Cyber Security and treasury

PwC ATEL breakfast conferences

July 2018

• François Masquelier

• ATEL

2

Cyber Risk, ready or not, here it comes…

3

Guess what is the main risk identified by The World Economic Forum survey for Luxembourg in 2017?

4

Cyber Riks and Treasury: a real issue!

5

Allianz Barometer 2017… nothing new !

• It is always interesting to benchmark and to compare perceptions of key risks in coming vs. our own assessment of top risks

• These special reports should only serve as guidelines to focus on risks which could be (potentially) underestimated/undervalued (for good or bad reasons)

• Perception doesn’t mean effective costs in case of occurrence or are not necessarily aligned

• Even if perceived as “HIGH” it may be mitigated by measures and actions

• Cyber risks and IT high or even over dependency and Uberization of the economy or business disruption are facts we need to accept and to face…

• The problem can also come in some cases from the difficulty to assess properly these cyber risks (similar to loss of reputation and branding value, political risks or new technology consequences)

6

« Comparison is not reason »…

• According to PwC survey 2018, 49% of MNC’s claimed they have been victims of fraud and economic crime

• Although we all know this number should be much higher!

• It is the biggest competitor you didn’t know you had… it becomes a core business issue…

• Impact and scale of fraud has grown significantly in today’s digitally enabled world

• The technology paradox… (e.g. SWIFT SCP, Soc’s certification, SAS70, etc…)

• At EACT, we care about cyber security and have set up a working group

• You are accountable as treasurer for all corporate finance related risks

• Pay attention and be prepared as bad news travel fast these days… reputational risk now outstrips regulatory risk and even others…

• Invest in people, not just in machines

• Be prepared with good and solid partners, face fraud and emerge stronger could be my take-aways….

7

Cyber risk at glance…

• Paradox of sophistication: at the time of instant payments, AI and digital commerce, fraud is increasing

• Instant payments, PSD2, new API’s, new payment methods, etc.. will open new doors to fraudsters…

• Level of fraud is at the all-time high because cybercriminals are as sophisticated or even more than tech engineers

• Treasury departments are obviously prime targets

• Even SWIFT was in 2016 victim of fraud and attacks

• Junior treasurers could be pressured to infringe rules and are obvious targets

• Treasurers are « risk managers » and therefore should mitigate risks and not generating or increasing them

• We can mention spoofing, phishing or voice phishing the so-called « vishing », ransomware, IBAN fraud, etc…

• Treasurers are on the first front line of defense and accountable for payments

• They should adopt the famous mantra « prevent, detect, respond, recover »

• Close relationship between Treasurer and CISO is required

• One piece of advice: stay ahead and keep a look at technology, processes and people

8

Fighting fraud and cyber crime is becominga top priority for corporate treasurers

9

It explains why ATEL & PwC thought cyber risk must be high on our agenda’s

Articles for your information:• https://www.treasury-

management.com/showarticle.php?pubid=1&issueid=403&article=3436&page=showarticle&pageno=1

• By F. Masquelier:

• EACT cyber security group:

10

Additional piece of information

From the cyber security working group to the Board members

The cyber security working group was formed by the EACT to focus on increasing awareness and knowledge of cyber security in the treasury landscape. At present, we are represented by

individuals from 9 different countries (Belgium, France, Germany, Spain, Switzerland, Ireland, Netherland, UK and Austria). Our approach is focused on publishing best practice articles, guidance and interviews with cyber security specialists (e.g. the FBI, Global Cyber alliance, Europol) through the EACT’s website and newsletters.

A key area that we hope to make a difference is through the provision of a mechanism to

increase awareness of cyber fraud trends. To achieve this, we need your help. We are looking for your support in sharing cyber fraud incidents that you are made aware of

to cybersecurity@eact.eu

In turn, we will collate and share the incidents across Europe anonymously. By working together we can help increase the amount of information your members have when planning

their preventative strategies.

Additionally, please feel free to get in contact, if you would like any assistance with any upcoming cyber security events that you may be planning. Thank you. Best regards.

Anne Catherine Sailley

asailley@steelcase.com

Thomas Woelk

woelk.t@f-l-s.de

Thank you!

François Masquelier, Chairman ATEL

Twitter: @FrancoisMasquel

Blog: https://mytreasurer.wordpress.com

LinkedIn: ATEL group