Interview: Clearing Up Cybercrime Legislation

Legislation that precisely defines what cybercrime and data loss are will allow for better enforcement, says José Iván Jaramillo Vallejo, CFO of Red de Energía del Perú.

A clear lack of legislation regarding cyberattacks is a concern for companies around the world. But rather than wait for legislation to be implemented, CFOs must be a step ahead in terms of budgeting and using the right technology to tackle cybercrime.

On top of that, they are also looking for the best technologies to improve company processes and leverage the increasing availability of data to improve their company’s forecasts and create value.

In this interview, José Iván Jaramillo Vallejo, chief financial officer at Red de Energía del Perú (ISA REP), talks about his experience with cybersecurity, cybercrime legislation, the value brought by automation, and the crucial importance of adapting to market needs at an increasingly fast pace.

Q: How do you prevent cyberattacks?

A: We are mostly focused on concessions, mainly in energy transportation, but we are also in highways and telecommunications.

In terms of information technology, our holding in Medellín, Colombia, has very clear corporate governance where decisions are made as a group, rather than at a local level.

For cybersecurity, we have developed a strategy focused on three fundamental pillars: protecting our critical infrastructure, data, and people, our first line of defense in the event of a cyberattack. This includes training to raise awareness of many aspects of cyberattacks, such as phishing, identity theft, and social engineering.

We also have a team of experts who test our corporate network through hacking, allowing us to increase our security levels and close any possible gaps. We also have an insurance policy for cyber-risks at a regional level.

We must focus on the user, however, because a user who is unaware of one or more of these aspects of cybercrime can become the victim of a phishing attack or click on a link or download an attachment, and that can put the whole operation at risk and would create serious problems.

Q: How do you see cybercrime legislation in the region and the world?

A: At a global level, I think there is still a lack of clarity as to how cybercrime can be legislated. It is difficult to demonstrate exactly what is lost and pinpoint when it was lost. Legislation should be modified to be able to precisely define what data loss is. I think we are still far from that.

But I think there are many powerful changes to come. Today, having data means having power, and I think we will be increasingly managed by algorithms, so whoever has the strongest algorithms will have the power. But we are still far from knowing how to punish those who wrongly use algorithms.

Q: How are you innovating within the company and for your clients and partners?

A: I think the financial department should be the most careful when it comes to innovation. Having said that, we have been using RPAs (Robotic Process Automation) that have allowed us to speed up monotonous tasks in the treasury and accounting areas.

We are also trying to create models that use smart algorithms for predictions. For example, in our business, the stability of figures is greater than in other businesses because we have concessions for 30 years. So, what we try to do is use those algorithms, which generate massive amounts of data through artificial intelligence, to help us reach our budgets.

Lastly, we are working on how to allocate risk capital to all of these innovation initiatives. Startups aren’t valued in the same way other investments are valued. Startups are valued by their capacity to grow and can take many years to reach profitability. There are many unicorns (companies valued at more than $1 billion) that still haven’t reached profitability. So, when you put everything into one bag, as a financial officer you have to adjust your short-term vision to be able to see to these growth needs with ideas that the company might not be able to create by itself.

Q: Which technologies do you think are the most valuable for a corporate financial department?

A: Automation through RPAs. We are always looking to improve processes in our operation. RPAs boost the financial team. Let’s not forget that one of the problems a financial officer has always had is how to understand the information of the business, and the business is usually understood through its operations. That’s where RPAs come in, to unify the day-to-day information and build financial reports.

The financial officer’s task is to choose which RPAs to use to optimize processes. If you don’t, you will take far longer in gathering data, and I think the ability to gather data quickly is what will help you achieve your short-term goals.

Q: What do you think are the main changes in the role of CFOs and how do you see it evolving?

A: I think one of the big changes is that CFOs just by themselves aren’t what’s valuable to a company. I think it’s important for CFOs to build teams with all areas of the company. This means not just being responsible for financial statements or forecasting. You have to understand the operational aspect. The financial officer has to build teams with people from all areas that will identify where the business drivers are to improve the value of the company.

Lastly, I think in the current market you have to make quicker decisions. You used to be able to go to a roadshow seeking finance in the international market, and you could be at that roadshow for a couple of weeks with no issues. Now, if you take more than four days you are in trouble because the market will have changed, and if you’re not aware of that, the market will leave you behind.

This interview was conducted by Latin Trade for Council of the Americas.