Expand +



The CFO’s Critical Role in the Data Security War

by Michael Kummer | SAPinsider, Volume 15, Issue 2

April 1, 2014

While for a long time data security was considered an IT concern, organizations are now accepting that it is actually a business problem. From a CFO’s perspective, a data breach could impact revenues, good will, reputation, and client trust — all of which come down to cost, whether it’s lost revenues or remediation. This article looks at the crucial role CFOs play in preventing, mitigating, and recovering from data thefts and breaches, and what CFOs need to do to ensure that their organizations are safe from malicious attacks.

Data thefts and breaches of unprecedented magnitude produce headlines nearly every day. From retail giants and financial institutes to healthcare and consumer companies, no organization is immune. For a long time, data security was considered solely a concern of the IT department. Now organizations are accepting that data security is actually a business problem. Think about how much sensitive data is currently stored inside your servers and SAP systems. Sales and forecast figures, financial and tax data, employee private data, product specifications, and trade secrets — what would it mean for your company if this data ended up in the wrong hands?

From a CFO’s perspective, a data breach could impact revenues, good will, reputation, and client trust. That all comes down to cost, whether it’s lost revenues or remediation. As the senior leader responsible for handling risk and compliance for an entire company, the CFO plays a crucial role in preventing, mitigating, and recovering from data thefts and breaches. To ensure the company is safe from malicious attacks and to assist the security and compliance teams, the CFO must:

  1. Know the data. The CFO needs to have a handle on what information is most valuable to the business and to others, where it resides, who touches it, and how access is managed.
  2. Understand security risks. One of the top security challenges is dealing with increasing amounts of sensitive company data traveling outside network walls.
  3. Be proactive — invest in new technologies. Criminals are constantly developing more sophisticated cyberattacks. The insider threat is on the rise, and the explosion of cloud computing and mobility only adds to this complicated issue. New threats require new technologies.
The Dangers of Poor Data Security

Based on data from 2011 and 2012, studies have found that:

  • The average cost of a data breach in the US was over $5.4 million.*
  • The average lost business cost was over $3 million.*
  • 90% of US companies experienced leakage or loss of sensitive
    documents over 12 months.**
  • 70% of companies say that many employees, contractors, and partners have access to sensitive data.**

*Ponemon Institute, “2013 Cost of Data Breach Study: Global Analysis” (May 2013;
**Ponemon Institute, “2012 Confidential Documents at Risk Study” (July 2012;

Protect Your Data at the Source

Business revolves around information, and your company has probably implemented multiple measures to protect that precious data inside your SAP systems. But there is an often-overlooked “blind spot” that may leave your most sensitive data vulnerable and exposed — information traveling outside your network walls. Once all of those reports, marketing plans, and sales prognoses are exported from the SAP system, all previously applied protection disappears.

How do you find a balance between data sharing and security? The answer is to enforce protection on the data and documents themselves. Based on a well-established data protection and rights management technology from Microsoft, Halocore for SAP NetWeaver intercepts every download, and classifies and protects documents before they leave the secure boundaries of the SAP system. Once protected, it doesn’t matter where the data is stored or who gets it — only authorized users can access it.

Learn More

For more information on how Halocore for SAP NetWeaver can help you win the data security war, visit us at or contact us for a free demo at

An email has been sent to:


Michael Kummer
Michael Kummer

Information Security
Expert and President
SECUDE Americas

More from SAPinsider


Please log in to post a comment.