Watch out, CFOs: Cybercrime is booming, says former White House advisor

Daniel shared his concerns with Diane Brady, Fortune’s executive editorial director and author of CEO Daily, on Sept. 26 during Fortune’s CFO Collaborative dinner in Washington, D.C., held in collaboration with our founding partner Workday and sponsor Deloitte. The topic of the evening was cybersecurity and strengthening the alliance between CFOs and CISOs . 

“The criminals have figured out that this is a pretty good business model,” Daniel told a group of prominent CFOs from the D.C. area and beyond.

The cyber threat landscape has a thriving criminal ecosystem that is making a lot of money using “basic flavors” like ransomware, and business email compromise, Daniel said. And catching most of these bad actors may not be likely. In the U.S., the chances of a perpetrator being arrested, convicted, and spending time in jail is about 0.05%, he said. 

Daniel has extensive experience in this area as the former cybersecurity coordinator in the White House Executive Office during the Obama administration. He was also an advisor to Bush and Clinton during his years in the Office of Management and Budget. 

To address the ongoing cybercrime menace Daniel stressed that CFOs and CISOs must form a tight partnership to identify well-researched and supported practices that will meaningfully reduce cyber risk. AI is proving to be useful in helping companies detect early signs of cyber threats, he said. 

At public companies, CFOs and CISOs will also need to speak each other’s languages when it comes to regulatory processes. The U.S. Securities and Exchange Commission’s rule on cybersecurity disclosure went into effect in December. Companies are required to disclose on the Form 8-K any cybersecurity incident within four days of the company determining it to be “material,” such as having a significant impact on the company’s financials, operation, or relationship with its customers. 

Since these regulations have been established, Daniel said there are two broad policy efforts that should take place in the U.S. One of them is establishing set standards of care for cybersecurity. 

Companies bear a responsibility to protect their networks, customers, and data, Daniel said. But at the same time, there haven’t been clear universal guidelines about the right cybersecurity processes, he said. If there were set guidelines and a company followed them but still faced a cyber incident, then it probably shouldn’t be held liable, he said. 

Another policy should be a requirement for software developers to have software that is secure by design, Daniel said. He argued that the software “should come out of the box” already secure, rather than companies having to engage in cybersecurity hardening, a set of processes used to protect sensitive data.

Cybersecurity is an area the CFOs and CISOs need to continually collaborate upon as criminal activity will persist.

“Will you ever be able to drive your cyber risk to zero? No. Not any more than you can drive your natural disaster risk to zero,” Daniel said. 

But you can substantially lower it, make your company more resilient against cyber incidents, and transform this threat into something that you can manage over the long term, he said. 

Sheryl Estrada
sheryl.estrada@fortune.com

The following sections of CFO Daily were curated by Greg McKenna

Leaderboard

Brad Smith was promoted to CFO of Central Garden & Pet Company (Nasdaq: CENT), effective Sept. 29. He succeeds Niko Lahanas, who has been named the company’s CEO. Smith joined Central in 2017 as CFO of the company’s pet division after 12 years at Delhaize Group, where he eventually served as CFO of European operations.

Morgan Conn was appointed CFO of Century Therapeutics (Nasdaq: IPSC), a biopharmaceutical company, effective Oct. 14. He most recently served as chief business officer of Pharvaris and previously spent almost 16 years at PTC Therapeutics, where he started as a researcher before transitioning into several senior business roles. Early in his career, he worked as an assistant professor of chemistry at Amherst College after earning his PhD in organic chemistry from the Massachusetts Institute of Technology.

Big Deal

Discretionary spending by Gen X has been particularly weak compared to previous generations and is down 2% year over year, according to a new report from Bank of America. That’s notable, the report said, because the latest data from the U.S. Bureau of Economic Analysis suggests Gen X contributed the largest share of consumer spending through 2022.

One reason for this austerity is that Gen X is likely saving for retirement. The group’s investments per household are roughly 40% higher compared to the overall population, per the report.

Also, many members of Gen X may be shouldering the costs of simultaneously supporting their adult children and aging parents. While the report noted Gen X is likely the biggest beneficiary of the “great wealth transfer,” the trillions of dollars flowing from Baby Boomers to their heirs, the majority of any financial windfall may still be many years away.

Going deeper

AI can (mostly) outperform human CEOs is a new report from the Harvard Business Review. Researchers from the University of Cambridge and their startup, Strategize, pitted AI models against business students and senior bank executives in a gamified simulation of the auto industry. Artificial intelligence outpaced human subjects at maximizing profitability, though the business students beat both AI and the executives at navigating black swan events like market collapses during the COVID-19 pandemic.

Overheard

“The desire for experiences combined with the fact that millennials, Gen Z, and Gen Alpha live in a digital-first world means we can anticipate more retail spaces in urban environments turning into experience-focused venues.”

— David Silberman, cofounder and CFO at PingPod and its subsidiary PodPlay, wrote in a Fortuneopinion piece about how his startup that runs automated ping pong facilities reached a $50 million valuation in five years