Andrew Elder, president of EMEA at Intel Security
The cyber attack targeted at infidelity website Ashley Madison clearly exemplifies the long lasting implications of online crime. Beyond the initial effects of customers having their most sensitive personal details exploited, we are now seeing secondary shock waves, as online scammers and criminals take advantage of victims of the attack. Such supplementary incidents include blackmailers threatening to send condemning personal data to friends and relatives of victims and charging a ransom via Bitcoin to remove the data. But alongside the personal consequences of the attack, the business implications for Ashley Madison are just as far reaching. With the site suffering lasting financial damage, the responsibility for the incident extends far beyond the IT staff to the C-level execs and in particular the chief financial officer (CFO).
What can CFOs learn from the Ashley Madison attack?
- A cyber attack can cost a company more than its reputation
Prior to the attack, Ashley Madison had high hopes of a public listing. With 37 million members worldwide the corporation had an estimated valuation of $1 billion. An IPO on the London Stock Exchange later this year was being widely discussed, in a listing that could raise up to $200 million. However, following the notorious cyber attack, many experts claim that the company's flotation hopes have been damaged beyond repair.
- Cyber defence is a C-level issue
Considering the potential crippling business consequences of a data breach, corporations cannot afford to dismiss cyber security as a problem solely for the IT department. Cyber defence is about teamwork across the organisation. C-level executives need to take responsibility for managing and executing this company-wide collaboration – with CFO taking an active role in in devising the organisation's security strategy. According to a recent study from Deloitte, 85 per cent of CFOs fear malicious attacks are a major threat to a corporation's finances, however only 4 per cent say they are well prepared for such attacks.
- A cyber security strategy requires intricate risk analysis
While C-level IT execs, such as the chief information officer (CIO) are best placed to understand the changing technology and security landscape, the CFO is armed with key details about the company's financial situation and future business priorities. As such, understanding the data supply chain and how a company's most valuable assets are secured, are all tasks that cannot be achieved effectively without the finance team's input. This team also has experience in presenting these findings to the CEO, in order to secure the investment required.
- Careers are on the line
The devastating impact of security breaches on C-level executives was made startlingly apparent, when the CEO of Ashley Madison was forced to resign following the incident late last month. Similarly, other recent high profile security incidents have highlighted that beyond the corporate damage resulting from a cyber attack, senior executives can suffer the personal consequences of failing to implement appropriate cyber security measures. The CFO of London-based hedge fund Fortelus was recently dismissed following a cyber-related scam that lost the company $1.2 million. Meanwhile, the director of the US Office of Personnel Management was forced to resign following a data breach that affected over 20 million records of government employees early in July.
- Regulatory compliance is at stake
In today's business landscape data is not only one of a company's most valuable assets but is also tied to many regulations. Ashley Madison has not only suffered reputational and financial damage as a result of the attack, but is now experiencing the regulatory implications associated with such a breach. At least six complaints have been filed in federal court against Avid Life Media, the parent company of the infidelity website, following attackers' disclosure of user information. With this in mind, a CFO's evaluation of data assets must include a deep analysis and understanding of the regulatory landscape to ensure company compliance.
Data breaches such as that targeted at Ashley Madison can evidently result in severe consequences for a company, including reputational and financial damage, loss of key talent and even legal implications. With the future of the company at stake, company data must be valued in the same way as other corporate assets. To ensure this, corporations should prioritise cyber security as a C-level concern and promote collaboration between the finance and technology teams to devise a security strategy that meets the needs of today's cyber landscape.