CXO Partners recently held a 1-hour live webinar on Cybersecurity Trends in Energy.

Experts Dennis Gilbert, Jr., (Fmr. CISO of Duke Energy, Exelon); Betsy Soehren Jones (Critical Infrastructure Security Consortium); Alex Santos (CEO, Fortess Information Security); and Steve Swick (CXO Partners; fmr. Chief Security Officer) joined moderator John Allen of CXO Partners to discuss issues keeping CISOs up at night, including:

• The Impact of the CrowdStrike Outage
• How we can do Cyber Resiliency Better
• Legacy architecture concerns
• Security and the C-Suite
  
  Here are 8 clips from the topics covered.

AP Networks established aggressive revenue growth and new market entry objectives for their products and solutions.

Challenges

• Achieve new organic growth for multiple products and services
• Structure and scale the organization for rapid software revenue growth
• Optimize sales and business development efforts, targeting new customers and markets.

Why PE Company CFOs Don’t Last

Nearly 80% Wash Out …and the Job Just Got Harder

One of the most difficult jobs in Finance is to be the CFO of a PE firm or a PE-backed company.  According to a Big 4 firm’s survey, turnover of CFOs in PE and PE-backed companies is notoriously high, reaching 80% in less than five years; half of whom are gone within three years. The reasons range from tough, refined overseers to general breakdowns in fundamentals, such as timely reporting, to CFOs who don’t move with actionable, strategic insights, and operational Impact. 

That’s the bad news. The worse news is the job just got harder due to shifts in PE activity.

Short Timelines, Big Expectations

By design, things move quickly in private equity. About a third of CFOs expect an exit for their company within 1-2 years, and a plurality for all concerned — investors and operators — is to complete a successful exit before 5 years. 

Chief among the CFO’s goals is to drive up the valuation of a company at the exit. Industry valuations can fluctuate but expectations are generally for an EBITDA multiple above 10 with higher multiples for software and technology. Much of that burden falls on the leadership and implemented programs of the CFO. 

Day to day, CFOs are expected to deliver the table stakes of good corporate stewardship via accurate numbers, timely financial reporting, solid internal controls, and compliance. On-point budgeting, smooth audit preparation, cash flow forecasting, and working capital management are all presumed to be standard. 

The audience to whom this information is provided is a coterie of sophisticated general partners, limited partners, management committees, and portfolio companies who are all finance data-centric. It is difficult to present one version of the truth to audiences of varying agendas. Add to that the pace and pressure of the PE environment, which is the stuff of legend. Expectations are to deliver 110%. When that standard is met, work is ratcheted up to deliver 120%.

PE is Hard and Getting Harder

Those pressures are standard in normal business cycles. The increased difficulty comes as the number of private equity deals has slowed. If there are no deals, there are no returns for investors, the raison d’etre of private equity firms.  

As a result, global private equity dry powder has rocketed to a record two and a half trillion dollars. The pile up of capital sitting on the sidelines and the scarcity of deals is creating pressure internally to put money to work. 

A tougher lending climate combined with higher interest rates means leverage is not as easy to come by as it was a few years ago. In addition, global uncertainty about where interest rates are headed, the specter of inflation, wars, supply chain challenges, a wildcard US presidential election, and stubbornly wide distances between where buyers and sellers are on valuations, volatility reigns.

CFOs as Stewards, Strategists, or Prognosticators?

The multitask art of wringing out costs, driving margins, and operating leverage, while juggling working capital in an uncertain business climate, and now, providing an accounting perspective to the analysis of investment opportunities, some of which may be outside the normal parameters of historic investment objectives and criteria, is a new requirement of CFOs.

CFOs suffer from a myriad of competing priorities, some of which can be influenced by the CFOs training and background.  Those who are more accounting infrastructure, process, controls and stewardship-oriented, perhaps due to their legacy as auditors tend to focus on financial and operational reporting. Those with a background a finance, investment banking, or FP&A background, may be more comfortable pursuing new opportunities, dealmaking, and strategy and less enamored with financial reporting, budgets, and compliance needs.

However the CFO is professionally oriented, they may retreat to more familiar tasks, despite good intentions to stretch into new areas.

Future Proofing

The finance chiefs are ultimately being asked to optimize the current business while developing the financial strategy to future proof organizations.  

Ostensibly this would be achieved by closely overseeing existing assets, collecting and tracking KPIs, managing capital allocation initiatives, optimizing working capital, and then informing investors on the health and performance of the company/portfolio companies. 

In addition, PE CFOs will contribute insights to investment models, the overall structure and intrinsic value of potential targets, optimize management and operational effectiveness post-investment all while delivering higher shareholder value with lower volatility.

All these elements, while also convincing PE firms to make the requisite investments in people, processes and systems, make this the toughest job in finance. 

---

AI-powered security systems can ID and respond to threats at speeds that were once unimaginable. But there are risks.

Artificial intelligence is a game-changer in the world of cybersecurity. Its ability to analyze vast datasets, detect anomalies, and predict potential threats has revolutionized the way we protect our digital assets. AI-powered security systems can identify and respond to threats at speeds that were once unimaginable, making them a crucial component in our defense against cyberattacks.

However, with great power comes great responsibility. The deployment of AI in cybersecurity isn’t without its risks.

The challenge for CISOs is to walk the tightrope between mitigating AI risks while embracing innovation.

As a technology executive with over a decade of experience in the highly regulated fintech industry, I’ve witnessed firsthand the critical role that Chief Information Security Officers (CISOs) play in safeguarding sensitive data and ensuring the compliance of Fortune 10 companies.

CISOs can expect 70% of organizations to explore generative AI driven by the use of ChatGPT. Nearly all business leaders say their company is prioritizing at least one initiative related to AI systems in the near term, according to a recent PricewaterhouseCoopers’ report. Quoting Gartner analyst Frances Karamouzis, “Organizations will likely encounter a host of trust, risk, security, privacy, and ethical questions as they start to develop and deploy generative AI.”

The Promise and Perils of AI in Cybersecurity

First, CISOs need to be acutely aware of these risks in deploying AI:

• Complex Attack Vectors: AI can be exploited by cybercriminals to create more sophisticated and targeted attacks. An example of this is the recent data breach at TaskRabbit, where 3.75 million customers had their financial and personal data stolen. Analysts believe that an AI-enabled botnet was used, with the botnet slave machines executing a DDoS attack on TaskRabbit’s servers. This required a multifaceted mitigation approach, including strengthening TaskRabbit’s security infrastructure.
• Biased Data: Biased data from the internet and social media can lead to AI algorithms making prejudiced security decisions, resulting in false positives or negatives in threat detection. Consider the bias introduced by using data from the internet and social media which are limited in terms of coverage of the population. These shortcomings potentially limit the use of data from the internet for developing machine learning models that are applied to the general population and for specific groups.  Organizations must rectify this situation by implementing strategies to address biases in their training data, incorporating more diverse and representative sources, and continually monitoring the system’s performance to ensure fair and accurate threat assessments.
• Inadequate Human Oversight: Overreliance on AI can lead to complacency and neglect in human oversight, allowing threats to slip through the cracks. CISOs should invest in the training and upskilling of security personnel to ensure that humans remain in control and have a deep understanding of how these AI systems operate.
• Adversarial Attacks: Cybercriminals can use AI to launch adversarial attacks against security systems, tricking them into misclassifying malicious activities. CISOs need to work closely with AI experts and ethical hackers to uncover and address weaknesses in their AI-powered cybersecurity solutions.

The CISO’s Balancing Act: Mitigating AI Risks While Embracing Innovation

The integration of AI into cybersecurity requires a delicate balancing act for CISOs. On one hand, they must mitigate the risks posed by AI, and on the other, they should embrace its innovative potential to drive business growth. Here’s how CISOs can navigate this challenging terrain:

1. Assess and Mitigate Risks: The first step is to thoroughly assess the AI-powered cybersecurity solutions in place and identify potential vulnerabilities. CISOs should work closely with AI experts and white hat or ethical hackers to uncover and address weaknesses.
2. Implement Ethical AI Practices: By ensuring that AI models are built on unbiased data and are regularly audited, CISOs can reduce the risk of biased AI making flawed security decisions.
3. Promote Continuous Training: CISOs should invest in the training and upskilling of security personnel to better understand and manage AI-powered security systems. This ensures that humans remain in control and have a deep understanding of how these systems operate.
4. Encourage Collaboration: CISOs should foster collaboration with AI experts and the wider business community. By working together, they can develop robust cybersecurity strategies that take full advantage of AI’s capabilities while minimizing risks.
5. Stay Informed: The rapidly evolving nature of AI and cybersecurity demands constant vigilance. CISOs must stay informed about emerging threats and the latest advances in AI to adapt their strategies accordingly.

A New Era of Cybersecurity

AI is ushering in a new era for cybersecurity, presenting both unprecedented opportunities and intricate risks. CISOs, armed with their in-depth understanding of regulatory requirements and the unique needs of their organizations, are at the forefront of addressing these challenges. By meticulously assessing and mitigating AI risks, championing ethical AI practices, nurturing a culture of collaboration, and staying informed, CISOs can harness AI’s potential while fortifying their organizations against ever-advancing threats. The future of cybersecurity lies in the harmonious synergy of human expertise and artificial intelligence, and it’s the CISO’s responsibility to lead their organizations toward this promising horizon.