Cybersecurity is among the top three risks that treasury and finance professionals believe will remain the top areas of concern for the next three years, according to new research by AFP.
In a poll of nearly 400 practitioners, the 2019 AFP Risk Survey, supported by Marsh & McLennan Insights, found that 51 percent cited cybersecurity risk as a key area of concern, just behind strategic risk (60 percent) and ahead of financial risk (39 percent). This result is just slightly down from last year’s result (52 percent). As advancement in technology sweeps across organizations, data is going to be even more vulnerable to cyberattacks, and risks arising from cybersecurity will be difficult to stay ahead of.
“With the top three risks having a direct link to the treasury department, corporate treasury more than ever needs to become a stronger business partner to management and other business units,” said Jim Kaitz, president and CEO of AFP. “Additionally, the skills within treasury will need to evolve with the increasing use of non-traditional vendors and technologies.”
THE QUESTION OF NON-TRADITIONAL VENDORS
While fintech is a growing challenge and opportunity for treasury and finance, only 34 percent of respondents anticipate using more non-traditional vendors in the future. Non-traditional vendors include vendors other than banks that are offering niche services, such as technology providers, payment providers, fintechs and task-oriented contract employees.
Over time, treasury professionals have built strong relationships with their banking partners and other entrenched vendors. Building new relationships requires keen effort and hard work from all parties involved—and that can be time consuming.
As such, it is not surprising that one-third of survey respondents indicate that the need to develop relationships with non-traditional vendors is the greatest drawback in using one. But looking beyond relationship management and process issues, 20 percent of survey respondents cited cybersecurity as a risk/drawback of using non-traditional vendors. The fear of exposing confidential data that can make organizations and their customers more vulnerable to attacks by hackers has spurred companies to actively implement measures to manage their cybersecurity postures when using both traditional and non-traditional vendors.
Managing cybersecurity with non-traditional vendors can be more stringent as these vendors may be smaller or less experienced and may not have the full cybersecurity capacities as do larger, more established vendors. As the treasury ecosystem evolves, treasury departments should have clear, written policies specifying vendor access and responsibilities regarding data usage. Treasury should also keep a running list of who has access to the data.
Over 70 percent of organizations maintain a list of third parties/vendors that have access to/process critical data. A large majority (71 percent) has a clear written policy specifying vendor access and responsibilities regarding the handling of organization data.
Looking ahead, survey respondents reveal that strategic, cybersecurity and financial risks remain the top areas of concern for the next three years. Based on this, treasury departments can expect their partnerships across their organizations to expand. As risks evolve, treasury will be working with other departments to support them in managing risks. Providing cash flows to support such growth, the capital structure required to finance it and, more importantly, the efficiency in treasury technology will be necessary to be effective in managing strategic and cybersecurity risks. Indeed, focusing on treasury technology will become a key element supporting an ongoing exercise of “doing more with less”—a constant theme within treasury.
Download the full 2019 AFP Risk Survey, supported by Marsh & McLennan Companies, here.