Many organizations have their top IT position reporting to the CFO. If that’s you, as the CFO, you now carry the significant burden of leading during a cybersecurity breach.

Already deeply involved in risk management, the CFO must continuously assess threats based on technical feedback from the IT team. Questions arise rapidly:

• Can we recover?

• Should we consider paying the ransom?

• How much will downtime affect revenue?

These are just a few of the high-stakes decisions you must confront. As the person closest to the CEO with direct insight into the IT team’s latest updates, you play a critical role in real-time decision-making. Meanwhile, calls with legal counsel start piling up as you assess potential fines and SEC reporting obligations.

As you begin to emerge from the crisis, you recognize a fiduciary duty to shareholders: preventing this from ever happening again. This typically leads to unplanned spending to patch the vulnerabilities that allowed the breach. Cybersecurity consultants may seize the moment, proposing solutions that significantly increase your technology spend.

You trust your IT team, but the technical details behind the breach are complex. You are not convinced the root cause was the absence of certain tools. Your instincts to protect the organization’s budget are valid. In many cases, breaches stem from failures in policy or procedure rather than missing technology. Every improvement in tooling helps, but you will remain vulnerable if you do not first address weaknesses in governance.

That is where I come in at MoveOn. I help identify the policy and procedural gaps that led to breaches, ensuring the fundamentals are solid before you commit to expensive new tools.