more-arw search

Q&A Forum

Under cyber siege

In Treasury Today

"Cyber risk is a growing concern for businesses. But how can a treasurer help to manage this risk? In this article, we examine the nature of threat faced by companies today and the practical steps that can be taken to prevent and minimise the damage of a data breach."


How concerned are you?


Gordon Coyle
Title: CEO
Company: The Coyle Group
(CEO, The Coyle Group) |

Wayne -

Interesting topic; even though the risk of cyber liability and damage is so prevalent, many privately held business owners choose not to purchase cyber coverage in their insurance program. Managing the risk of course involves IT - firewalls, updated software, and the like, but much of it involves employee education to reinforce the dangers of opening emails from unknown senders, clicking links, or opening attachments. Password management is also critical, but when all of that fails, cyber insurance is a broad backstop to protect the business from first and third party losses.

Topic Expert
Bob Scarborough
Title: CEO
Company: Tensoft, Inc.
(CEO, Tensoft, Inc.) |

There are a number of risks specific to the treasury function that could be addressed.
1) Remote banking - ideally your bank access will be secured by a password token or something else that’s above and beyond standard encrypted access. One time password tokens are fairly standard from banks, along with ability to manage security and/or access for online banking.
2) Safe Pay or Positive Pay functionality should be part of your ERP and banking process. These systems send electronic data to banks on the checks you have officially issued, helping to catch any check fraud more easily.
3) Other electronic processes that are helpful for catching suspect activity include eBanking – or integration of your banking with your ERP system (so unmatched or unexpected activity pops quickly) as well as control of any electronic payment or deposit tools you are leveraging.

Beyond the risks specific to the treasury function, there are risks to the finance function as a whole, along with broader risks to the company. For the finance function, this is an area where cloud based systems – either public or a private cloud options – often help. In truth, most cloud platform providers have far more security team on staff - and far deeper security expertise - than most companies will ever maintain in-house. I recommend looking for an ISO 27001 certification in addition to the SSAE 16 or ISAE 3402 certifications, as well as permission from your provider to do additional security testing.

People have started expressing broader concern about cyber security, from basic internet access to electrical and telcom systems. It’s impossible to prepare for all alternatives, and taking time away from positive growth opportunities for your company shouldn’t be sacrificed. At the same time, reasonable preparation and thoughtful review of your risks and options is important.

Insurance can help with the financial risk, so a review of current insurance needs is also a good idea. However, no amount of insurance can compensate for the business disruption that can occur if your systems security is breached.

Products and Companies

Get Free Membership

By signing up, you will receive emails from Proformative regarding Proformative programs, events, community news and activity. You can withdraw your consent at any time. Contact Us.

Business Exchange

Browse the Business Exchange to find information, resources and peer reviews to help you select the right solution for your business.

Learn more

Contribute to Community

If you’re interested in learning more about contributing to your Proformative community, we have many ways for you to get involved. Please email [email protected] to learn more about becoming a speaker or contributing to the blogs/Q&A Forum.