Multinational cybersecurity company Palo Alto Networks, which provides security for 85 of the top Fortune 100 companies and has a large presence in Australia, says CFOs have increased responsibilities to safeguard the financial and reputational health of their organisations.

Along with chief information and risk officers, CFOs are now among the three most important individuals involved in cybersecurity.

Palo Alto Networks Asia Pacific and Japan president Simon Green told The Australian that as quantum attacks loom and deepfakes become mainstream tools of deception, businesses must innovate or risk being outpaced by adversaries.

“The existential threat of cyber means the role of CFO is no longer just financial governance, but now having to be involved in risk, return and share. This threat means cyber needs to play an important role in audit committees and knowing what the risk implications are,” he said.

“The stakes have never been higher, and trust will be the ultimate currency in this new era of cybersecurity. Those who fail to adapt risk not just breaches but irreparable damage to their reputation and resilience.”

Cyber attacks on Australian corporations have increased significantly. The Australian Signals Directorate and Australian Cyber Security Centre warned this month about an attack from Chinese hackers, identified as “Salt Typhoon”, which infiltrated the mobile networks of a dozen companies.

In September, hardware chain Total Tools suffered a major data leak impacting 30,000 customers, while 160,000 people whose passport and Medicare numbers were leaked online after Optus was hacked in 2022 have joined a class action against the telco.

The regulatory landscape has further heightened the stakes. Bodies such as the ASX and ASIC are compelling boards to report on cybersecurity readiness, and CFOs are stepping up to provide necessary risk assessments and security reporting.

Mr Green said CFOs are now key players in addressing existential risks by securing operations, managing budgets and safeguarding organisational reputation.

“Regulatory pressure has elevated the conversation around cyber, and that’s why CFOs are having to be more involved, because they should worry about risk and reputation, and those existential threats that could potentially not allow them to deliver on that,” he said.

“At the end of the day, reputation is what a lot of businesses trade on and have built up over the past 100-plus years for those such as the large banks. Imagine if that was to be stripped away overnight by one major cyber incident.”

The growing attack surface, driven by mobility and digital transformation, has reinforced the need for collaboration between CFOs, chief information, and chief information security officers. CFOs are now more involved in ensuring financial and operational security, addressing questions such as payroll continuity and data protection.

Mr Green said while there is a lot of enthusiasm from boardrooms about the benefits AI offered, adversaries were having the same conversations about their own capabilities to try to infiltrate these organisations.

“AI is manifesting in different forms from video, audio, as well as productivity tools, and adversaries are using it to deliver business email compromise. ChatGPT has allowed attacks using just old methods of business email compromise to be more convincing by removing spelling mistakes that would have stood out,” he said.

He added that businesses needed to evaluate how AI infrastructure such as language models is stored to prevent unauthorised access.

Enterprises are increasingly adopting platform-based approaches to cybersecurity to reduce fragmentation, improve efficiency and lower costs. Palo Alto Networks’ core product is a platform that includes advanced firewalls and cloud-based offerings, extending protection across various aspects of security.

Mr Green said the heightened focus on cybersecurity has driven consistent growth in budgets despite frustrations over the fragmented nature of the industry and the proliferation of tools that often lack integration.

“Whether it is a CFO or CEO, they always say that their chief information security officer is always asking for more money every year,” Mr Green said. “Part of the problem is the cyber industry, which is highly fragmented, and means people are deploying a lot of capabilities inside their organisation and buying more tools.”

In 2025, organisations are expected to address increased complexity by reducing the number of cybersecurity tools in use and shifting to unified platforms offering enhanced visibility and control.

“When you can integrate capabilities and get better efficiency, it helps to lower both the cost and the risk, and in turn hopefully boosts the company’s defence against potential attacks.”

While financial governance remains a core aspect of the CFO’s role, they are now tasked with ensuring financial security while managing growing cybersecurity budgets.

“Against all of this, CFOs want to know how to consolidate and not spend as much money, or ‘if I spend the same amount of money, how does that same amount of money increase my cybersecurity posture?’,” Mr Green said.

More Coverage

Bada Bing, Bada Boom: Our top business yarns for 2024

Lilly Vitorovich

In their own words: top CEOs answer the big questions

Eric Johnston

Originally published as Palo Alto Networks says Aussie CFOs have key role to tackle cyber threats in 2025