The real gap between cybersecurity and finance
The real gap between cybersecurity and finance
https://www.cfodive.com/news/the-real-gap-between-cybersecurity-and-finance/819225/
Publish Date: 2026-05-05 10:07:00
Source Domain: www.cfodive.com
Brian Blakley, is the chief information security officer at Bellini Capital, a Tampa, Florida-based venture capital and private equity firm. Views are the author’s own.
As a chief information security officer inside an investment firm, I sit closer to the financial side of conversations than most people in my role.
The CFO’s seat is firmly established at the senior management table. With CISOs, that’s not a given. They’re often pulled in late — after decisions are made or once something has already gone sideways. Even when both leaders are in the room, they’re not always solving the same problem.
The interaction is typically situational and transactional — more reactive than intentional. It surfaces in moments of friction, not as a steady partnership. Both are managing enterprise risk, but not in the same language. That disconnect isn’t just operational. It’s a balance sheet problem.
When alignment does happen, it’s usually under pressure. Something goes wrong — a ransomware attack, a failed audit, a board-level escalation.
Suddenly, the conversation shifts from technical detail to business reality: what the revenue impact is, how long systems will be down and what the cost will ultimately be.
Decisions made in the middle of a crisis are rarely optimal. They’re reactive, expensive and constrained by whatever options remain. Yet that is still when most organizations finally try to connect finance and cybersecurity.
The core problem
CFOs and CISOs are highly capable. That’s not the issue. The disconnect is simpler and more persistent than most want to admit: they are managing the same enterprise risk through entirely different lenses.
CISOs think in terms of threats, vulnerabilities and controls. CFOs think in terms of capital allocation, financial performance and enterprise value. Both are managing the same risk, but in different languages.
It is common for a CISO to present…
