A new Expel report finds growing cyber threats are pushing CFOs and CISOs to collaborate more closely, though gaps remain over how to measure and fund security investments.
Escalating cyber threats are intensifying pressure on organizations to make smarter, more strategic cybersecurity investments, according to a new report from security firm Expel.
Cyberattacks are expected to surge this year as criminals continue finding new ways to exploit advances in artificial intelligence. “New AI-driven threat vectors stand to increase the scope, frequency, and cost of data breaches,” global information services firm Experian warned in its 2026 data breach forecast.
As those risks grow more complex — and more expensive — chief financial officers are taking a more hands-on role in cybersecurity planning.
“This extends beyond just approving budgets,” said Jack McCullough, president and founder of the CFO Leadership Council, in a recent blog post. “It involves understanding business continuity implications and ensuring the organization is adequately protected.”
McCullough added that success depends on closer collaboration with CISOs and IT leaders, translating technical risks into business terms for boards and investors, maintaining transparency about vulnerabilities, and responding quickly to emerging threats.
Also Read: Why AI Detection and Response is the New Baseline for Survival
Collaboration Is Strong — But Gaps Remain
The Expel report suggests that security and finance leaders are increasingly aligned. Seventy-four percent of cybersecurity executives and 68 percent of finance leaders said they work together early and often on security issues.
Yet the research also uncovered meaningful disconnects.
Security leaders reported facing obstacles such as limited financial understanding of cybersecurity risks when requesting additional funding. Finance executives, meanwhile, said they want clearer, more concrete data before approving spending increases. Forty percent indicated that quantified risk reduction would make it easier to justify greater cybersecurity investment.
More than four in 10 finance leaders said collaboration would improve if technical risks were translated more effectively into financial terms.
Also Read: Data Privacy Day Isn’t a Celebration. It’s an Indictment.
Speaking the Same Language
Bridging that divide requires both sides to rethink how they communicate, the report concluded.
“This may require security leaders to translate metrics into measurements that resonate with finance leaders,” Expel noted. For example, technical considerations such as “ease of integration” could be reframed as time or cost savings, while “meeting compliance requirements” might be expressed as avoiding potential fines.
The findings highlight a broader shift in corporate governance: cybersecurity is no longer just an IT concern but a core business issue requiring financial rigor and strategic oversight.
Expel’s conclusions are based on a survey of 136 cybersecurity leaders and 164 finance executives.
As AI reshapes the threat landscape, organizations that align security strategy with financial decision-making may be best positioned to navigate the risks ahead.
