For CFOs and treasury professionals, sleepless nights are nothing new, especially when it comes to cyber risk management. Sophisticated new threats emerge constantly, each with the potential to disrupt company payments, communications, or operations. Ransomware, denial of service attacks, and business email compromise are just a few of the popular tactics in use today.
Establishing a mature cyber security program helps provide robust protection from these and other issues so finance can fulfill its mission. While the information or cyber security teams typically spearhead such an initiative, treasury management can play a critical role.
The strongest cyber security programs align with overall business strategy, creating a unified approach for assessing risk across the business. For treasury, it starts with open dialog to understanding how finance systems, processes, and payments fit into your company’s overall cyber defenses.
Strive for top-down support and cross-functional participation
As you dive into cybersecurity, you may hear the phrase “cyber everywhere,” which refers to the ubiquitous nature of cyber threats in today’s complex and digitally connected world. An effective and mature cyber program should encompass a layered security environment of people, processes, and technology. This approach will aggressively and continually mitigate risk and enable you to build capabilities for future protection.
Mature cyber security programs focus on security, vigilance, and resilience:
- Security — Implementing policies, procedures, and cyber strategies to prevent and detect threats.
- Vigilance — Rapidly detecting threats and attacks.
- Resilience — Responding and recovering from attacks to restore business operations.
Visible, top-down support is another hallmark. Active involvement by senior leaders emphasizes the importance of cyber security to employees at levels and across all lines of business.
Evolve your cyber maturity in these three areas
Developing a mature cyber security program means taking a systematic and proactive approach to counteract potential threats. Here are three areas where treasury management can support your company’s efforts and help move your program forward.
- Identify and detect threats
When you know the issues most likely to impact your business, it becomes easier to deploy the right protections. A mature cyber security program continually assesses risk factors, then develops processes to monitor and detect potential issues. With today’s interconnected landscape, your lens needs to look beyond internal systems, processes, and people; risk assessments and protections also need to flow through your vendors and supply chain.
Treasury can support your company efforts by sharing knowledge from your bank and payment providers and making sure finance staff understand their role in maintaining a secure environment. - Assess organizational readiness
Once you’ve identified potential risks, your company can start to transform systems and processes to better defend your organization. Cross-functional planning sessions and tabletop exercises are two ways to assess your readiness, find gaps, and document resources. Treasury management should be a key participant when exploring any payment-related scenarios. - Respond and recover quickly
The final step toward cyber maturity establishes business continuity plans that indicate how you’ll manage daily operations if a cyber issue does occur. These may include setting up parallel system or processes, identifying critical communications, or testing alternative options with banks, vendors, and other providers. Advance preparation will help you respond and recover quickly.
Continually monitor and improve
Just as cyber threats continually evolve, so should your company’s cyber security program. Achieving “maturity” is a continual journey without a clear finish line. However, the more your organization works together to assess and improve, the more resilience your company develops to keep pace with current and future risk factors.