CIOs reporting directly to CFOs can create massive cybersecurity headaches

October 21, 2015

James Kosur

In honor of October's designation as National Cybersecurity Awareness Month, the U.S. Small Business Administration (SBA) has unveiled a new Web page dedicated to promoting cybersecurity for small businesses. - See more at: http://www.businessnewsdaily.com/8491-sba-unveils-small-business-cybersecurity-tools.html#sthash.HVndjn45.dpuf
In honor of October's designation as National Cybersecurity Awareness Month, the U.S. Small Business Administration (SBA) has unveiled a new Web page dedicated to promoting cybersecurity for small businesses. - See more at: http://www.businessnewsdaily.com/8491-sba-unveils-small-business-cybersecurity-tools.html#sthash.HVndjn45.dpuf

Many companies need technology upgrades but are "starving" for the cash necessary to upgrade critical systems. That's the message from the author of a new study sponsored by the Georgia Tech Information Security Center.

Study author Jody Westby, the chief executive officer of consulting firm Global Cyber Risk, tells CFO.com, "When you start looking at why [a] company had a weak security program, it usually comes down to allocation of resources."

"The CFO should be very concerned, because often it's the security programs that have been starved for cash," she says.

Westby explains that many complaints about malfunctioning computer security systems never reach the CFO because the chief information officer (CIO) intercepts those messages and tables them. CFOs are often viewed to be "cost obsessed" and more willing to ditch projects that will cost the company money, she says.

Regardless of the chain of reporting, Westby says finance chiefs must include security programs — and the material and human resources they require — in the company's annual budget review. This allows the board to directly examine the cost of security risks and assign the necessary resources to stop cyber threats as they occur. 

"If a security team is starved for funding, that always comes back to the CFO," Westby tells CFO.com.

Read Full Article

SBA Unveils Small Business Cybersecurity Tools
Credit: Mark Van Scyoc

In honor of October's designation as National Cybersecurity Awareness Month, the U.S. Small Business Administration (SBA) has unveiled a new Web page dedicated to promoting cybersecurity for small businesses.

In the wake of high-profile data breaches, many businesses are eager to implement a more robust cybersecurity strategy. The SBA's cybersecurity page, launched earlier this month during the "Cybersecurity at Work" week, offers advice and tools for small business owners who are seeking to better protect both their own data and their customers' data. In 2013, 44 percent of the 800 small business owners surveyed reported having experienced a cyberattack that resulted in an average cost of nearly $9,000, according to a report by the National Small Business Association.

"Cybersecurity is one of our nation's most pressing national security priorities, and America's 28 million small businesses, which create two out of every three new jobs in the U.S., are especially at risk," SBA Administrator Maria Contreras-Sweet said in a statement announcing the Web page. "Small employers are quickly becoming a larger target for criminals looking to access sensitive data because small businesses typically have limited resources for information systems security. In an effort to combat cyberattacks against small businesses, the SBA's online tools will help employers identify information security vulnerabilities that put their companies at risk."

- See more at: http://www.businessnewsdaily.com/8491-sba-unveils-small-business-cybersecurity-tools.html#sthash.HVndjn45.dpuf
In honor of October's designation as National Cybersecurity Awareness Month, the U.S. Small Business Administration (SBA) has unveiled a new Web page dedicated to promoting cybersecurity for small businesses. - See more at: http://www.businessnewsdaily.com/8491-sba-unveils-small-business-cybersecurity-tools.html#sthash.HVndjn45.dpuf