The CFO’s journey to digital maturity
HubGuidance to help you through the four stages of digital maturity.
Defend against threats
Protect your business from cyber threats, AI risk, and ever-evolving regulation
74% of businesses lost money due to a data breach in the last three years. Our experts share practical ways to protect your business from digital threats.
Your role in defending against digital risk
Your top priority is protecting your organisation's financial health, which explains why defending against threats is typically the first stage in the CFO digital maturity journey.
Cyber attacks and data leaks are a significant risk to continuity, causing downtime in business-critical systems, loss of information, regulatory penalties, and financial losses.
These can damage a business's reputation, with long-term impacts on customer loyalty and stakeholder relationships.
Below, we reveal the most common digital weaknesses identified in our survey of over 500 finance leaders, and how to overcome them.
1.
Develop skills in cyber resilience
More than a third of businesses don't train their people on data security.
Sharing knowledge about cyber and data threats helps finance teams and the wider business respond appropriately to suspicious activities like phishing emails or calls.
Align with IT and cyber security teams to roll out continuous skills development and awareness initiatives, giving employees the confidence to identify and handle cyber threats.
Training doesn't have to be an annual checkbox exercise. Regular role play is an effective way to prepare for cyber crises. These interactive sessions use real-world examples to educate teams to spot threats and understand the consequences of a mishandled breach.
2.
Create robust incidence response plans
Nearly a third of CFOs don't have cyber incidence response plans, while one in three don't monitor regularly for data breaches or cyber threats.
Operational resilience is key to protecting the company's financial health. Help your business respond more effectively to data and cyber incidents in the following ways:
1. Categorise incidents
Clearly define incidents to determine an appropriate response during an event or crisis, depending on whether it's low, medium, or high impact.
2. Establish a communication strategy
Create a robust communication strategy for internal stakeholders and external audiences to ensure key details are shared with the right people at the right time.
3. Get pre-approved external advisers
Keep pre-approved external advisers on standby to make quick and informed decisions during a crisis.
4. Invest in scenario planning
Conduct regular scenario planning and simulations to help people across the business understand how to handle cyber events so they don't escalate into crises.
"An incident response plan is vital. Investments in improving cyber security are crucial and the cost is almost insignificant compared to the losses incurred by a cyber crisis. Cyber attacks are inevitable, so don't wait for a crisis to hit. Plan ahead to minimise the impact."
Vijay Rathour
Partner, Head of Cyber and Digital Investigations
3.
Govern AI and emerging technologies
The top two risks CFOs anticipate over the next 12 months are artificial intelligence (AI) allowing competitors to undermine their business, and creating new risks in the business.
Five threats from AI
1. Security
AI has the potential to leak confidential data, which could lead to market-price changes or the exposure of commercially sensitive information.
2. Privacy
AI systems that handle personal data must comply with regulations like GDPR, which require explicit consent from the data subjects.
3. Intellectual property
AI systems might store proprietary information which vendors could use to create standardised products and offer them to competitors.
4. Regulation
Businesses must comply with various regulatory requirements, such as the EU AI Act, or risk penalties.
5. Cost
AI implemented without a clear commercial strategy could result in wasted outlay.
AI not governed correctly can cause both reputational and financial damage to a business. CFOs must work closely with technology and governance colleagues to make sure any new use of the technology is compliant and secure – especially in highly regulated industries, such as pharmaceuticals or banking.
Updates to governance frameworks should give CFOs visibility over all AI solutions used or developed within the company so they align with strategic and reputational goals. Likewise, governance should ensure the training, validation, and testing of datasets so they’re free of errors and relevant to the intended purpose.
"The rapid advance of AI means CFOs must act fast to incorporate the new risks and opportunities into their governance frameworks. This requires close cross-functional collaboration with legal, governance and compliance departments, or securing the right third-party advice."
Alex Hunt
Head of Data Analytics and Automation, Business Risk Services
4.
Keep up with compliance
CFOs identified keeping up with changes to regulatory requirements as the top digital business risk in the next year.
Regulation is finally catching up with the rapid technological leaps of the past five years.
The EU AI Act
Billed as the world's first comprehensive AI law, it adheres to any companies doing business in or with the EU. Failure to do so can result in fines of up to EUR 35 million.
GDPR and UK GDPR
GDPR was introduced to protect the vast amounts of personal information held by organisations. As AI systems depend on large amounts of personal data, the regulation has never been more salient.
Technology isn’t static, nor is regulation. CFOs need to make financial operations compliant with present laws and regulations while futureproofing for inevitable updates.
5.
Improve your control environment
27% of CFOs say that enhancing the control environment is one of their top digital investment priorities for their business.
CFOs must present accurate and reliable financial information, with severe consequences for misrepresentation. Strict controls on data reduce the risk of accidental error.
Five ways to implement data controls
1. Tighten access
Establish clear policies and advanced controls to limit who can do what within financial systems. This includes ensuring proper segregation of duties to prevent conflicts of interest, such as making sure that the same person can't both raise and approve a purchase order.
2. Implement advanced finance controls
Monitor changes in financial data, track who has made changes and guarantee a clear journey of evidence for all transactions. Techniques like anomaly detection and Benford analysis can identify unusual patterns that might indicate fraud or errors.
3. Verify that data is accurate, reliable, and complete
Put robust processes in place to verify the accuracy of financial reports and guarantee that all data goes through proper controls and governance. Automating financial processes like reconciliations and approvals reduces the risk of human error and increases efficiency.
4. Scan for process debt
Process debt describes inefficiencies and outdated processes that can undermine a control environment. To avoid this, CFOs must regularly audit financial IT systems to keep pace with current needs.
"CFOs must ensure that data controls not only exist but are owned by specific individuals in the business. This creates accountability and traceability should something go wrong."
Phil Burgess
Enterprise Applications Director
6.
Act today to manage tomorrow's risks
Just two years ago, few people knew the term large language model (LLM); now, we can't imagine meetings without an AI summary. The pace of change can make managing technology risk daunting.
However, CFOs have no choice but to get involved in all areas of digital defence, from cyber security to compliance.
Hub
The CFO’s journey to digital maturity
Support for finance leaders to advance through the four stages of digital maturity.
Footnote
*The CFO Digital Survey is an anonymous questionnaire for 300 CFOs at businesses with £50 million-£1 billion annual revenue (mid-market) and 200 CFOs/GFCs at businesses with more than £1 billion annual revenue (large corporates). The data was obtained in June 2024.
All respondents come from UK-based businesses across a range of sectors and regions.
Related content
Technology risk trends: Your key priorities for 2025
ReportKey technology risk areas for internal auditors and technology risk functions to consider in 2025.
Mitigating the risks of AI integration: CFO Pulse Survey results
ReportOur CFO survey shows AI adoption shows no signs of slowing down. Find out how CFOs can balance the risks and rewards of AI.
Sign-up to receive technology and digital insights tailored to finance leaders.
The journey to digital maturity is unique to each organisation.