Should Cyber Risk (and Insurance) Be on the Treasurer’s Agenda?

From Treasury Masterminds

Not so long ago, treasury risk management was fairly predictable.

• Interest rates.
• FX.
• Liquidity.
• Counterparty risk.
• Maybe the occasional banking crisis, if the world felt dramatic.

Today, one phishing email can shut down your company faster than any market crash. And yet, in many organisations, cyber risk is still treated as “an IT thing.” Which is… impressive. In the same way, ignoring smoke in your kitchen is impressive.

Cyber Risk Is Financial Risk. Full Stop.

When a serious cyber incident hits, it doesn’t look like a technical problem.

It looks like this:

• Payments stop.
• Cash positions are unclear.
• ERP systems go offline.
• Treasury works in spreadsheets and screenshots.
• Management wants answers. Immediately.
• Banks start asking uncomfortable questions.

Nothing about this is “just IT.” This is liquidity risk, operational risk, and reputational risk rolled into one very expensive package.

If treasury is responsible for keeping the company financially stable, cyber risk is automatically part of the job. Whether anyone officially assigned it to you or not.

The False Comfort of Cyber Insurance

Many organisations respond to cyber risk with one sentence: “We’re insured.”

Great. So is your house. Until it burns down and you discover the small print.

Cyber insurance is useful. But it is not magic.

Most policies come with:

• Strict security requirements.
• Limited coverage.
• Long exclusion lists.
• Tight reporting deadlines.
• And lengthy claims processes.

In practice, this means: you are covered, sometimes, partially, if everything went according to the rules. Treasurers understand insurance. They understand risk transfer, deductibles, limits, and residual exposure. Which is exactly why cyber insurance should not be left to legal and IT alone. Someone needs to ask: does this actually protect our balance sheet?

Why This Hits Treasury First

When systems go down, treasury feels it immediately. Three areas get hit hardest.

1. Liquidity

• No systems means no payments.
• No payments means no cash flow.
• No cash flow means stress.

You can’t manage liquidity if you don’t know where your money is.

2. Counterparty Exposure

• Banks.
• Payment platforms.
• TMS providers.
• ERP systems.
• Fintechs.

Your entire ecosystem is digital. Every weak link becomes your problem.

3. Reputation and Financing

A major cyber incident changes how lenders, investors, and rating agencies see you. Suddenly, you’re “higher risk.” That affects pricing. Covenants. Access to funding. Your cost of capital notices. Even if nobody mentions it out loud.

What Treasurers Actually Bring to the Table

No, treasurers don’t need to become cybersecurity experts. Nobody is asking you to learn ethical hacking at night. Your value is somewhere else. Treasurers are trained to think in scenarios.

“What if this goes wrong?” Apply that to cyber.

Ask questions like:

• What happens if systems are down for two days?
• How do we pay salaries manually?
• Which banks can we still access offline?
• Do we have emergency payment procedures?
• Who approves what in a crisis?
• Is this documented?
• Has anyone tested it?

If the answer is mostly silence, you just found a serious risk.

The Governance Problem Nobody Owns

In many companies, cyber risk lives in organisational limbo.

• IT owns infrastructure.
• Legal owns contracts.
• Compliance owns policies.
• Risk owns frameworks.
• Finance owns consequences.

Everyone touches it. Nobody truly owns the financial impact. That’s where treasury fits. Not as the “boss of cyber,” but as the translator between technical failure and financial reality.

• You understand what downtime costs.
• You understand liquidity buffers.
• You understand funding stress.

That perspective is rare. And valuable.

From Technical Issue to Board Topic

Boards increasingly ask about cyber risk. Usually, after a competitor gets hacked. Treasurers who understand the financial impact can suddenly play a strategic role in these discussions.

You move from: “Can you update the cash forecast?”

To: “What is our exposure if this goes wrong?”

That’s a very different conversation. And it changes how treasury is perceived.

So, Should It Be on the Treasurer’s Agenda?

Yes.

• Not as a side project.
• Not as “something to keep an eye on.”
• Not as a once-a-year PowerPoint.

As part of core risk management. If you care about:

• Business continuity.
• Funding stability.
• Risk credibility.
• Your own relevance.

Then cyber risk belongs on your agenda. Ignoring it does not make it disappear. It just makes the invoice bigger later.

Final Thought

Treasury used to be about managing money. Today, it’s about managing what happens when money can’t move. Cyber risk is part of that reality. Whether treasurers like it or not.

Also Read

• Webinar Recap: Cash Flow Forecasting on Trial
• Oil Price Shocks: The Treasury Domino Effect
• What does commodity volatility mean for treasurers?
• ISO 20022 for corporates: the change you can’t ignore (even if you’d like to)
• Treasury Trends for 2026: Building Smarter, Faster and More Resilient Treasury Functions
• Treasury Trends for 2026: Building Smarter, Faster and More Resilient Treasury Functions
• Webinar Recap: De-Dollarisation & How Treasurers Can Build the Right Hedging Strategy
• Climate Risk: The Next Frontier in Treasury Strategy
• Webinar Recap: De-Dollarisation & How Treasurers Can Build the Right Hedging Strategy

Join our Treasury Community

Treasury Mastermind is a community of professionals working in treasury management or those interested in learning more about various topics related to treasury management, including cash management, foreign exchange management, and payments. To register and connect with Treasury professionals, click [HERE] or fill out the form below to get more information.