A cybersecurity incident has the potential to thwart the careful planning that goes into each school district’s ongoing fiscal planning. While it may be a somewhat new aspect for many Chief Financial Officers (CFOs), cybersecurity is rapidly becoming an area in which finance leaders are wise to embrace and lead. While that may seem perplexing and possibly daunting, it is a new reality that requires nimble and strategic leadership from CFOs along with other members of the executive team. A recent report from IBM lists the average cost of a data breach at $4.24 million. At a minimum, this type of potential financial liability should be on the radar of any CFO, regardless of their industry. However, education CFOs have additional reasons to take careful note of these breaches and related impacts on kids.
For K-12 schools and districts, the pandemic created a surge in the digitization of educational and operational processes. While there are tremendous benefits from these shifts, the dark web is also seizing opportunities to take advantage of school districts and student data. Student data is bought and sold on the dark web as children’s data provides insight to bad actors into their parent’s data. Additionally, today’s students will eventually be building their own credit profiles, which will be of significant future value for thieves and very costly in the long term for students and families.
Along with the potential for millions of dollars in costs, public breaches also lead to additional scrutiny by fiscal rating agencies, community stakeholders, auditors, and cyber insurance providers who are largely already looking to reduce exposure or abandon the offering altogether. These fiscal security factors and costs land on the desk of the CFO. While the CIO and other cabinet members are critical roles, the staggering short- and long-term fiscal decisions will rest upon the shoulders of the CFO and finance teams, especially given the latest trends of increased funding along with an increased number of school breaches.
It may seem intuitive that the rise in cybersecurity incidents coupled with unprecedented education funding via stimulus dollars would cause a significant increase in school district cybersecurity funding. Yet, a recent survey of school leaders by Project Tomorrow revealed that despite increased need and funding, only 24% of school district IT leaders reported an increase to their cybersecurity funding. The exact reasoning behind this counterintuitive trend is speculative, but perhaps leaders are not sure where to get started.
Fortunately, there are a vast number of solutions and resources on the market that can help secure the schools and districts. However, the answer is not simply to buy every security solution on the market. This approach would be simultaneously cost prohibitive and ineffective. The true opportunity is to create a partnership with the CIO/CTO and other executive leaders that allows for a thoughtful and evolving approach to cybersecurity planning and implementation. The CFO and CIO partnership helps ensure proper funding, contracting and ongoing financial support along with keeping the CFO updated on the shifting cybersecurity landscape, especially as they will be increasingly questioned about the quality of the cybersecurity technologies being implemented. Savvy stakeholders such as auditors, potential insurance providers, and credit rating agencies may inquire if the solutions are cloud-based and third-party validated for protection against malware, malicious URLs and data loss. CFOs and CIOs may be pressed on whether or not their chosen solutions have proven effective in other industries such as banking, finance and healthcare and if their solutions are based on modern data architecture protection principles.
Again, while this may seem a bit daunting, there are resources and opportunities to address cybersecurity readiness and planning. A CFO has the ability to help the CIO/CTO work across the organization and provide nimble financial forecasting that allows for the right mix of technical solutions, proactive testing and assessment, professional development and communication with executive leaders, board members, staff, students, parents and the rest of the community.
With lawmakers taking greater note of these K-12 cybersecurity incidents and the President of the United States signing the K-12 Cybersecurity Act of 2021, the time is now for school CFOs to insert themselves into this critical planning process. As CFOs who track and understand all fiscal aspects for schools, this is not a topic that should be avoided or ignored without significant financial consequences.
Greg Ottinger is iboss’ Senior Education Adviser & Former Chief Business Officer, San Diego Unified School District.
