A concerning number of South African companies are not prepared for the inevitability of a cyberattack despite the significant financial and reputational risks, according to Ryan Mer, managing director, eftsure Africa, a Know Your Payee (KYP) platform provider
Mer explained that that because cybersecurity is a business-wide risk it requires more than isolated activities to be addressed. “This is where the role of a chief information security officer (CISO) is important. The CISO, therefore, needs to have technical and security skills and competencies, but equally as important, should understand the finance function, operations of the business, and have the business as well as communication skills to effectively create this span.”
While large corporates are more likely to have the resources to fill the CISO role, businesses below the corporate level may not. In such instances, Mer says an outsourced or CISO-as-a-service offering could add immense value. “Ultimately, and especially in relation to the Protection of Personal Information (POPI) Act, there needs to be a coherent strategy and allocated responsibility in place with respect to cybersecurity, data management, compliance and fraud prevention.”
“It is potentially disastrous for the finance team to be ignorant of cyber risk. Attackers can target many areas of an organisation, but the dangers are usually measured in financial terms: CFOs cannot ignore cybersecurity simply because it is a complex issue outside their area of expertise.”
“Attacks will very often target the finance department and its team members directly, and in many instances may even be perpetrated by or assisted by internal team members, in attempts to steal and defraud the business. CFOs need to ensure their own vulnerabilities are both understood, and urgently addressed,” he concluded.