Article

Setting strong digital and cyber foundations

By:
Vijay Rathour,
Mark O’Sullivan
08 Apr 20264 min read
Digitisation has become a baseline expectation for modern finance functions. Finance leaders who invest time in understanding their technology landscape can release capacity for higher-value analysis, improved data integrity and sharpen their strategic influence.
Contents

Understanding where you stand

Technology sits at the centre of the foundations you want to build in your first 100 days. For two rounds in a row, our biannual survey of 500 CFOs found that ‘understanding the risks and opportunities of AI’ was CFOs’ number one strategic priority. 

Modern CFOs are assessing capability, resilience, and the organisation’s readiness for scale. The early conversations you have now will influence investment decisions down the line, team structure, the voice you have in digital strategy across your business, and your ability to deliver insight in the months ahead. 

To help set this direction with clarity and confidence, focus on the areas below. 

1. Which stakeholders really hold the keys?

Start early conversations with the people who shape your organisation’s technology choices. Whether or not a CIO exists in your organisation, you will need to understand the current architecture, the plans already in motion, and any known vulnerabilities or constraints. 

This includes understanding how well systems integrate, where manual workarounds exist and where data quality risk is highest. 

2. Get your team’s perspective

Your team can tell you where technology is helping them most, and where friction is slowing reporting, undermining accuracy, and increasing operational strain. Encourage them to identify where delays or rework consistently occur, and which processes feel unnecessarily complex or outdated.  

They’re the ones doing the work day-to-day. They likely know better than anyone where automation could reduce rework, improve controls, and support more rewarding roles. Engagement at this stage builds adoption and ensures that transformation delivers outcomes people value. 

3. Does your automation roadmap need updating?

Every finance function has processes that feel ripe for improvement. A structured roadmap ensures that energy and investment flow to the areas that matter most. It will also ensures that improvements to one area do not unintentionally create pressure elsewhere.  

Technology that serves you 

Your first 100 days are likely to surface plenty of inefficiencies.  

As one CFO told us, it’s important to step back and ask “can I remove this entirely?” before you ask "can I automate this?’". Some processes are simply outdated and no longer needed. Others may require entirely redesigned workflows before technology can be applied. Begin by taking the time to understand what genuinely adds value.  

Automation helps us move from a mode of operating where we’re scorekeepers spending half of meetings debating whether the numbers are right or wrong... and often walking away with the action to meet up again with the right numbers... to being able to use that time to drive action from insight.
CFO PE-backed businesses

Cyber: The risk you can’t afford to underestimate

For many CFOs, cyber risk now sits firmly within financial stewardship. The cost of disruption, reputational harm, and regulatory exposure mean that this is no longer viewed as a purely technical domain. 

Understanding your organisation’s cybersecurity approach early reduces uncertainty and enhances your ability to protect value. Prevention remains the more effective and affordable strategy.

1. Defence that fits the threat  

Whether this be having the right cyber insurance in place, the activities of an inhouse team, or an outsourced provider, cyber threats move quickly, so only pay for the protection you need. There’s a good chance you may be paying for overlapping products and protections.  

2. Ask to see the cyber incident response plan  

Businesses that have a cyber incident response plan in place are likely to detect and contain attacks early, minimising potential costs and business impacts. Asking to see one, and your role within it, will ensure that you’re seen as a forward-thinking CFO and you’ll be able to help successfully navigate a cyber incident.  

3. Don’t assume your IT team have it under control  

Most mid-market businesses that we help recover from cyber-attacks never thought they would become a victim because they assumed that their IT team was protecting them from the threat.  
Checking when your defences were last independently verified by cyber security  
teams is key.  

4. Who is the lead on cyber in the Board?

There should be a nominated Board member with responsibility for cyber security.  
Depending on the type of business, this may be the CFO, as our cybersecurity survey found that was the case in 15% of mid-market businesses.  

Ensure you understand who this is, what their responsibilities are, what they expect from you, and consider ensuring that the Board has access to a trusted cyber adviser who can provide expert advice to ensure that you have a second pair of eyes on this important area.  

This will prevent you from getting caught out with technical jargon and requests for overly expensive solutions by your internal teams or external providers. 

TAGS  
Authors
  • Vijay Rathour
    Vijay Rathour I am a partner and head of cyber and digital investigations within the insolvency, forensic and restructuring group. My main focuses include cyber response services globally, bribery, corruption, competition law infringement, complex fraud investigations, data governance. View Profile
  • Mark O’Sullivan
    Mark O’Sullivan Mark O'Sullivan - I work across all major functions within a client’s company – not just finance – to build support for change initiatives, and to define and target optimal working capital levels.  View Profile