Navigating the Fast-Paced World of Cybersecurity as a CFO: An Interview with Mitesh Jesani

The role of a CFO is always changing and evolving. In what ways has your role as a CFO evolved in the last couple of years, considering the market volatility and various uncertainties?

The role of a CFO has evolved significantly in response to the global pandemic in 2020 and the economic challenges it brought. In this new business environment, CFOs have been tasked with:

• Managing cash flow and financial stability: CFOs have had to ensure that their companies have enough cash to weather the storm of the pandemic-induced recession.
• Assessing and managing financial risks: With so much uncertainty in the market, CFOs have had to be proactive in identifying and mitigating potential financial risks.
• Adapting to a rapidly changing market: CFOs have had to be nimble and responsive, making decisions quickly to adapt to a rapidly changing market. Using tools and technology has allowed automation of the day-to-day tasks, freeing up time and resources for these more value-add issues.
• CFOs have had to stay on top of new tax laws and regulations and ensure that their company is fully compliant.

Overall, the role of a CFO has become even more critical in ensuring the financial health and stability of a company in the post-pandemic world. 

In the remote set-up, cyber risk has increased many-fold. What are the main challenges that CFOs face today?

Data security has become a bigger concern for CFOs. CFOs have to make sure the right protocols and software are in place to prevent data leaks and protect sensitive information. This is an expansion to the responsibility of CFOs, who are tasked with managing the full support function of a company. 

It is a critical responsibility to keep data safe and secure data from potential breaches. 

It's important to consider that the cost of a security breach can be much higher than the cost of implementing strong cybersecurity measures

Many organizations may view cyber security as a cost drain. What are your thoughts on this?

Yes, cybersecurity is a cost for a company.

Implementing and maintaining effective cybersecurity measures often requires investment in technology, software, and personnel. The cost of cybersecurity can include expenses for firewalls, antivirus software, intrusion detection systems, security training for employees, and hiring specialized personnel.

However, it's important to consider that the cost of a security breach can be much higher than the cost of implementing strong cybersecurity measures. A data breach can result in the loss of sensitive information, damage to a company's reputation, and potentially significant financial losses from lawsuits, fines, and lost business.

Therefore, companies typically view cybersecurity as a necessary cost of doing business, as it helps to protect their assets and minimizes the risk of financial losses from a security breach.

What can a CFO do in order to safeguard their department from incidents, and how should a CFO act when there is a breach?

As a CFO, you can take several steps to safeguard your department from cybercrime:

1. Implement strong passwords and regularly change them.
2. Train employees on security awareness and good practices for protecting sensitive information.
3. Invest in anti-virus and anti-malware software.
4. Encrypt sensitive data both in storage and in transit.
5. Use two-factor authentication wherever possible.
6. Implement access controls to limit who has access to sensitive information.
7. Regularly back up important data and store backups in a secure location.
8. Work with a reputable cybersecurity firm to regularly test and assess your department's security measures.
9. Have a well-documented incident response plan in place in case of a security breach.
   

If a breach does occur, it's important for the CFO to act quickly and decisively. 

This might include working with external consultants to handle the situation, as well as communicating with relevant stakeholders and the media. 

It's also important to take steps to prevent future breaches and ensure that your organization's data is secure.

‍With Covid and remote work taking the world by storm, has Spire Solutions benefitted from this trend?  

With more people working remotely and using digital tools to communicate and collaborate, there is a greater need for robust cybersecurity measures to protect sensitive information and prevent data breaches. 

This trend has increased demand for our services, which had a positive impact on our financial performance.

Cybersecurity threats are constantly evolving which makes it difficult for a single company to maintain a competitive advantage over long periods of time

Was your team able to cope with this rapid change from a financial planning and forecasting perspective?

Growth is a nice problem to have, but it can still be a problem.

In our team, we focused on these steps:

1. Conduct market research to understand the current and future demand for cybersecurity services and use this information to inform financial forecasting.
2. Monitor industry trends and developments related to remote work and cybersecurity, and use this information to adjust financial forecasting as needed.
3. Invest in the development of new products and services related to remote work and cybersecurity, and incorporate the potential revenue from these products into financial forecasting.
4. Collaborate with other departments to gain a better understanding of the potential impact of the trends and increased focus on cybersecurity, and incorporate this information into financial forecasting.
   

Cyber-security products take a lot of time to develop and require notable resources. From a financial perspective, how do you choose what products to invest in next?

From a financial perspective, there are several factors that we always consider:

• Market demand: It is important to assess the current and future demand for cyber-security products in the market and prioritize investments in products that are likely to be in high demand.
• Competitive advantage: A company should also consider its own competitive advantage and the potential for different cyber-security products to give it an edge over competitors. Investing in products that provide a unique benefit or advantage can be a smart financial decision.
• Development cost: The cost of developing cyber-security products can be significant, so it is important to consider the potential return on investment carefully and whether the investment is worthwhile.
• ‍Market potential: It can also be helpful to assess the potential market size and growth for different cyber-security products and prioritize investments in products with a large and growing market.

During your extensive career, you had a chance to manage the finances of manufacturers and energy companies. Could you highlight the main differences between the industries from a financial and expense management perspective?

Firstly, manufacturers and energy companies typically have large capital investments in physical machinery or infrastructure that must be carefully managed. 

Cybersecurity companies tend to have much lower capital investments as their primary assets are software licenses and personnel. But cybersecurity companies often have large expenses associated with research and development in order to stay ahead of ever-evolving malicious threats.

Secondly, manufacturers and energy companies tend to have competitors that are in the same country or region. Producing their output in similar conditions. 

Cybersecurity companies face global competition. Meaning that some companies may have easier access to cheaper or a bigger workforce pool.

Also, cybersecurity threats are constantly evolving which makes it difficult for a single company to maintain a competitive advantage over long periods of time.

Finally, the regulatory landscape is much more significant for  the energy and manufacturing industries. 

While there are some industry-specific guidelines for cybersecurity firms, these rules are often less rigorous than those imposed on manufacturers or energy producers.

Expense tracking and reporting systems help us to monitor our spending in real-time and identify areas where there may be overspending. 

What are some of the main strategies put in place to keep expenses under control? Do you still have to tackle manual spend management, or is Spire Solutions fully digital in this sense?

Setting clear budgets and spending limits: By setting clear budgets and spending limits, we ensure that we are not overspending on different expenses. 

We conduct regular expense audits as they help us to identify overspending or where we could cut costs. 

Expense tracking and reporting systems help us to monitor our spending in real-time and identify areas where there may be overspending. 

Since you’ve joined Spire Solutions, which expense category would you say had increased the most? What caused it?

Personnel and labor costs! This increase is caused by the high demand for skilled security experts. The latest trends in digitization and remote work highlighted the importance of cybersecurity. So organisations have to invest more money in order to hire and retain top talent, as well as train existing employees.

What are the main opportunities and challenges you will face as a CFO in the next 5 years?

In the next 5 years, the main opportunities for a CFO will include:

• Digitization and automation of financial processes, leading to increased efficiency and cost savings.
• The use of data and analytics to drive decision-making and improve financial performance.
• Increased focus on sustainability and ESG initiatives, which may lead to new revenue streams and cost savings.
• A growing emphasis on strategic partnerships and M&A activity, which can provide access to new markets and technologies.

The main challenges for a CFO in the next 5 years will include:

• Managing the economic uncertainty and volatility resulting from ongoing geopolitical and macroeconomic events.
• Staying ahead of rapid technological change, including emerging technologies such as blockchain, AI, and cloud computing.
• Addressing the increasing complexity of regulatory requirements and compliance, especially in the wake of recent data privacy regulations.
• Balancing the need to invest in growth initiatives with the requirement to maintain financial stability and discipline.
  

What main changes have you implemented to reflect the upcoming corporate TAX regulations?

Good governance, cost management & compliance is always high priority. Ensuring the FR is correctly set up and all the data required for the upcoming regulatory changes are correctly reflected today. 

At this point, we are fully prepared for the tax changes!