we need to focus on how we educate CFOs about cyber company’s firewalls and cybersecurity infrastructure, a whole new set of risk. But at least a proportion of our attention should be focused on educating challenges is emerging. our technologists in how to speak to board members in a way that makes it a “The traditional solutions for addressing this don’t work anymore. The whole conversation in which they can participate.” landscape is changing very dramatically,” says Ryerkerk. Similarly, the CIO needs help from the CFO and the board to prioritize the assets that must be protected. And they need early involvement in board- 4. Discuss cyber risks in the language of business, not IT level discussions about changes in business strategy that could have One of the common obstacles to effective cybersecurity is simply a language security implications. issue. CIOs that outline cybersecurity issues to their CFO in technical language Effective collaboration between the CIO and the CFO on cybersecurity hinges can create a block on quick and effective action. on clear and open communication in business terms. Many CFOs that are aware of the scale of cyber risk are slowed down in working out how much to invest and what initiatives to prioritize because of this communication breakdown. “ Many CFOs know that they need to spend more on cyber risk management. But they don’t know where to focus their efforts, because the technologists trying to tell them are blinding them with science.” Ken Allan, Global Cybersecurity Leader, EY Partnering for performance Part 3: the CFO and the CIO 15