CFO Paradigm · Example company: Cawan's Shoes
People, Tech & Ops

Cybersecurity

What it means

Protection of systems, data, and customers from attack.

Why it matters

One breach can wipe out a year of profit and permanently damage brand.

How to calculate — with Cawan's Shoes

Cawan's Shoes 2026 cybersecurity program — real numbers: • Budget: $6.4M (1.28% of revenue, industry benchmark 0.9–1.5%). Team: 14 FTEs including a CISO reporting to the CFO. • Layered controls: Okta MFA on 100% of employees, CrowdStrike EDR on 8,900 endpoints, Cloudflare WAF, Zero-Trust network, quarterly access reviews. • Pen tests: 4 per year by NCC Group ($180k/yr contract). 2025 findings: 3 High, 11 Medium, 24 Low — all Highs remediated within 14 days. • Phishing simulation: monthly, click-rate down from 18% (2023) to 4.1% (2025). • Detection & response: MTTD 42 minutes, MTTR 3.8 hours (target <6). 24/7 SOC outsourced to Arctic Wolf, $520k/yr. • Cyber insurance: $50M limit, $2M retention, $780k annual premium (AIG). Requires MFA + EDR + SOC 2 Type II — Cawan's compliant. • Estimated cost of a customer-data breach at Cawan's scale (IBM 2024 avg × industry): $4.9M direct + $12–20M brand/churn impact — hence the $6.4M spend is cheap insurance.

What's at stake if you ignore this

Underinvest and you'll pay 10-100x post-breach in remediation and fines.