Cyber attacks have become one of the most worrisome risks considered chief financial officers (CFOs), according to Deloitte’s quarterly CFO Signalssurvey. The rate of CFOs citing cyber attacks as a key concern has risen sharply over the survey’s four-year history, directly correlating to both the frequency and cost of cyber attacks. According to the Ponemon Institute, the average cost for a data breach is now $3.6 million globally – a 15 percent increase from last year. (It’s considerably higher for U.S. companies – $5.85 million.)

Whether you are a CFO, or merely report to one, here are five realities that your financial executive needs to understand about cybersecurity, according to Deloitte:

  1. “Your information network will be compromised.” Accept it.
  2. “Physical security and cybersecurity are increasingly linked.” Threats such as espionage, intellectual property theft, fraud and more often begin by physical access, whether to a server room, a records room, the payroll office, etc.
  3. “Cyber damages go beyond dollars.” It’s easy to document the average cost of a data breach, but long-term effects on reputation and brand can add to the toll. Cyber insurance is a strong consideration to limit excessive damages.
  4. “Everything can’t be protected equally.” Not every piece of information is equally important, and by creating a data hierarchy, you can better determine which “crown jewel” data needs more protection (hence more resources).
  5. “Your walls are probably high enough.” Investments in the protection side of cybersecurity (firewalls, intrusion-detection systems) are likely as high as they need to be. However, as you should assume that hackers have already infiltrated the system, companies should focus on detection to increase vigilance against attacks and on recovery. Deloitte’s formula for typical IT cyber-risk spend is: 30 percent wall-building; 50 percent detection; 20 percent resilience preparation.

These “truths” lay the groundwork for an effective enterprise-wide cyber-risk plan, the report says. For more information about the CFO Program, visit