"When you start looking at why [a] company had a weak security program, it usually comes down to allocation of resources," says Jody Westby, the chief executive officer of Global Cyber Risk, a consulting firm. "The CFO should be very concerned, because often it’s the security programs that have been starved for cash."
Nevertheless, complaints about malfunctioning computer security departments seldom rise to the level of the finance chief because IT safety employees often report to chief information officers, who in turn report to CFOs, according to Westby.
Problems with CIOs reporting to CFOs arise when cost-obsessed finance chiefs are prone to automatically nix every project.
Timely, incisive articles delivered directly to your inbox.