top of page

Matthieu Duponchel (Forvis Mazars): Treasury under threat: Building resilience against cyber attacks

Cyber risk refers to all risks associated with the use of digital technologies and is now one of the major economic risks. It can be defined as an operational risk affecting the confidentiality, integrity or availability of data and information systems. It encompasses both malicious acts and unintentional incidents resulting from human error or accidents.

Forvis Mazars - Matthieu Duponchel- 2025.jpg

The number of cyber incidents is increasing sharply, but the costs incurred for the entire economy remain difficult to estimate. These costs can be direct (financial impact) or indirect (reputation impact), affecting not only the organization that suffers the incident but also other stakeholders (partner companies, clients).

The financial department is particularly targeted by cyberattacks due to significant potential financial gains. Moreover, as the financial department organizational structure becomes more and more digitalized, the risks have been extended to the execution of payments and to the sensitive data owned by the company.

Threats silently infiltrate the systems over time like the Advanced Persistent Threats (APTs):

Malicious software:

  • Ransomware: Encrypts data and demands payment for decryption.

  • Trojans: Disguised as legitimate software to trick users into installing them.

  • Spyware: Secretly gathers user information.

  • Worms

Phishing attack:

  • Phishing: Fraudulent emails or messages trick users into revealing sensitive data.

  • Spear Phishing: Targeted phishing aimed at specific individuals or organizations.

  • Whale Phishing: Targets high-profile executives.

Social engineering:

Art of manipulating individuals into disclosing confidential information or performing actions that compromise organizational security

Fraudulent activity has seen a marked increase, driven by the adoption of increasingly sophisticated techniques by malicious actors. One common vector involves attempts to exploit corporate treasury functions through the submission of falsified invoices or unauthorized payment instructions. In more advanced scenarios, attackers have successfully infiltrated organizations, leveraging social engineering tactics to manipulate internal processes. A notable example is "CEO fraud," wherein employees are deceived into executing financial transfers based on fraudulent directives that appear to originate from senior executives.

​

A robust cybersecurity response framework is built on layered controls that work together to prevent, detect and respond to threats. These controls are not isolated,they form a continuous cycle of defense, monitoring and recovery:

  • The preventive controls are proactive measures designed to reduce the likelihood of a cyber event. They form the first line of defense and are often embedded in policies, system configurations and user access protocols.

  • The detective controls are essential for visibility and situational awareness. They help organizations recognize when preventive controls have failed and provide evidence for investigation and response.

  • The corrective controls are reactive and are activated once a threat has been detected. They aim to contain the impact, recover the operations, and prevent the recurrence.

​

In the context of treasury processes, companies have to secure their treasury management systems with:

  • Multi-factor authentication (MFA),

  • Application of the principle of least privilege, and periodical access reviews,

  • Segregation of duties, dual approvals for payments,

  • Isolation of treasury systems and payment networks,

  • Logs and evidence that would be needed for investigation.

​

A continuous training for treasury staff is also crucial to identify phishing attempts and other social engineering tactics.

​

A well-structured Business Continuity Plan (BCP) ensures that treasury operations can continue or be restored quickly, minimizing financial loss, reputational damage and regulatory breaches. This plan should outline procedures for performing essential treasury functions manually or through alternative means if primary systems are unavailable.

Depending on the structure and size of the organization, the appointment of a Business Information Security Officer (BISO) serves as a strategic response to bridge the gap between centralized cybersecurity governance and the operational needs of the treasury and finance functions.  Acting as a liaison, the BISO translates enterprise-wide security policies into actionable and business-relevant controls. This role also involves advocating for the treasury and finance teams within the broader security framework, while coordinating closely with the CISO and IT teams to manage ICT risks, incident response protocols and resilience planning.

​

By engaging with key stakeholders, the BISO is able to tailor security controls for payment systems, treasury management platforms (TMS) and financial data flows. Furthermore, the BISO integrates business continuity and incident response measures into treasury workflows and fosters a culture of security awareness and vigilance across the finance organization.

​

The Business Information Security Officer for Treasury and Finance serves as a strategic enabler of secure digital transformation. This role, beyond ensuring that cybersecurity measures are effectively aligned with operational and regulatory requirements, acts also as a critical liaison, translating complex security frameworks into practical and business-relevant actions. 

bottom of page