According to an IBM study, the average cost of a data breach in 2024 has climbed to nearly $5 million, marking a 10% increase from the previous year. At the AFP national conference, this stark reality set the stage for an immersive session aimed at equipping finance teams with the skills needed to respond swiftly and effectively to cyber threats.

The panel—featuring Chris Baker (Citi), Chris Bontempo (Johnson Controls), and Dan Potter (Immersive Labs)—highlighted the extensive ripple effects of cyber-attacks. Potter explained how breaches can disrupt not just IT but also key functions like treasury, HR, and supply chains. An interactive simulation challenged participants to navigate real-world scenarios, demonstrating how delayed decisions could lead to unauthorized payments, reputational damage, and heightened risks. The exercise underscored the critical need for detailed planning and clear communication to minimize the impact of such crises.

Bontempo emphasized the financial stakes, noting that mega breaches at larger companies could escalate into losses of hundreds of millions of dollars. Still, there were positive developments: regulatory pressures are driving stronger security measures, AI technologies are helping to cut breach costs, and the average time to detect and contain breaches has dropped slightly to 258 days. While these represent steps in the right direction, Bontempo used a compelling analogy—likening breach timelines to a pregnancy—to stress the urgency of achieving faster resolutions.

Baker and Bontempo concluded with actionable advice: prioritize pre-planning, establish external relationships with regulators and law enforcement, and maintain accessible response playbooks, such as printed copies for use during outages. The session drove home an essential point: cyber-resilience is a shared responsibility, extending far beyond IT teams. It requires proactive, organization-wide readiness to effectively combat the growing threat of cyber-attacks.