Date posted: 21/04/2023 5 min read

Why CFOs need to fight cybercrime

Leaders who assume that the IT team will detect and defuse all online threats misunderstand how IT incidents have evolved, which can be a costly mistake. Brought to you by Eftsure.

The number of cybercrimes reported in Australia rose 13% last year to 76,000 – more than 200 every day. And those figures don’t even include the massive Optus and Medibank data breaches. The average cost of each incident rose too, by 14% to $39,000 for small businesses and $62,000 for large ones.

The Internet has become a ‘battleground’ according to the Australian Signals Directorate, one that’s ‘increasingly the domain of warfare.’ It makes sense that organisations are investing more and more in cybersecurity, but, according to one industry expert, they need to deploy another weapon in the battle to stay safe: the CFO.

“Cyber attacks have always been seen as an IT issue, but that fundamentally misunderstands the modern fraud landscape,” says Gavin Levinsohn, chief growth officer at Eftsure. “The threats are becoming more sophisticated and corporate thinking needs to catch up.”

Levinsohn points out that traditional attacks and breaches are more prevalent than ever, but they’re compounded by an influx of social engineering scams – ones that exploit human error, which IT and security can’t oversee or eliminate completely.

“Social engineering uses psychological manipulation more than technology. For instance, Business Email Compromise (BEC) is where a fraudster infiltrates the email account of a supplier or trading partner of an organisation and weaponise that account by deceiving the supplier’s customers into making fraudulent payments.”

Levinsohn argues that an up-to-date mix of technology, processes and culture is the strongest defence. And finance chiefs – working in close collaboration with IT – are in the perfect position to drive that defence and bridge the gaps between siloed teams. CFOs are increasingly important in preventing cybercrime because it’s usually financially motivated – criminals want an organisations’ money. CFOs are already responsible for protecting that cash, which is why they implement internal controls and anti-fraud measures.

Levinsohn has identified four key components of a strong anti-cybercrime stance:

1. Culture & training

Awareness is critical so your team can spot the latest scams. You want a culture where people feel comfortable raising their hands when something seems dodgy – especially if they’ve already clicked on something questionable!

2. Security hygiene

All firms should use two-factor authentication, and require longer, more charactercomplex passwords, as well as making sure those passwords are different across their entire range of apps and accounts.

3. Policies & procedures

It’s essential that risks are quantified for every process within a business, including areas not normally associated with data breaches or hacking. Practices such as segregation of duties and the rigorous management of staff entry and exit will reduce possible exposure.

4. Technology

There are many products available, but the most crucial are virus protection, perimeter defence, ID management, secure vendor management and payment verification. “IT professionals tend to be focused on improving security hygiene across an entire organisation,” Levinsohn says. “They’re less able to prevent scams or frauds that exploit process failures, such as gaps in internal financial controls or vendor management.

“It’s a real risk for CFOs, because they’re responsible for protecting finances, and they won’t build strong defences if they only think about analogue crime. Without a strong defence against cybercrime, organisations are risking serious financial loss and reputational damage.” 

Free guide for CFOs

Eftsure helps businesses prevent fraud, manage compliance and combat cybercrime. To download a free guide on how CFOs can prevent cybercrime, visit