{"id":240309,"date":"2026-07-04T12:04:00","date_gmt":"2026-07-04T16:04:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/07\/04\/cybersecurity-lands-on-the-cfos-desk\/"},"modified":"2026-07-04T12:50:08","modified_gmt":"2026-07-04T16:50:08","slug":"cybersecurity-lands-on-the-cfos-desk","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/07\/04\/cybersecurity-lands-on-the-cfos-desk\/","title":{"rendered":"Cybersecurity lands on the CFO\u2019s desk"},"content":{"rendered":"<p><a href=\"https:\/\/www.manilatimes.net\/2026\/07\/05\/business\/sunday-business-it\/cybersecurity-lands-on-the-cfos-desk\/2378378\">Cybersecurity lands on the CFO\u2019s desk<\/a><\/p>\n<p><a href=\"https:\/\/www.manilatimes.net\/2026\/07\/05\/business\/sunday-business-it\/cybersecurity-lands-on-the-cfos-desk\/2378378\">https:\/\/www.manilatimes.net\/2026\/07\/05\/business\/sunday-business-it\/cybersecurity-lands-on-the-cfos-desk\/2378378<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-04 12:04:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.manilatimes.net\">www.manilatimes.net<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points.<br \/>\n                                            FOR YEARS, when a cybersecurity question reached the chief financial officer (CFO), the answer was simple: talk to the IT department. That answer is gone. Sunil Golecha, finance chief for Japan and Asia-Pacific at Palo Alto Networks, says nearly every CFO he now meets ranks cybersecurity among the top three issues they bring to the board. It is the shift Bernadette Nacario, the company\u2019s country manager for the Philippines, raised at a recent media briefing. Cybersecurity used to be viewed as a technical cost, she said. Now it sits with the board and the C-suite because a breach affects revenue, customer trust, business continuity and enterprise value.<br \/>\nThat framing is no longer just a vendor\u2019s pitch. On June 22, the cybersecurity agencies of Australia, Canada, New Zealand, the United Kingdom and the United States \u2014 the group often called the Five Eyes \u2014 issued a joint statement warning that frontier artificial intelligence (AI), the most advanced models of their kind, will reshape both attack and defense within months. Their language was blunt. Cyber risk \u201ccan no longer be treated as a purely technical issue,\u201d they wrote. \u201cThis is a core business risk and leadership responsibility.\u201d The wording closely echoes Nacario\u2019s point, but this time it came from governments rather than a security company.There is already a clock on it. Philippa \u201cPip\u201d Cogswell, managing partner for Unit 42 in Japan and Asia-Pacific, the threat intelligence arm of Palo Alto Networks, says the fastest intrusions now move from initial compromise to data exfiltration \u2014 the point at which stolen data leaves the network \u2014 in about 72 minutes. That is faster than most companies can respond, which is why cybersecurity can no longer remain below board level.<\/p>\n<p>So what changes when the CFO joins the conversation? Golecha says the questions come quickly. How do I measure the return on security investment? And how do I tell the board, with a straight face, that the company is secure?His first observation is uncomfortable. Most CFOs cannot say how much their own company spends on security. He cites research showing that the average enterprise uses about 83 security tools from 29 different vendors, leaving spending scattered across budgets that no single person in finance or procurement can fully see. The solution he advocates is consolidation, what Palo Alto calls platformization, reducing dozens of vendors to a handful. Readers should weigh that as a vendor\u2019s prescription. Consolidation also concentrates risk: fewer tools to manage, but greater dependence on a single supplier. Still, the central point stands. The problem is often not too little spending, but too little visibility into where the money goes.<\/p>\n<p>            Get the latest news <\/p>\n<p>                delivered to your inbox<br \/>\n            Sign up for The Manila Times newsletters<\/p>\n<p>            By signing up with an email address, I acknowledge that I have read and agree to the Terms of Service and Privacy Policy.<\/p>\n<p>When discussing return on investment, Golecha turns to an established discipline. Insurers price risk through actuarial analysis, assigning a financial value to the likelihood and cost of an event that has not yet occurred. Security can borrow that thinking. He tells CFOs to consider the cost of inaction. If your systems go offline for 30 minutes, what do you lose? A ride-hailing app earns nothing while it is down because the app is the business. A neighborhood store with a little-used website continues selling. The answer depends on how much of the business operates online. It also depends on suppliers because one supplier\u2019s breach can halt operations without attackers ever directly compromising your own systems.He points to listed companies. Large firms, he notes, have lost 15 to 20 percent of their market value within a day or two of a major cyber incident, amounting to billions. In more jurisdictions, directors also face personal accountability when a breach is traced to a failure to meet their fiduciary responsibilities. That is why cybersecurity reaches the board. A breach threatens the very things finance is responsible for protecting: the company\u2019s financial health and its ability to continue operating.<\/p>\n<p>The stakes in the Philippines are even higher for smaller firms, and Golecha does not suggest the platform model fits everyone. Most local businesses are small and medium-sized enterprises and will never operate 83 security tools. He estimates that a defensible cybersecurity budget is less than 7 percent of revenue for a brick-and-mortar business and more than 10 percent for a company that operates primarily online, depending on its level of exposure. For companies adopting AI, his advice is to allocate 8 to 10 percent of the AI budget to securing it, a step many organizations skipped during the rush to cloud adoption in the pandemic.For a small business with no data center and few employees, the checklist is short: control who can log in, protect employee devices, secure the browser and secure the cloud services the business relies on. Identity comes first, he says, so no unauthorized person gets through the door.<\/p>\n<p>The reason to invest is survival. Golecha invokes a phrase familiar to finance professionals: the going concern, the assumption that a company will continue operating indefinitely. A breach can end that. A large bank can absorb weeks of disruption and survive. A small business often cannot. Picture a coffee shop with a customer loyalty database and a payment system, convinced it is too small to attract attackers. Attackers go where the data is. By the time that lesson is learned, the going concern may already be gone.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity lands on the CFO\u2019s desk https:\/\/www.manilatimes.net\/2026\/07\/05\/business\/sunday-business-it\/cybersecurity-lands-on-the-cfos-desk\/2378378 Publish Date: 2026-07-04 12:04:00 Source Domain: www.manilatimes.net Author:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":240310,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/manilatimes.net\/manilatimes\/uploads\/images\/2026\/07\/04\/1124476.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,30,24],"class_list":["post-240309","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-breach","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/240309"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=240309"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/240309\/revisions"}],"predecessor-version":[{"id":240311,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/240309\/revisions\/240311"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/240310"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=240309"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=240309"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=240309"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}