Corporate treasury is a top target for cyber-criminals, according to a new report released by The Economist Intelligence Unit (EIU).
Treasury’s trove of personal and corporate data, its authority to make payments and move large amounts of cash quickly, and its often complicated structure make it an appealing choice for discerning fraudsters.
Cyber-criminals can use inside information to execute high-value thefts. They know that treasurers are neither fully responsible for ensuring that their departments cannot be compromised nor completely in control of the systems, people and processes. It is a gateway into other core corporate management information systems.
"Third-Party Risks: The Cyber Dimension," sponsored Deutsche Bank, is based on a survey of senior corporate treasurers across 19 different sectors.
The study shows that corporate treasurers are generally well aware of cyber risk but remain vulnerable to hacking via third-party relationships.
Fifty-nine percent of companies use internal and external penetration testing but 33% only use internal penetration testing. Only 38% of companies require all of their third parties and suppliers to perform penetration testing.
For 18% of companies surveyed, only a minority of clients and suppliers follow the same or similar regulatory and compliance rules as they do. Nineteen percent of companies do not check whether their suppliers use the same methods for identity authentication as they do.
Going forward, companies must invest in regular and relevant education, but companies must also be mindful of the threat posed by malicious insiders. The most important measure that treasurers can take is to maintain a healthy collaboration with their IT and cyber-security teams.
“The variation by sector in terms of their awareness, preparedness and defence against cyber-crime through third parties leaves all sectors vulnerable,” says Renée Friedman, editor of the report.
“Corporate treasurers need work closely with IT to ensure that their specific requirements are met, particularly in light of ongoing technological and regulatory developments that mean even more information will be available to third-parties.”