Recent­ly I read a good blog post over at Robert Half called CFOs and Cyber­se­cu­ri­ty: Are You Doing All You Can?

They offered four tips to con­sid­er in for­mu­lat­ing a cyber­se­cu­ri­ty strat­e­gy (I’ve sum­ma­rized the tip in ital­ics):

1. Help iden­ti­fy risks: Part­ner with your CIO to find quick wins.
2. Be aware of prob­lem­at­ic dis­missals: Quick­ly deac­ti­vate accounts for depart­ing staff and make smart hires to reduce the risk of bad end­ings.
3. Prac­tice what you preach: Set a great exam­ple of cyber­se­cu­ri­ty hygiene.
4. Bring all hands on deck: Fig­ure out how to engage every­one.

It’s a good list, but CFOs also need a reli­able, data-dri­ven way to know where to allo­cate mon­ey and peo­ple so all their cyber risks are well-man­aged. So, let me add:

5. Mea­sure sta­tus quo

If done well, that data, along with the results of their risk man­age­ment deci­sions, can make a com­pelling sto­ry they can share with their stake­hold­ers, includ­ing their fel­low exec­u­tives and board of direc­tors.

6. Share the results with your stake­hold­ers

What else should we add to the list?