In an age when security breaches are more and more common (45% of companies in one recent study reported a data breach within the past two years), Chief Financial Officers play an increasingly important role in data security.

Not only must CFOs  ensure that the financial resources are available to pay for the needed security to protect both customer’s and employee’s personal information, they must also ensure that the sensitive data their own office handles on a daily basis is protected. Just in case your CFO hasn’t quite bought into the idea that data security should be a top priority for them, here’s four reasons why they should do so.

1. Data breaches are expensive

According to an IBM and Ponemon Institute study, the average cost of a data breach in 2015 was $3.79 million.   As the person responsible for maintaining the financial health of a business, that’s a number that should get the attention of any CFO. It’s much better and cheaper to invest in systems and process that prevent a data breach from occurring in the first place than to pay to clean up the mess left behind after a breach.

2. CFOs help create a culture of data security

As a leader in a company, the CFO plays a key role in helping create a culture of security. He or she should work closely with the CIO to ensure that employees understand the importance of what they do and how it affects security. Together, they need to create policies and procedures that protect the data of both you and your customers—and make sure those policies are actually followed and enforced.

3. CFOs help manage risk

As the person primarily responsible for risk management, the CFO needs to keep data security in mind when selecting vendors and approving commercial deals. This is especially true when considering the fact that the dollar value of a deal is not necessarily a good indicator of the amount of risk involved. An example of this would be outsourcing the hosting of employee human resources data. That may not be a significant expense—unless the data is compromised. Making sure that the third party vendors your company uses have good data security is something a CFO needs to take into account.

4. CFOs are a target

As someone who handles some of a company’s most sensitive financial information, CFOs are an ideal target for criminals perpetrating Business Email Compromise (BEC) scams. These scams target companies who regularly perform wire transfers or who work with foreign suppliers. If a scammer masquerading as a vendor is able to hack into the email account of a CFO, he or she can then send emails from that account to other employees in the company, giving them instructions to make wire transfers to the scammer’s account. CFOs need to be aware of these scams so that they don’t inadvertently become the cause of a security breach.

Whether or not your company has a chief security officer, data security is everybody’s responsibility. All the C-suite executives, including the CFO, need to work closely together to make sure your company is doing everything it can both to protect sensitive data and to prepare for a possible breach.