Cybersecurity and digital transformation top the list of areas where CFOs expect to increase spending in the next 12 months, according to a recent Grant Thornton survey.
For the first time since the fourth quarter of 2021, IT and digital transformation ranked as the second-most popular area (53%) selected by finance chiefs for higher spending, according to the quarterly CFO survey. Cybersecurity reached the top of the list (59%), clinging to a spot it has held since the first quarter of 2021.
Besides IT and cybersecurity, other areas that ranked in the top 10 include sales and marketing (37%); workforce, compensation and benefits (37%); training and development (36%); real estate (33%); and environmental, social and governance initiatives (33%).
The findings come at a time when C-suite leaders are under heightened pressure to prioritize cybersecurity and technology investments, with rising stakes for them and their companies.
Emerging technologies such as generative AI are widely expected to transform the business world in coming years, helping those organizations that use it to boost their productivity and competitiveness.
Grant Thornton’s latest research found that AI has caught CFOs’ eyes as a potential game changer in a number of areas, including content creation and summarization, responding to queries, and writing software code. Nearly one-third (30%) of CFOs said their organizations are using generative AI. An additional 55% said they are exploring potential uses for the technology.
However, the study also showed that many businesses may not be prepared to undertake responsible AI initiatives at the moment. Just 52% of those using generative AI have clearly defined acceptable use policies, and 44% say their board of directors has taken an active role in understanding governance over AI.
“First and foremost, you need to have somebody focused on where and how you’re applying AI and advanced analytics so it’s consistent with your strategy and adding value,” Chris Lilley, technology transformation principal at Grant Thornton, said in a statement included in the survey report.
Cybersecurity is also quickly escalating as a C-suite level priority, amid a rise in sophisticated and costly cyberattacks in recent years as well as growing regulatory pressures.
The global average cost of a data breach in 2023 was $4.45 million, a 15% increase over three years, according to a report released by IBM.
The Biden administration has taken an increasingly aggressive stance when it comes to regulating businesses and holding them accountable in the area of cybersecurity.
In late June, SolarWinds disclosed that its CFO and chief information security officer might be facing a Securities and Exchange Commission civil enforcement action over possible violations related to a 2020 cyberattack targeting the company’s Orion IT management platform.
In another high-profile case, the former chief security officer of Uber was convicted last year of covering up a data security breach while his firm was under investigation by the Federal Trade Commission for prior cybersecurity lapses.
After the verdict, U.S. Attorney Stephanie Hinds said in a statement released by the Department of Justice that companies are expected to safeguard the data they collect and store and, in the event of a breach, alert customers and appropriate authorities.
“We will not tolerate concealment of important information from the public by corporate executives more interested in protecting their reputation and that of their employers, than in protecting users,” Hinds said at the time.
Meanwhile, on Wednesday, the SEC adopted new rules requiring public companies to disclose “material cybersecurity incidents.” Under the rules, which are expected to go into effect 30 days after publication in the Federal Register, companies will need to disclose the incident with the SEC on form 8-K.
"While we are still waiting to see what the penalties for failing to report will be, we can assume from incidents like Uber and SolarWinds that it will lead to a DOJ situation where individuals’ jobs will be on the line,” George Gerchow, chief security officer and senior vice president of IT at Sumo Logic, provider of a software-as-a-service analytics platform, said in an emailed statement.