CFOs & Cyberattacks: forewarned is forearmed

Published May 15, 2024

  • Banking
  • Cybersecurity
  • Insurance

831. That’s how many intrusions were reported by the ANSSI (French National Agency for Information Systems Security) in its 2022 Panorama de la Cybermenace (Cyber Threats Panorama). Last year, Wavestone’s Computer Emergency Response Team -dealt with more than 30 major security incidents.

Usually, companies assign IT the duty of thwarting cyberattacks. But could the Finance team contribute to cybersecurity, too?

  •  831 cyberattacks in 2022

Cyberattacks are fact… not fate

Cyber threats evolve over time. They start out as risks to be cautious of, then become attacks to be contained while also learning from them. Cyberattacks are mostly financially motivated and often occur through ransomware. Three-quarters of these attacks are opportunistic, as they do not target a specific type of organization.

Two reasons to remain optimistic 

  1. Average time to detect an intrusion has dropped significantly, from 167 days in 2019 to 35 days in 2022.
  2. Large organizations that have been able to invest to protect themselves are the ones that are coping the best.

First actions to take during a cyberattack

In some cases, the breach involves a system failure. Access to the information system (IS) is then cut off and IT teams focus on crisis management and IS reconstruction. In this case, functional business lines are instructed to operate autonomously, without an information system, to allow the IT Department to focus on rebuilding the IS. Unfortunately, this situation can last 2 to 3 weeks… or even longer.

While this may be stressful, especially during budget planning or closing periods, here are specific moves the Finance team should take:

  • Set up a specific crisis governance, mirroring that of the IT team
  • Establish communication channels to coordinate the entire Finance team
  • Inform auditors and banking partners throughout the crisis, if necessary
  • Evaluate operating losses and align with insurance companies


At this stage, the Finance team faces two possible situations:

It is crucial to define priorities, establish operational procedures to ensure efficiency in a degraded mode and ensure cash flow: monitor cash receipts, negotiate tax payments with the authorities, prioritize supplier payments, etc. At the same time, if operations are not stopped, it is important to track all management activities.

Once the information system is restored, all physical, information system and financial flows must be resynchronized. Finally, Finance activities must be restarted in coordination with IT teams.

While it is possible for Finance teams to find solutions in a hurry, being prepared for cyber risks is the best way to limit their negative impact.

After the crisis: drawing lessons

Any crisis management should result in a reporting and feedback process that includes both business and IS/IT perspectives, as part of a continuous improvement approach. Make sure the CFO is involved in the post-attack review. And include your CFO when updating measures to improve the resilience of all business teams to cyber attacks.

And you – how ready are you in the event of an attack?


  • Robert Cabezudo

    Partner – France, Lyon