CFO Studio Magazine with Dominic Caruso, CFO, Johnson & Johnson

EVENTS 32 WWW.CFOSTUDIO.COM Q4 2016 EXECUTIVE DINNER SERIES down a bit, you’re more able to focus on what kind of breach in which sectors of the company will be most detrimental to your business.” This could be a direct attack where access to funds and resources has been acquired, he explained, or an indirect hit to reputation and brand. While an organization can potentially guard against resource or monetary risks, it’s very difficult to do the same in the area of reputational risk. As an example, Mr. Calhoun cited the massive data breach at a large, national retailer about a year and a half ago, in which upwards of 110million people had sensitive, personal information stolen or compromised during the holiday shopping rush. “Immediately, the public thinks the retailer isn’t protecting its data.That’s not necessarily grounded in the facts, and there’s no knowledge of what steps were taken before and after the attack, but all of a sudden their reputation is at risk of becoming tarnished.” All any company can do, he said, is “address the risks as best as possible to ensure that few, if any, breaches occur, and that damage to reputation is limited.” He added, “It’s a real challenge to balance the risks and the costs to prevent such occurrences.” JimWillard, an Executive for California-based Tidemark, a private-enterprise performance management company, and a CFO Studio Business Development Partner, found it thought-provoking that attendees seemed most concerned with the damage an attack could cause to their brand. “It almost outweighed the concern of the actual breach itself, and the impact on the data and the ensuing monetary consequences.” Mr. Willard noted that “attendees seemed to feel they could effectively mitigate the risk of the tangible and monetary damages through their practices, procedures, and infrastructure improvements, but the open-ended risk of damage to brand is still out there.” Mr. Calhoun questioned whether the public cares about cyberterrorism threats and attacks anymore, as there are so many instances of these in the news. He noted that even the media seems to have stopped focusing on the topic. “It’s become almost a way of life, and people, themselves, have had their individual systems hacked, so it’s possible we’ve become somewhat numb to it.” He said perhaps the risk of reputational harm is lower than before, just by “the pure numbing of the public.” Up in the Air The discussion really heated up when Mr. Calhoun questioned whether or not storing data in the cloud offers a greater or a reduced risk of cybersecurity attacks. “We were all unclear which was safer,” he recalled in a subsequent interview. Some attendees felt that the cloud environment might be the more secure option, because the third-party organizations providing cloud storage have a great deal invested in preventing attacks, as their future and livelihood depend on it. On the other hand, “Some of us, myself included, thought there was increased risk when your data resided somewhere other than where you can directly control it,” said Mr. Calhoun. Scott Settersten, CFO of Ulta Beauty, a retailer of cosmetics and salon services, attended the dinner and said in an interview, “My perception always was that I’m more at risk if I keep my data in the cloud than if I keep it under my own lock and key, but that’s probably not the case because the people that are maintaining this data have better security than I’ll ever be able to afford, simply because that’s their core business.” (Settersten, the subject of an article that recently appeared in CFO Studio magazine, will lead a discussion at a CFO Studio Executive Dinner in Chicago later this year.) Shiwali Varshney, CFO at Vosges Haut-Chocolat, a super-premium chocolate manufacturer and retailer, said that regardless of her uneasiness with cloud computing, “we have to go there eventually, because that’s where business processes are headed. Plus, it’s more cost effective to do so.” While she is confident that the companies providing the storage service are encrypting data and making every effort to ensure that data is secure, “I know there is inherent risk when data is stored in the cloud. But I know that if we want to be productive, we need to utilize the cloud-based solutions to be more collaborative and efficient.” Ms. Varshney went on: “How we manage that risk, and how much money we spend managing it, is becoming crucial to understand. This is where my concern lies.” She also noted that “there has been a big change toward how we handle operational risk BUSINESS DEVELOPMENT PARTNERS MEETING PARTICIPANTS Lynn Calhoun Chief Financial Officer BDO USA, LLP Discussion Leader Jim Willard Tidemark Stephen Minakovic Tidemark Ryan Green VP & CFO, Harley-Davidson Financial Services Peg Koenigs Senior VP & CFO, Federal Reserve Bank of Chicago Scott Settersten CFO, Ulta Beauty Shiwali Varshney CFO, Vosges Haut-Chocolat