CFO Studio Magazine with Dominic Caruso, CFO, Johnson & Johnson

EVENTS EXECUTIVE DINNER SERIES 38 WWW.CFOSTUDIO.COM Q4 2016 T he issue of cybersecurity has become a matter for entire organizations, from the IT department through all of its layers. “It’s now discussed upstairs at the Board level. It’s that serious,” said Paul Mallen, CFO of Amalgamated Life Insurance Company, as he talked about “CFO Perspectives in Managing Cyber Risks” at a Middle Market Companies CFO Dinner, part of CFO Studio’s Executive Dinner Series, held recently at Blue Morel in Morristown, NJ. CFOs from select New Jersey–area companies attended the invitation-only dinner discussion. “Detection,” Mr. Mallen pointed out, “is just as important as prevention.” He cited an intrusion at an insurance provider in the Pacific Northwest that made headlines last year. “Hackers were in the system for several months before anyone knew it, accessing an estimated 11 million customers’ personal, financial, and medical records.” In terms of how to detect such a breach, Mr. Mallen said, “There’s really no silver bullet. And the hackers are typically one step ahead of the rest of us. Multiple layers of technology and processes are necessary.” Still, from what he called “a low-hanging fruit perspective,” there are a few hot-button items to consider when attempting to defend against a cyber attack. “Only allow approved software to run on employees’ computers, and minimize administrative privileges by preventing individuals, except those authorized, from making changes in the system.” In addition, he advised keeping applications, plug-ins, and software up-to- date and operating systems current with the latest patches and updates. The CFO’s Role Increasingly, CFOs are paying more attention to such measures and controls because, as Mr. Mallen stated, “Typically, our job is to manage corporate resources and risk. …CFOs think in terms of risk vs. return, but when it comes to the issue of cybersecurity, you can’t quantify the return. And the risk could be reputational, financial, and/or customer losses.” To begin laying the groundwork for a more secure computing environment, Mr. Mallen suggested attendees ask themselves a couple of critical questions: “Where is your data? What data are you trying to protect? Who has access to it, and should everyone in a department have access to the same data?” Once answers to these questions are reached, he said, it’s an opportune time to conduct a risk assessment and a gap analysis. “Then you can methodically approach where your gaps are and attempt to [protect the assets] cost-effectively.” From a finance perspective, Mr. Mallen said CFOs should determine the amount of money that can be allocated to cybersecurity efforts. “You have to spend your funds appropriately; you can’t allocate capital to all IT requests.” In addition, “As middle market CFOs, we have a unique challenge BUSINESS DEVELOPMENT PARTNER A Hot-Button Item No longer just the responsibility of IT professionals, the threat posed by cyber attacks is in the CFO’s bailiwick The comments made by these guests are their own and may not reflect the opinions and/or policies of their companies or of CFO Studio and/or its promotional partners.