Utilize reputable threat reports and case studies from businesses within the same industry. This allows your CFO to not only see the potential risk of what could happen by not implementing a security solution but also provides them with a framework of knowledge about cybersecurity as a whole.