Securing company financial and information assets is a responsibility for every business function, but this responsibility is particularly acute in treasury given the size of transactions and sensitivity of data. Furthermore, the financial – as well as reputational – implications of fraud are very real.
According to PwC’s The Global State of Information Security® Survey 2017, 79 percent of respondents suffered direct financial losses as a result of a breach, of which 20 percent were between $250,000 - $1m and 16 percent of more than €1 million.
While cybersecurity threats often have the highest profile, internally and externally-initiated fraud often rely on weakness of individuals and processes, rather than hacking into systems. According to PwC’s The Global State of Information Security® Survey 2017, the main reasons for fraud were inadvertent human error, lack of staff awareness of security risks, failure to follow processes and external attacks specifically targeting an organisation.
Treasurers need to engage closely with the company’s information security teams, familiarise themselves with company-wide security strategies and ensure that training, processes and systems used in treasury are consistent with these strategies and reflects the specific risks in treasury. In many cases, the threat is not an IT problem, but a human one, with social engineering or phishing (55%), (49%) and human error (45%) the most common types of breach according to the survey above, so training and awareness of changing security threats is essential.
As fraudsters become increasingly sophisticated in their approach to infiltrating systems and organisations, through hacking, social engineering and exploiting weaknesses in processes and controls, corporations, technology vendors, banks, consultancies, governments and regulators need to work together to share experiences and best practices on the controls, processes and systems that will allow them to stay ahead of fraudsters and keep their organisations safe. It is also vital to have clear action plans in case of suspected or detected breach in order to minimise the impact. This is often difficult in practice given that individuals are often reluctant to expose mistakes, which requires a shift in mind-set and culture to overcome this and act quickly.
Three tips: cybersecurity and fraud
- Individual employees are an organisation’s weakest link, so mandatory regular training on changing threats and instilling a security culture is essential.
- Develop and communicate an incident plan and test it regularly with simulations. This is valuable in highlighting weaknesses in processes and controls and helping employees what to look out for and how to react.
- Work closely with internal information security teams and external experts to ensure that company directives and industry best practices are implemented in treasury.
Want to find out more? Do not hesitate to download the full Journeys to Treasury report.