CFO Insights: Bill Losch of Okta on an Uncertain Economic Future and Shifting Risk Priorities
In the current macroeconomic environment, we are seeing many organizations making difficult cuts, reevaluating investments, and ultimately slashing their budgets. Cybersecurity has historically been an area immune from such financial constraints as the lack of security technology could result in a breach costing far more than the platform itself. However, companies are beginning to reach a point in which each and every area of spend is heavily scrutinized.
In order to gain more clarity in these areas, we spoke with a few key Chief Financial Officers in the industry. This blog is the third in a new series of articles in which I’ve interviewed industry-leading CFOs to gather their insights and advice about current macroeconomic conditions. After speaking with Sam Wolff from Domestika and Adam Meister, CFO at Clari, my third discussion was with Bill Losch, Advisor and Former CFO at Okta.
Throughout our conversation, Losch provided his thoughts on the current macroeconomic environment, as well as key considerations for CISOs as they prepare budgets for their CFOs this year.
An Uncertain Economic Future
“The primary challenge for CFOs is the fact that there’s a lot of uncertainty about the length and depth of this economic downturn.”
In beginning my conversation with Bill, I asked him about his perspective on the current economic environment. He believes that at the beginning of this recession, companies were a little too optimistic about the benefits they were seeing from digital transformations. There was an inflated expectation of growth with the move to a digital-first environment both during and after the pandemic. Companies were hiring more people and taking on more ambitious revenue goals because there was an advantage in the market where interest rates were basically zero.
In the past few months, as the economy has drastically shifted and growth expectations fell short, CFOs have put a bigger focus on efficiency and initiatives with assured returns on investment. Bill says that this economic change while challenging may act as a healthy reset for some companies because they can refocus and reprioritize ROI strategies. There will no longer be this “growth at any cost” mindset in the market.
Leaning into New Technology for Better ROI
“CFOs are going to start to focus more on implementing technology in a scalable way that can replace manual processes, allowing for the reallocation of resources providing more valuable output.”
The advent of new technology in the wake of the pandemic and onward also lends itself to several advantages in organizational profitability. Bill says that implementing new technologies allows companies to create more efficient processes overall. This could mean getting more productivity out of less headcount or reallocating talent from previously manual processes to projects yielding higher ROI.
Of course, CFOs have to evaluate tech platforms with increased scrutiny to ensure that they integrate seamlessly and are both cost and time efficient. Bill says that this evaluation is becoming more and more diligent as companies are trimming down their IT programs and refocusing on what adds the most value overall.
Slowed IT Spending, But Cybersecurity Is Still Needed
“There is still a belief among CFOs that they need to have adequate cybersecurity posture and risk mitigation.”
As I mentioned previously, CFOs are having to cut back on their IT spending in the wake of a shifting economic landscape. While these types of budget cuts can be concerning, cybersecurity spending is typically (somewhat) safe from the proverbial axe. Bill says internally there is still a slice of the pie devoted to cybersecurity because the cost of any type of increased risk—whether it be to the brand reputation, customers, finance, etc.—still far outweighs the cost of the security technology itself. In addition, there are new forms of cyberattacks and vulnerabilities surfacing every day and without the right technology, companies can easily find themselves on the wrong side of a data breach.
All of that being said, Bill urges CISOs and security staff members to make a strong and tangible case for the technology they think is best for the organization.
Advice for CISOs
“I think they've got to accept the fact that they're going to have to become, and let the organization become, a bit more risk tolerant.”
When asked what advice he could share from CFO to CISO, Bill offered a few key notes. He says that the CISO should have some level of risk tolerance in conversations with their CFO. For better or worse, CISOs have to accept the fact that CFOs and the finance team are more risk-tolerant in this environment and are willing to compromise in some areas more than others.
It’s important for the CISO to reassess the technology they are currently using and find a balance between the risk and the reality of their spending. Unfortunately, CFOs won’t be able to hand over the same budget they did a year ago which means CISOs and security leaders are going to have to be thoughtful in prioritizing what areas are most impactful to the organization and how to position them as such.
Why CISOs Are Choosing Abnormal
We know CISOs have several options when it comes to selecting the right cybersecurity technology for your organization. While we could sit here and list the reasons to choose Abnormal all day, we thought it would be better to show you that our solution does what we say it does.
In order to help security leaders build the most effective business case for email security investments in 2023, we commissioned a third-party company to validate our technology. In the Enterprise Strategy Group Technical Validation of Abnormal, you can see exactly how our solution is protecting organizations from the most advanced attacks, saving SOC hours, and providing high ROIs across the board.
If you’re looking for a way to sway your CFO toward the Abnormal platform, show them the return on investment you could experience with our new ROI Calculator!
Interested in learning more about how Abnormal can protect your organization?
See the Abnormal Solution to the Email Security Problem
Protect your organization from the full spectrum of email attacks with Abnormal.