By Andrew Harding
With the frequency and sophistication of cyberattacks continuing to rise, it is not surprising company boards worldwide are putting this issue to the top of their risk registers. This means that finance leaders must step up their game to help organisations build resilience – enabling them to navigate risk, respond and recover from cyber threats.
In 2025 global cyber attacks increased 30% over the previous year, with an average of 2510 weekly attacks per organisation recorded in the APAC region according to Demand Sage. And when things go wrong they cost money and impact reputation- the average cost of a data break reaching US$4.4m according to IBM’s Cost of a Data Breach Report 2025. These figures underscore the urgency for finance leaders to act.
A failure to protect against cyberattacks not only exposes businesses to significant financial losses but threatens their reputation and erodes customer trust. Take, for example, the ongoing issue at Jaguar Land Rover (JLR), the car maker, where a cyber security attack has halted production and impacted the whole supply chain resulting in the suspension of jobs and likelihood of company bankruptcies among its supplier ecosystem. Today, cyber security is not simply something for the IT team to manage but a strategic business risk ignored at peril.
So, what should finance leaders and their teams be doing?
The role of the Chief Financial Officer (CFO) and the finance function is undergoing a profound transformation, reflecting their expanding influence in shaping business strategy, resilience, and long-term value creation. No longer limited to traditional financial stewardship, CFOs are now central to enterprise-wide initiatives that drive sustainable growth and operational continuity.
A key area where this evolution is most evident is in cybersecurity and cyber resilience. As digital threats grow in complexity and financial impact, the CFO’s role has shifted from passive oversight to active strategic leadership. Today, CFOs are instrumental in embedding cyber risk into financial planning, governance, and enterprise risk management—positioning cybersecurity as a foundational element of business resilience and a critical enabler of trust, stability, and stakeholder confidence.
This shift makes it essential for finance teams to play an active role in shaping and supporting their organisation’s cyber resilience strategy.
Here’s how:
Cyber risks should be part of the organisations broader risk management framework. The finance team needs to work closely with the IT team to identify and assess vulnerabilities in financial systems and data storage, ensuring that cyber risks are proactively managed.
Staying on top of cybersecurity regulations and ensure organisational compliance is crucial. The finance team has a critical role to play in ensuring that their organisation complies data protection laws, many of which require businesses to implement cybersecurity measures and report breaches in a timely manner.
The finance team must understand the financial implications of a cyber incident. They should work in partnership with the IT team to devise a solid incident response plan, ensuring that all stakeholders know their roles and that the organisation can respond swiftly and effectively in the event of a breach.
Investing in cybersecurity tools and resources should be a strategic priority. The finance team needs to ensure that sufficient financial resources are allocated to cybersecurity initiatives, including training, technology upgrades, and incident response capabilities, to help strengthen their organisation’s cyber resilience.
With cyber threats escalating in scale and severity, cybersecurity can no longer be sidelined. Finance professionals—armed with deep business insight—must take a leading role in protecting data, guiding investment decisions, shaping governance, evaluating insurance, and supporting incident response. A key resource available to finance teams is the CGMA Cybersecurity Tool 2025, which offers practical guidance.
The cost of inaction is steep: financial loss, reputational damage, and even business failure. It’s time for finance leaders to step up, apply their expertise, and drive cyber resilience.
Andrew Harding, FCMA, CGMA, Chief Executive – Management Accounting, The Chartered Institute of Management Accountants.
