First Midwest BankFirst Midwest Bank logoArrow DownIcon of an arrow pointing downwardsArrow LeftIcon of an arrow pointing to the leftArrow RightIcon of an arrow pointing to the rightArrow UpIcon of an arrow pointing upwardsBank IconIcon of a bank buildingCheck IconIcon of a bank checkCheckmark IconIcon of a checkmarkCredit-Card IconIcon of a credit-cardFunds IconIcon of hands holding a bag of moneyAlert IconIcon of an exclaimation markIdea IconIcon of a bright light bulbKey IconIcon of a keyLock IconIcon of a padlockMail IconIcon of an envelopeMobile Banking IconIcon of a mobile phone with a dollar sign in a speech bubbleMoney in Home IconIcon of a dollar sign inside of a housePhone IconIcon of a phone handsetPlanning IconIcon of a compassReload IconIcon of two arrows pointing head to tail in a circleSearch IconIcon of a magnifying glassFacebook IconIcon of the Facebook logoLinkedIn IconIcon of the LinkedIn LogoXX Symbol, typically used to close a menu
Skip to nav Skip to content
FDIC-Insured - Backed by the full faith and credit of the U.S. Government

Cybersecurity, IT top CFOs’ spending hike list

Dive Brief:

  • Cybersecurity and digital transformation top the list of areas where CFOs expect to increase spending in the next 12 months, according to a recent Grant Thornton survey.

  • For the first time since the fourth quarter of 2021, IT and digital transformation ranked as the second-most popular area (53%) selected by finance chiefs for higher spending, according to the quarterly CFO survey. Cybersecurity reached the top of the list (59%), clinging to a spot it has held since the first quarter of 2021.

  • Besides IT and cybersecurity, other areas that ranked in the top 10 include sales and marketing (37%); workforce, compensation and benefits (37%); training and development (36%); real estate (33%); and environmental, social and governance initiatives (33%).

Dive Insight:

The findings come at a time when C-suite leaders are under heightened pressure to prioritize cybersecurity and technology investments, with rising stakes for them and their companies.

Emerging technologies such as generative AI are widely expected to transform the business world in coming years, helping those organizations that use it to boost their productivity and competitiveness.

Grant Thornton’s latest research found that AI has caught CFOs’ eyes as a potential game changer in a number of areas, including content creation and summarization, responding to queries, and writing software code. Nearly one-third (30%) of CFOs said their organizations are using generative AI. An additional 55% said they are exploring potential uses for the technology.

However, the study also showed that many businesses may not be prepared to undertake responsible AI initiatives at the moment. Just 52% of those using generative AI have clearly defined acceptable use policies, and 44% say their board of directors has taken an active role in understanding governance over AI.

“First and foremost, you need to have somebody focused on where and how you’re applying AI and advanced analytics so it’s consistent with your strategy and adding value,” Chris Lilley, technology transformation principal at Grant Thornton, said in a statement included in the survey report.

Cybersecurity is also quickly escalating as a C-suite level priority, amid a rise in sophisticated and costly cyberattacks in recent years as well as growing regulatory pressures.

The global average cost of a data breach in 2023 was $4.45 million, a 15% increase over three years, according to a report released by IBM.

The Biden administration has taken an increasingly aggressive stance when it comes to regulating businesses and holding them accountable in the area of cybersecurity.

In late June, SolarWinds disclosed that its CFO and chief information security officer might be facing a Securities and Exchange Commission civil enforcement action over possible violations related to a 2020 cyberattack targeting the company’s Orion IT management platform.

In another high-profile case, the former chief security officer of Uber was convicted last year of covering up a data security breach while his firm was under investigation by the Federal Trade Commission for prior cybersecurity lapses.

After the verdict, U.S. Attorney Stephanie Hinds said in a statement released by the Department of Justice that companies are expected to safeguard the data they collect and store and, in the event of a breach, alert customers and appropriate authorities.

“We will not tolerate concealment of important information from the public by corporate executives more interested in protecting their reputation and that of their employers, than in protecting users,” Hinds said at the time.

Meanwhile, in July, the SEC adopted new rules requiring public companies to disclose “material cybersecurity incidents.” Under the rules, which are expected to go into effect 30 days after publication in the Federal Register, companies will need to disclose the incident with the SEC on form 8-K.

"While we are still waiting to see what the penalties for failing to report will be, we can assume from incidents like Uber and SolarWinds that it will lead to a DOJ situation where individuals’ jobs will be on the line,” George Gerchow, chief security officer and senior vice president of IT at Sumo Logic, provider of a software-as-a-service analytics platform, said in an emailed statement.

 

This article was written by Alexei Alexis from CFO Dive and was legally licensed through the Industry Dive Content Marketplace. Please direct all licensing questions to legal@industrydive.com.

Subscribe for Insights

Subscribe