This is despite the fact that over the years organisations have learned to guard against traditional hacker groups that compromise poorly-secured assets to draw attention to their causes, as well as commercial cybercrime syndicates that actively deploy hacking as a business model. Coping with these established known threats has been a challenging journey for many.
Today, cybersecurity threats have become even more multifarious and sophisticated. Above and beyond traditional attacks, organisations now have to deal with insider threats where disgruntled employees expose sensitive intellectual property or information, with the aim of causing embarrassment to the organisation. Traditional threat actors have evolved to become well-funded, patient and highly-skilled entities, which engage in elaborate long-term campaigns to siphon money – or gain illicit competitive advantages – through the theft of intellectual property.
Whether globally or locally, the public, company shareholders and customers have been baffled at the extent of security breaches that have resulted in shaken confidence, blemished reputations and in some cases, revenue losses. It has been estimated that malicious cyberactivities cost global economies upwards of US$300bn per year, based on 2013 statistics from the Center for Strategic and International Studies (CSIS).
Assessing the Threat
Given the potential impact of cybercrime on the organisation, it would be remiss for finance professionals and treasury executives to disregard the risks that cybercrime poses to the company’s bottom line.
Increasingly, traditional bastions of the corporate treasury function – namely the financial risk management, corporate governance and stakeholder relationship committees – are seeking to understand, calculate and communicate the organisation’s resilience to cyberattacks and the protection of its information assets and customer data. Many organisations, however, face difficulties in rationalising the scope and extent of the cyberattack threat and, in many cases, lack a unified approach in mitigating it.
Organisations need to utilise a proactive threat conversion model in conjunction with a due diligence approach, to expose the most serious potential cyber breach scenarios and risks associated with a particular line of business.
This ‘outside-in’ approach can then be combined with relevant technology, people or process controls to understand the extent to which the line of business is protected against (or exposed to) the cyberbreach scenarios identified. This can also be used with a plan to proactively monitor the cyberthreat actors identified and cyberthreat activities against the company’s key assets.
Considering cyber risk as an equal contributor to the organisation’s key risk indicators, together with business, financial and market risk led by the treasury function, will enable company stakeholders to better understand potential cybereconomic risks, make better business decisions to counter potential threats, and drive and protect shareholder value.
It is expected that cyber risks will only become more complex. New threats are continually emerging; being proactive in defence and fully prepared to recover in the event of a breach is fundamental to business continuity and sustainability. It is only with deep understanding of how cyber risk affects the business and vice-versa that the impact and power of cybercrimes can be diminished in today’s environment, where cyber fortresses no longer exist.
There has been an uptick of treasurers inquiring about interest rate risk management in recent months as interest rates in the US and UK have started to show a rise in momentum, said Chatham Financial at the annual Bellin treasury conference.
The global economy has seen about eight years of growth, but we are starting to see the end of this which is triggering some volatility in global markets, Stefan Bielmeier, DZ Bank, argued in his keynote speech at the Bellin annual 1TC conference. Other speakers discussed blockchain, cyber crime and netting.
A series of governments are now very worried about the idea of bitcoin and these currencies because customers would be able to make sustainable ongoing transactions and payments without having to ever introduce the use of a typical financial model or banking system. To combat this potential threat, several countries including major central banks like the Bank of England and the Bank of Israel will be launching their own version of a cryptocurrency. This could bring big advantages to customers.
PSD2 is set to remake the EU payments marketplace. This deliberate public policy exercise is going to regulate and demonstrate what next generation financial crime competencies must be and cement the standard going forward.