Tackling the cybersecurity threat in treasury
by Bija Knowles
October is National Cybersecurity Awareness Month in the US and it's an opportunity to refresh ideas on the importance of online security and awareness in the corporate treasury department.
As Deutsche Bank's Michael Spiegel notes in this article, treasuries are an attractive target for hackers because those that find the weak security spot in corporate systems are then able to “move large amounts of cash fast – as well as tap into rich repositories of valuable and sensitive client data”. Spiegel cites a 2017 Deutsche Bank study in collaboration with the Economist Intelligence Unit (EIU) that found that corporate treasurers are not paying enough attention to cyber risks from third parties and employee mistakes. Not tackling third-party risks leaves companies open to cyber breaches through the back door, from a supplier or subcontractor with less rigorous identity authentication or data security requirements.
Supplier risk
The 2017 EIU white paper also found that
- 19 per cent of companies do not check whether their suppliers use the same methods for authenticating identities as they do, leaving an open door for fraud;
- 18 per cent of treasurers say that only a minority of their clients and suppliers follow the same, or similar, regulatory and compliance rules to them;
- 14 per cent of firms do not insist that the information-security requirements they apply to their third parties must also be extended to subcontractors;
- 92 per cent of companies perform internal penetration testing, but a third do not currently conduct it externally, leaving a concerning gap ripe for exploitation; and
- only 38 per cent of companies require all of their third parties and suppliers to perform penetration testing.
How treasurers can tackle cyber risk
The risk of a data breach is high but there is a lot of information out there on how corporate treasuries can ensure they have as much protection as possible. Here are some points of reference, with suggestions on how financial professionals should tackle the cyber threat within their organisation:
- Protiviti is hosting seven one-hour webinars designed to increase understanding of today’s top cybersecurity threats and explain how organisations can prepare for attacks and protect their vital information assets.
- Here are 12 suggestions from Nordea on how to improve your treasury's cybersecurity.
- And PwC also outlines five critical steps to help move your treasury and finance organisation towards a more effective cyber security risk management.
Like this item? Get our Weekly Update newsletter. Subscribe today