Good morning. Cybersecurity is a pressing issue for CFOs, and recent high-profile breaches underscore the need for heightened vigilance among finance leaders.
Aflac, a Fortune 500 company and one of the largest insurance providers in the U.S, announced on Friday that it identified unauthorized access to its U.S. network on June 12. The potentially impacted files contain claims, health information, Social Security numbers, and other personal data. Aflac said it activated its cyber-incident response protocols and stopped the intrusion within hours.
The company is still in the early stages of reviewing the incident and has yet to determine the total number of affected individuals. However, Aflac’s business remains operational, and its systems were not impacted by ransomware. According to an SEC filing, the company will notify regulators and affected customers and offer free credit monitoring and identity theft protection services. I contacted Aflac but a representative referred me to Friday’s announcement.
Alongside Aflac, two other insurance companies—Erie Insurance and Philadelphia Insurance—recently experienced cyberattacks.
Aflac attributed the incident to a sophisticated cybercrime group involved in a broader campaign targeting the insurance industry. Google’s Threat Intelligence Group identifies Scattered Spider as a financially motivated threat actor known for its persistent use of social engineering and brazen communications with victims.
John Hultquist, VP of intelligence analysis at cybersecurity firm Mandiant (a Google Cloud company), posted on June 16 on X: “Actors that bear the hallmarks of Scattered Spider are now targeting the insurance industry. They have a habit of working their way through a sector. Insurance companies should be on the lookout for social engineering schemes targeting their call centers.”
The rising cost of data breaches
For the U.S. specifically, the average cost of a data breach was $9.36 million in 2024, which remains the highest average among the 16 countries and regions studied, according to IBM research. The rising costs of cybersecurity programs require CFOs to integrate cyber risk management with financial oversight, according to a recent analysis from EY.
Cyber risks can manifest in many ways, and CFOs are uniquely positioned to quantify these risks and estimate the cost of incidents. By collaborating closely with chief information security officers, CFOs can better understand risk probability and exposure, set spending and ROI metrics, and communicate recommendations for prioritizing cybersecurity investments, EY finds.
Geopolitical complexity
Federal officials caution that pro-Iranian hacktivists or state-sponsored groups could target vulnerable U.S. networks. “The ongoing Iran conflict is causing a heightened threat environment in the United States,” according to a bulletin published on Sunday.
In a Saturday post on X, Hultquist shared his perspective on Iran’s cyber activities: “Iran leverages its cyberattack capability for psychological purposes. There is a real, practical risk to enterprises, but it’s important that we don’t overhype the threat here.”
He expressed particular concern about cyber espionage targeting U.S. leaders and surveillance facilitated by compromises in travel, hospitality, telecommunications, and other sectors where data could be used to identify and physically track people of interest.
When it comes to cybersecurity, the stakes are high and vigilance is now a core part of the CFO’s job description.
Sheryl Estrada
sheryl.estrada@fortune.com
Leaderboard
Craig Albright was appointed EVP and CFO of Wiley (NYSE: WLY), one of the world’s largest publishers, effective June 26. Chris Caridi, who has led Wiley’s finance organization as interim CFO, will continue with the role of SVP, chief accounting officer and finance transformation leader. Albright joins Wiley with over 30 years of global leadership experience. He recently served as CFO, Americas and Global Cash Center Lead at Xerox. Before that, he served as CFO of Commercial Excellence at Xerox.
Joe Falcão was appointed CFO of Bose Professional, an independent developer of audio systems for business and institutional settings. Falcão brings more than 20 years of international financial leadership to the role. Previously Falcão has provided financial leadership for global brands including Dunkin and Cabot Corporation and managed teams at Invensys, iBasis, Thrasio and Orva, among others. He has a track record of driving operational excellence across offices in Brazil, Belgium and Malaysia and leading organizations based in the U.K., India, China, the Netherlands and Japan.
Big Deal
Teneo’s Vision 2025 CFO and Investor Outlook Survey of 332 global CFOs and institutional investors (representing $16.7 trillion in assets) reveals a notable optimism gap. About 78% of investors expect global economic conditions to improve in the second half of the year, compared to just 43% of CFOs. U.S. CFOs are more optimistic than their global peers, with 53% forecasting improvement versus 29% internationally.
The report finds that 86% of CFOs are actively reshaping global supply chains and reconsidering corporate spending and capital expenditures, reflecting ongoing uncertainty. While M&A activity is expected to return slowly, there are no major concerns about debt availability or private equity’s readiness to do deals, according to Teneo, a global CEO advisory firm.
Artificial intelligence is emerging as the top driver for M&A and is also prompting CFOs to rethink capital spending strategies. Overall, the U.S. remains the most attractive investment destination, and both CEOs and investors anticipate a resurgence in M&A in 2025, fueled by improved access to capital and policy changes.
“While there are challenges in this unpredictable environment, there are also major opportunities for market participants who can stay one step ahead,” Paul Keary, CEO and cofounder of Teneo, said in a statement.
Going deeper
“Ceasefire between Israel and Iran already being tested as markets bet it will stave off ‘stagflationary shock’” is a Fortune report by Nino Paoli.
From the report: “President Donald Trump announced a ceasefire between Iran and Israel—easing oil market fears that Iran would close the Strait of Hormuz, a critical waterway to global oil trade. Analysts say even a slight disruption on the strait could shock a U.S. economy already preparing for a rise in inflation and force the Fed to hold interest rates throughout the end of the year. Later, Israel claimed that Iran had violated the ceasefire—and promised retaliation.”
Overheard
“We don’t want AI or chatbots or whatever to replace human connection or do the human connecting for us, but it can facilitate getting us out on a date, and then it can help point us in the right direction, and even help maybe coach us along the way.”
—Justin McLeod, cofounder and CEO of the dating app Hinge, told Fortune at Viva Technology in Paris.
