Search
00
GBAF Logo
trophy
Top StoriesInterviewsBusinessFinanceBankingTechnologyInvestingTradingVideosAwardsMagazinesHeadlinesTrends

Subscribe to our newsletter

Get the latest news and updates from our team.

Global Banking & Finance Review®

Global Banking & Finance Review® - Subscribe to our newsletter

Company

    GBAF Logo
    • About Us
    • Advertising and Sponsorship
    • Profile & Readership
    • Contact Us
    • Latest News
    • Privacy & Cookies Policies
    • Terms of Use
    • Advertising Terms
    • Issue 81
    • Issue 80
    • Issue 79
    • Issue 78
    • Issue 77
    • Issue 76
    • Issue 75
    • Issue 74
    • Issue 73
    • Issue 72
    • Issue 71
    • Issue 70
    • View All
    • About the Awards
    • Awards Timetable
    • Awards Winners
    • Submit Nominations
    • Testimonials
    • Media Room
    • FAQ
    • Asset Management Awards
    • Brand of the Year Awards
    • Business Awards
    • Cash Management Banking Awards
    • Banking Technology Awards
    • CEO Awards
    • Customer Service Awards
    • CSR Awards
    • Deal of the Year Awards
    • Corporate Governance Awards
    • Corporate Banking Awards
    • Digital Transformation Awards
    • Fintech Awards
    • Education & Training Awards
    • ESG & Sustainability Awards
    • ESG Awards
    • Forex Banking Awards
    • Innovation Awards
    • Insurance & Takaful Awards
    • Investment Banking Awards
    • Investor Relations Awards
    • Leadership Awards
    • Islamic Banking Awards
    • Real Estate Awards
    • Project Finance Awards
    • Process & Product Awards
    • Telecommunication Awards
    • HR & Recruitment Awards
    • Trade Finance Awards
    • The Next 100 Global Awards
    • Wealth Management Awards
    • Travel Awards
    • Years of Excellence Awards
    • Publishing Principles
    • Ownership & Funding
    • Corrections Policy
    • Editorial Code of Ethics
    • Diversity & Inclusion Policy
    • Fact Checking Policy
    Original content: Global Banking and Finance Review - https://www.globalbankingandfinance.com

    A global financial intelligence and recognition platform delivering authoritative insights, data-driven analysis, and institutional benchmarking across Banking, Capital Markets, Investment, Technology, and Financial Infrastructure.

    Copyright © 2010-2026 - All Rights Reserved. | Sitemap | Tags

    Editorial & Advertiser disclosure

    Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

    1. Home
    2. >Business
    3. >Why business leaders must get on the same page in evaluating the financial impact of cyber risk
    Business

    Why Business Leaders Must Get on the Same Page in Evaluating the Financial Impact of Cyber Risk

    Published by Jessica Weisman-Pitts

    Posted on August 29, 2022

    7 min read

    Last updated: February 4, 2026

    Add as preferred source on Google
    A group of business leaders engage in a strategic meeting, analyzing financial data related to cyber risk and ransomware impacts. This image reflects the importance of leadership alignment in understanding the financial threats posed by cyber attacks, as highlighted in the article.
    Business leaders discussing financial impacts of cyber risk in a meeting - Global Banking & Finance Review
    Why waste money on news and opinion when you can access them for free?

    Take advantage of our newsletter subscription and stay informed on the go!

    Subscribe

    Tags:cybersecurityrisk managementfinancial servicesinsurancetechnology

    By Sam Linford, VP EMEA Channels at Deep Instinct

    Ransomware has become a harrowing concern for business leaders, as attack rates and cost continue to spike across industries. It is projected that by the end of this year, annual ransomware damages will reach $20 billion.

    It’s no surprise then that ransomware has come to represent one of the most financially threatening cyber risks facing organisations today. The core mechanism of such attacks makes it a very profitable method for threat actors and damaging for the victims. A single mis-click unleashes a malware that laterally moves through the network and paralyses the business by encrypting key files and systems. Then the ransom demand arrives. It has a lot of zeroes on the end.

    Despite the massive financial impact of such an attack, research from Deep Instinct has found that many organisations are unprepared to deal with ransomware. Over 50% of CEOs are overoptimistic in estimating the security capabilities of the organizations and assume that their ecosystem is prepared to face such attacks. So, when ransomware breaks through, leaders are often caught off guard.

    We found that executive leaders, especially key financial decision makers are dangerously disconnected on their views about how well the organisation could prepare for facing threats, bear up to an attack, and what to do if one occurs. IT Security decision makers (71%) are more likely to be aware of past ransomware attacks than Finance decision makers (55%).

    How are businesses underestimating ransomware?

    When a ransomware attack happens, the decision of whether or not to pay the ransom is taken based on cost quantification. Organisations need to accurately size the financial cost of downtime and data loss, and then compare it with the ransom demand. However, these assessments are often inaccurate.

    Why? Because financial executives such as CFOs, who play a primary role in resource management, are often not involved in such critical financial assessments. We commissioned research with more than 200 senior decision-makers and found that only 12 percent of CFOs are actively involved in determining the organisation’s risk from cyber attacks. Consequently, we also saw that only 38 percent of the firms were confident in the accuracy of their quantified costs.

    Likewise, despite the massive financial fallout of a ransomware attack and the critical decision around whether to pay up, CFOs were only involved in the final decision about ransom demands 14 percent of the time. CEOs, as well as CISOs and other technical leaders, were twice as likely to be directly involved. Furthermore, IT security decision-makers (71%) are more likely to be aware of prior ransomware attacks than decision-makers in finance (55%).

    CFOs maintain the financial pillars of a company. They are often the ones that know the monetary value of most organisational resources, and they have the experienced mindset to recognise which decisions are financially sound for the organisation, and which are not. So, not including such individuals in a ransomware response decision is a rather treacherous approach. The CFO must be present if the organisation is to have any hope of getting a clear picture of its exposure to risks online, the financial repercussions of a potential breach, and the degree of risk exposure.

    Accidently excluding the CFO from the process means the numbers around cyber risk often don’t quite add up. This was particularly clear in ransomware, where a firm will be given direct control of whether to pay thousands, or even millions, of pounds for the chance to restore their systems.

    The true cost of ransomware

    Most respondents believed they would stand firm and refuse to pay up, but those who considered meeting demands tended to underestimate how badly it might cost them. Between £500k and £1m was the most common estimate, with just 2% expecting to pay between £5-10 million.

    But history suggests they’d likely end up paying far more. Among respondents that had previously paid up, the cost was most likely to be between £1-5 million, with 14% having paid between £5-10 million, and 6% going over an eye-watering £10 million. Worse, only 32% of respondents, who had paid a ransom reported receiving all their data and not experiencing a repeated attack.

    There’s also a real mental impact from such attacks. We found that 41% of the respondents were worried an attack would negatively harm their future prospects, even if it wasn’t directly their fault. This concern was more prevalent among CEOs. The stress of having to deal with such incidents can have a significant toll on their mental health. The majority of the respondents were also concerned with losing the trust and respect of their co-workers, as well as the prospect of such incidents tarnishing their previous achievements and diminishing any promotion opportunities. It’s now not so hard to see why we are suffering from a ‘Great Resignation.’

    The disconnect with CEOs

    Estimates around the cost of ransomware might be more in line with reality if finance heads were more involved in cyber planning. We found that CFOs and financial directors were the least confident decision makers about their firms’ level of preparedness for cyber risk. Just 26% believed they could withstand an attack.

    By contrast, nearly two thirds of CEOs were confident that they were well prepared to weather an attack. Similarly, 88% of CEOs stated they could quantify the loss of data, compared to just half of financial decision makers.

    Now, we expect CEOs to radiate confidence and take a bold stance on their company’s capabilities. But when this confidence isn’t backed by the facts, the business can be exposed to unnecessarily high levels of risk. Also, CEOs are often only given a selective amount of information. They are not always aware of the core impact of the incident, the monetary value of the compromised resources, the potential vulnerabilities that still exist within the systems, and much more. So, they don’t have the full picture to make effective decisions.

    In many cases, CEOs believed their company was undertaking more security planning and preparation than was really the case. For example, 56% of CEOs also believed their company was constantly reviewing risk plans, compared to just 32% on average for executives in other fields.

    Giving everyone a seat at the table

    It’s clear that many leaders exist in a bubble of misplaced confidence when it comes to dealing with ransomware and other cyber threats. When a serious attack occurs and the bubble bursts, this disconnect can mean the business suffers far greater financial losses than it needed to, from failing to mitigate the ransomware, to agreeing to massive ransoms and seeing nothing for it.

    The best way to overcome this disconnect is to ensure that all business leaders are included when it comes to cyber resilience and risk mitigation. As the ultimate financial gatekeepers of the business, CFOs along with other C-suite executives should have the opportunity to share their insights and opinions about key decisions, such as security investments and whether paying a ransom demand stacks up against the cost of dealing with lost business and restoring systems.

    Almost every cyber attack is financially motivated, so it’s quite conspicuous why financial leaders must have a seat at the table when having critical discussions on security and risks. Involving every business leader, including the financial heads removes a lot of the guesswork in assessing cyber risks. Their wider engagement can help organisations to make more practical and conscious decisions when faced with sophisticated attacks like ransomware.

    Frequently Asked Questions about Why business leaders must get on the same page in evaluating the financial impact of cyber risk

    1What is ransomware?

    Ransomware is a type of malicious software that encrypts a victim's files, demanding payment for the decryption key. It poses significant financial risks to organizations.

    2What is a CFO?

    A Chief Financial Officer (CFO) is a senior executive responsible for managing the financial actions of a company, including financial planning, risk management, and record-keeping.

    3What is risk management?

    Risk management involves identifying, assessing, and prioritizing risks followed by coordinated efforts to minimize, monitor, and control the probability or impact of unfortunate events.

    4What is cyber risk?

    Cyber risk refers to the potential for financial loss or damage to an organization due to cyber attacks, data breaches, or other information security incidents.

    5What is IT security?

    IT security, or information technology security, involves protecting computer systems and networks from information disclosure, theft, or damage to hardware, software, or data.

    More from Business

    Explore more articles in the Business category

    Image for Submit Your Entry for Years of Excellence Awards 2026
    Submit Your Entry for Years of Excellence Awards 2026
    Image for Nominations Open for Travel & Hospitality Awards 2026
    Nominations Open for Travel & Hospitality Awards 2026
    Image for Submit Your Entry Today for Telecom Awards 2026
    Submit Your Entry Today for Telecom Awards 2026
    Image for Submit Your Entries for The Next 100 Global Awards 2026
    Submit Your Entries for the Next 100 Global Awards 2026
    Image for Submit Your Entry: Public Sector & Governance Excellence Awards 2026
    Submit Your Entry: Public Sector & Governance Excellence Awards 2026
    Image for Nominations Invited for Real Estate Development Awards 2026
    Nominations Invited for Real Estate Development Awards 2026
    Image for Submit Your Entry: Process & Product Awards 2026
    Submit Your Entry: Process & Product Awards 2026
    Image for Call for Entries: HR & Recruitment Awards 2026
    Call for Entries: HR & Recruitment Awards 2026
    Image for Submit Your Nominations Today for Education & Training Awards 2026
    Submit Your Nominations Today for Education & Training Awards 2026
    Image for Join the Corporate Governance Awards 2026: Showcase Your Organisation’s Leadership
    Join the Corporate Governance Awards 2026: Showcase Your Organisation’s Leadership
    Image for Submit Your Entry Today for Business Awards 2026
    Submit Your Entry Today for Business Awards 2026
    Image for Decentralized Masters’ ‘family culture’ building trust instead of hierarchy
    Decentralized Masters’ ‘family Culture’ Building Trust Instead of Hierarchy
    View All Business Posts
    Previous Business PostLeading Industry Players Struggle as Digital Disruptors Seize Control of Consumer Markets
    Next Business PostEmpowering Leaders: How AI Can Enable Better Decision-Making and Success