Proof Cybersecurity Is A Management Problem

Back on March 28th, I talked about the $54 mil­lion Busi­ness Email Com­pro­mise (BEC, or CEO Fraud) at FACC, an Aus­tri­an sup­pli­er of spare parts to Boe­ing and Air­bus. As bad as it was, it’s got­ten worse: In addi­tion to the CFO, CEO Wal­ter Stephan has been fired after 17 years in that job.


Here’s the rough time­line lead­ing up to this point:

  1. FACC dis­closed the Busi­ness Email Com­pro­mise (BEC) in Jan­u­ary 2016
  2. US$56 mil­lion stolen; about US$11 mil­lion recov­ered
  3. CFO fired in Feb­ru­ary 2016
  4. Net loss of about US$22 mil­lion announced for 2015, a direct result of the BEC
  5. An imme­di­ate 17 per­cent drop in its share price fol­low­ing the net loss announce­ment
  6. May 2016, CEO fired, after 17 years with FACC

One way to put this all into per­spec­tive, is to know that BEC loss­es glob­al­ly from Octo­ber 2013 through Feb­ru­ary 2016 are $2.3 bil­lion and climb­ing!

Anoth­er way to put this into per­spec­tive is to real­ize that rel­a­tive­ly lit­tle in the way of tech­nol­o­gy was com­pro­mised to steal all that mon­ey. And, while there are some tech­no­log­i­cal things we can do to reduce risk, the best defense is had by hav­ing trained finance peo­ple fol­low­ing strong process­es work­ing in a cul­ture where it’s OK to respect­ful­ly ques­tion unusu­al emails.

In my view, cyber­se­cu­ri­ty is no longer a tech­nol­o­gy prob­lem. It’s a man­age­ment prob­lem. And exec­u­tives need to lead the way by com­mit­ting their orga­ni­za­tions to cyber resilience.

Do you know a bet­ter way?

Please note: I reserve the right to delete comments that are offensive or off-topic.