One of the key responsibilities of a CFO is to identify the risks of an organization, assess the potential impact of these risks to the organization and weigh the costs and benefits of taking steps to minimize the risks. A typical example of this is insurance policies. There are risks to the organization due to workers compensation claims and property damage. As a result, CFOs commonly purchase insurance policies to minimize the risk of these activities having a negative impact to the organization.
So how do CFOs view the risks of the data? Some of you may be questioning the “risk of data.” You may be saying:
“Data is not a risk.”
“It is the lifeblood of our company.”
“Our IT organization spends lots of money to make sure people have access to the information they need to perform their job.”
“The CIO or CISO is responsible for ensuring the protection of our data.”
Although these may all be the case, the data in your organization is still a significant financial risk to your organization unless it is secured. A property insurance policy may provide your company with ability to replace damaged or stolen equipment, however, the actual data on mobile devices is much more valuable than the cost of the device itself. A $1,000 computer can cost a company millions of dollars if the data on that computer is exposed.
There are no insurance policies to cover you for the damages incurred by losing your data. An increasing challenge for organizations is that your company data is also no longer just behind your firewalls—it’s on the move and being stored on devices like USB sticks, home computers, personally-owned smart phones, tablets and now even the cloud (i.e. Dropbox).
Data protection is no longer just an issue for CIOs and CISOs; it’s important for CFOs to include data protection in their risk assessment, too. So, make sure the necessary steps are taken to mitigate the risk that your data provides.