Cybersecurity is clearly a company-wide concern, but few areas are more critical and vulnerable to attack than finance.
Michael Annessa, CFO of GuidePoint Security in Reston, Virginia, addresses that concern for both his organization and his clients. He spoke to CFO Leadership about how the scope and landscape of cybersecurity is becoming more complex, especially for small and medium-sized businesses, why finance executives should pay particular attention to this issue, and how to prepare the workforce for today's challenges.
How has the demand for cybersecurity consulting changed across the midmarket and small business segments?
Mid-market companies are seeing the steepest year-over-year demand growth compared to Fortune 500 companies, largely due to talent gaps in in-house expertise and budgets, as well as the increased speed and complexity associated with technology change. They are turning to cybersecurity experts to help with incident response preparation, managed detection support, ransomware resiliency, and streamlining multiple tools after years of “disorganizing the tech stack.” The sector is increasingly moving towards a hybrid model, one in which lightweight in-house teams are supplemented by external experts.
SMBs have the greatest needs and the least resources. According to the U.S. Small Business Administration, 41% of small businesses fell victim to a cyberattack in 2023. Demand is growing rapidly, but small and medium-sized businesses are choosing fully managed security services instead of large consulting contracts. They want simplicity, predictable costs, and meeting the security requirements of their customers and partners. Many companies don't have an in-house security team at all, so consulting often fills all roles.
A few years ago, demand was driven by compliance. Currently, it is driven by risk, revenue protection and business continuity. AI-related threats and cloud complexity have widened the expertise gap and pushed all segments toward more continuous advisory support, from implementation to ongoing services, rather than just one-off projects.
Is the growth of cybersecurity consulting accelerating in specific sectors such as healthcare, finance, or government?
Security and risk management will continue to be at the heart of digital business initiatives, reinforcing the need to treat data and IT systems as critical infrastructure. At the same time, enterprise scaling, multi-cloud adoption, agile development, and a growing vendor ecosystem are increasing the complexity of enterprise technology environments, making a robust integrated security framework even more important.
Healthcare providers, hospital systems, and medical manufacturers are facing an unprecedented surge in cyber risks. Healthcare organizations are also making significant investments in risk management, cloud security, and incident response to protect patient data and meet stringent requirements under HIPAA and other regulations. With stricter compliance standards and increased threat activity, the industry is turning to partners who can secure complex environments and respond quickly in the event of an attack.
The financial services industry operates at the heart of the world's most targeted asset, money, so it has always been at the forefront of investments and has a strong focus on cybersecurity. Banks, financial institutions, and payment platforms manage large amounts of sensitive customer data and real-time transactions, making them prime targets for highly organized and increasingly sophisticated attackers.
As a result, financial institutions have long been early adopters of advanced security technologies, rigorous risk frameworks, rapid incident response capabilities, and a focus on best-of-breed solution suites across tools and capabilities. Their business model allows for nothing less than constant vigilance and continuous innovation in cybersecurity.
What efficiency improvements has your company implemented to maintain growth while increasing profits?
As CFOs, we continually explore new technology and automation to modernize our finance functions, replacing time-consuming manual tasks with AI-driven tools that free up our teams to focus on higher-value, strategic work. We leverage AI to enhance (rather than replace) core capabilities such as forecasting, risk modeling, and real-time analytics to provide deeper visibility and enable faster, more confident decision-making.
We are also transforming outdated workflows by eliminating redundancy, expanding automation opportunities, and improving information sharing between departments. The result is a leaner, more agile finance organization that can operate at the speed that today's business environment demands.
How do you attract and retain financial and technical talent in such a competitive market?
Finance departments must evolve to keep up with today's rapidly changing business environment. This starts with creating clearer career paths and equipping teams with the skills needed for more modern, technology-driven functions. At GuidePoint Security, we prioritize continuous learning in areas such as data analytics and automation, supported by mentorship and rotation programs that provide employees with broader knowledge across the organization.
Several of our employees recently completed an executive education program at Columbia Business School to deepen their understanding of AI in business and its application in finance and other back-office functions. At the same time, modernize roles through automation, reduce low-value manual tasks, and free up your team to focus on more strategic work.
We are also identifying opportunities to further integrate AI and machine learning into back-office functions to drive efficiency. Together, these efforts are transforming finance from a traditional compliance-focused function to one centered on business partnerships, analytics, and long-term value creation.
