LONDON—Just how safe is your treasury management system? During a discussion on cybersecurity at last week’s ACT Cash Management Conference, experts discussed just how vulnerable treasury’s data may be.
The representative of a treasury software vendor, who previously worked as a corporate treasurer, showed the results from a recent PwC survey that revealed that 90 percent of large corporates and 75 percent of small companies have incurred a data breach. Of that number, 7 percent believe the breaches they suffered were related to the cloud.
The treasury software vendor, who asked not to be named, noted that much of the focus on cybersecurity recently has been on payments fraud. “But I think what you shouldn’t lose sight of is that there are other factors,” he said. “In a treasury system, people are interested in data. If we talk about industrial espionage, your competitors might be interested in what your hedging policies are, what your cash positions are, who you’re dealing with, what sort of rates you’re getting, etc. That’s really if you got into the TMS itself. It’s data that people are looking for.”
The threat to smaller companies who primarily keep their data on spreadsheets is even greater, he noted.
The treasury software vendor noted that with the newly enacted EU Data Protection Regulation mandating that companies report breaches (or be charged up to 4 percent of global turnover), more businesses are likely to begin coming forward. When that happens, he believes we could hear about some incidents previously thought to be theoretical. “Seven percent of the cases are believed to be related to the cloud, and treasury systems are all moving toward the cloud,” he said. “And if the cloud can be penetrated, there’s a risk there.”
He told AFP that, at this time, he is not aware of TMS being breached. However, he does believe that TMS security could be improved.
Mike Loginov, founder and CEO told Ascot Barclay Cyber Security, was a bit more direct. He told AFP that he knows for a fact that there have been attempts to breach companies’ treasury systems. “Categorically, those systems have been attacked,” he said. “They are of interest to criminal fraternities and the hacker community generally because they access information on what’s happening in the commercial world. And that’s huge.”
Loginov noted that treasury systems, like all systems, are far from impenetrable, if the criminals are motivated enough. “It’s just a case of time,” he said. “Some of those systems have been around for quite some time; there are legacy systems where the code isn’t as secure as it should be.”
He added that while he could not provide specifics on any corporate treasury departments whose treasury systems had been breached, with the new regulation by the EU, European companies may soon be publicly disclosing that type of information.