Back to Blog
6 Dec 2022

The role of the CFO in preventing nasty cyber shocks

The role of the CFO is rapidly evolving, expanding in scope, requiring new capabilities, and demanding greater collaboration with C-suite peers. CFOs influence more functions; procurement, investor relations, M&A’s, digitisation, enterprise and digital transformation. Plus, cyber security.

The intersection between finance and strategy is more acute than ever, and many CFOs emphasise linking finance and strategy in the budgeting cycle. Resource and capital allocation will become important topics on CFOs’ agendas in the next 12 to 24 months. (McKinsey)

It’s no longer just about number-crunching and accountancy. CFOs have a key responsibility to work with their Board to create an environment that promotes efficiency, productivity and profitability.

CFOs can effectively 'park' responsibility for IT costs with an MSP until it's time for contract renewal

More than at any time in the past, the CFO role has become about protecting your business, and your Board, from nasty shocks.

Preparing for the unpredictable

Whilst (we hope) the recent pandemic was a one-off, and few CFOs were ready for such an eventuality, the event has thrown emergency planning into sharp relief.

It made C-level professionals, especially CFOs, more aware of potential risks to cash flow and corporate continuity. Changes to office space, home working, staff churn, damaged supply lines, restricted and changed markets and capacity fluctuations.

Many of these issues can only be addressed through an extensive revision of IT resources, causing massive spikes in expenditure at the very time when income is restricted, and budgets are reduced.

There’s no such thing as normal

Even in ‘normal’ business times, IT demands are increasingly hard to predict. Budgets are hit by competition, technology advances and circumstantial changes.

And let’s not forget the massive rise in cybercrime, which has resulted in an arms race as companies rush to improve resistance. Either through initiatives such as detection and response practices, equipment upgrades and antivirus patches. Increased exposure to threats has come through BYOD, and distributed work-from-home staff.

But the nasty shocks don’t end there. Businesses not proven to have acted in the interests of their customers through lax security or breaches of legislation and data protection can be open to fines. They will almost certainly suffer from reputational damage leading to a loss of trade and a reduction in profitability.

And to pile it on, many successful cyber attacks result in companies paying a hefty ransom; to continue trading, recoup data, intellectual property, and protect their customers.

No wonder so many businesses outsource their IT.

The financial benefits of outsourced IT

58%, 55%, and 60% of small, medium, and large businesses, respectively, outsource their IT and cyber security to an external supplier. Why? Organisations often cite access to greater expertise, resources, and higher cyber security standards (Gov.UK figures 2021-2022*). For all but the largest businesses, the arguments for outsourced IT and cyber security are unequivocable…

Turn CapEx to OpEx

Funding spikes for software and hardware upgrades can be massive; the unexpected costs of threat response measures, plugging the skills gaps and replacing key roles.

Most MSPs will provide a service that dovetails with their customer’s requirements, providing the services they need, when they need them. They will help their customers work to a consistent monthly budget, agreed in advance, spreading costs with predictive cashflow and reducing the need for awkward board permissions and fiscal black holes.

Once a partnership has been agreed and costed, CFOs can effectively ‘park’ responsibility for IT costs with an MSP until it’s time to for contract renewal.

The security landscape is changing daily

Maintaining the skill sets necessary to keep pace with organised cybercrime and malicious viruses has become expensive, especially for SMBs, in terms of equipment and expertise.

A good MSP will have the capacity, the diversity of skills and the up-to-date solutions and patches to maintain seamless third-party cyber security for their customers.

They’ll respond quickly and decisively in the face of an attack or a breach, with accurate reporting and remedial action, limiting exposure to further unexpected costs.


Since April 2019, UK vacancies in the information and communications sector have tripled from approximately 13,000 to over 79,000 (Source ONS).

That has made experienced IT staff one of the fastest-growing labour costs. Working with a reputable MSP will give you privileged access to top IT professionals, 24/7/365. With the right experience, the right people will always be on hand to ensure your systems are working efficiently, maintaining your productivity and competitive edge.

As they provide a managed service, you will not need to take key staff away from other roles, which could damage your operational strengths and business continuity.

Importantly, you will never be without key IT staff due to holidays, illness, maternity/paternity leave or staff churn.

Protect your business from financial shocks. Consider how an MSP might help you streamline your IT costs, maintain productivity and provide reliable end-to-end protection.


*Figures sourced from Gov.UK Cyber Security Breaches Survey 2022

Graham Smith

By Graham Smith