Array ( [20250919] => 6 [20250920] => 10 [20250921] => 12 [20250922] => 13 [20250923] => 14 [20250924] => 15 [20250925] => 12 [20250926] => 11 [20250927] => 10 [20250928] => 10 [20250929] => 14 [20250930] => 15 [20251001] => 11 [20251002] => 15 [20251003] => 14 [20251004] => 11 [20251005] => 10 [20251006] => 13 [20251007] => 13 [20251008] => 15 [20251009] => 10 [20251010] => 14 [20251011] => 15 [20251012] => 6 [20251013] => 18 [20251014] => 19 [20251015] => 13 [20251016] => 16 [20251017] => 13 [20251018] => 13 [20251019] => 9 [20251020] => 16 [20251021] => 15 [20251022] => 12 [20251023] => 14 [20251024] => 18 [20251025] => 9 [20251026] => 12 [20251027] => 21 [20251028] => 25 [20251029] => 22 [20251030] => 19 [20251031] => 24 [20251101] => 16 [20251102] => 26 [20251103] => 29 [20251104] => 18 [20251105] => 21 [20251106] => 20 [20251107] => 27 [20251108] => 19 [20251109] => 26 [20251110] => 20 [20251111] => 28 [20251112] => 26 [20251113] => 28 [20251114] => 25 [20251115] => 19 [20251116] => 21 [20251117] => 30 [20251118] => 25 [20251119] => 29 [20251120] => 17 [20251121] => 26 [20251122] => 15 [20251123] => 17 [20251124] => 23 [20251125] => 22 [20251126] => 67 [20251127] => 113 [20251128] => 25 [20251129] => 13 [20251130] => 6 [20251201] => 12 [20251202] => 16 [20251203] => 16 [20251204] => 12 [20251205] => 9 [20251206] => 11 [20251207] => 10 [20251208] => 10 [20251209] => 10 [20251210] => 12 [20251211] => 10 [20251212] => 15 [20251213] => 9 [20251214] => 12 [20251215] => 14 [20251216] => 19 [20251217] => 69 )
Browse topics and content
  • automation
  • Cyber risk
  • cybersecurity
  • payments factory

Cyber risk has moved to the centre of treasury strategy

Feature-image

Cyber risk has moved to the centre of treasury strategy. As AI, automation and cloud platforms reshape treasury operations, payment fraud, deepfakes and operational disruption are forcing treasurers to rethink controls, governance and resilience.

by

Published: June 11th 2025

Artificial intelligence, automation and cloud-based infrastructure have transformed the speed and scale of global treasury operations. But they have also opened the door to a rapidly expanding cyber threat landscape.

According to Wipro State of cybersecurity report 2025, cybersecurity investment remains heavily concentrated in the US, Europe and Israel, which together account for 78% of analysed deals. The US leads significantly with 637 seed-stage and 287 Series A deals, followed by Europe and Israel.

Chart

For logistics providers—which are central to global supply chains—the risks are amplified. Kemi Bolarin, Head of treasury – Europe at GXO, a global logistics company, explains why cyber security is now a core treasury discipline and why organisations must balance digital innovation with operational control.

A threat accelerating beyond existing safeguards

According to Bolarin, the pace of technological change is outstripping the ability of corporate controls and regulation to keep up.

Wipro report said that most AI-related incidents stem from human or model-driven failures rather than technical glitches. Deepfakes (39%) and ethical issues such as bias, explainability and fairness (32%) dominate the reported cases. Traditional risks like data leakage or IP theft account for only a small share, highlighting how governance and oversight lag behind rapid AI adoption.

Chart 2“As organisations adopt AI and automation to increase efficiency, the exposure to cyber risk rises in parallel,” she said. “AI is evolving faster than regulatory frameworks, and that creates vulnerabilities that are difficult to manage.”

Treasurers are no longer insulated from this shift. “Treasury operates at the intersection of finance and technology. We manage high-value payments through APIs, cloud platforms and multiple third-party systems. These channels are essential, but they also broaden the attack surface,” she explained.

Digital adoption in logistics has been rapid, driven by the need for efficiency and real-time visibility. “Many of the systems we use are external platforms provided by reputable vendors. Even so, they remain configurable and therefore susceptible to compromise. The pace of mitigation is not matching the pace of digital evolution.”

Jaguar Land Rover: a defining moment for corporate cyber awareness

The Sept 2025 cyber-attack on Jaguar Land Rover (JLR), a multinational automobile manufacturer, which forced a month-long production shutdown and caused substantial financial damage, has become a touchstone for treasury professionals evaluating their own exposure.

JLR’s performance in the second quarter of the financial year 2026 was impacted by significant challenges, including a cyber incident that stopped the vehicle production in September and the impact of US tariffs, Adrian Mardell, Chief executive officer at JLR said in a statement.

The company said the ransomware attack had cost the business £196m in “cyber-related costs,” recorded as part of £238m in exceptional items during the quarter.

“When the Jaguar Land Rover incident occurred, it highlighted the severity of modern cyber threats,” Bolarin said. “It showed that even major global companies with strong resources can experience significant disruption. For treasury teams, it reinforced the importance of preparedness and regular training.”

The case also demonstrated how quickly a technical compromise becomes a treasury crisis. “It is not simply a data breach—it becomes an operational and liquidity challenge almost immediately,” she said. “Treasury needs the confidence to escalate concerns, challenge assumptions and verify information, even if that introduces delays.”

Bolarin noted that many incidents never reach the public domain. “Only the largest cases become visible. Many organisations choose not to disclose attacks because of concerns about market reaction and customer confidence,” she said.

 Payment fraud: the risk that defines the treasury agenda

Among the forms of cyber threat—ransomware, data breaches, insider manipulation—one risk dominates treasury concerns.

“Payment fraud remains the most significant threat because it directly targets the core of what the treasury does,” Bolarin said. “It is the factor that can immediately compromise liquidity, erode controls and cause irreversible loss.”

The increasing sophistication of impersonation attacks has heightened the challenge. “We now see deepfake audio and video being used to imitate senior executives. There have been cases where employees believed they were speaking to their CFO on a video call, when in fact it was a synthetic impersonation. Those incidents have resulted in multi-million-dollar transfers.”

In this environment, she argued, trust must be  verified systematically. “Treasury has adopted a zero-trust approach. We validate every request and every access point, internally and externally. We cannot rely on appearance, email trails or urgency.”

A recent payment case illustrated this shift. “We were processing payments to new counterparties for the first time. Despite internal pressure to move quickly, we paused the transaction to perform direct verification with the banks. We also completed an internal verification via video to ensure that the instructions were genuinely coming from our own colleagues. Email confirmation is no longer sufficient,” Bolarin said.

Wipro report said that companies are prioritising investments in Zero Trust security (97%) and AI-driven threat detection (93%) as they modernise their cyber-defence stacks. IoT device security (82%) and SASE frameworks (78%) also feature prominently as firms grapple with distributed operations. More than half of organisations are now allocating budget to LLM guardrails.

Chart 3

Fake-invoices expose external checks

One incident Bolarin recalled shows how easily organisations can be misled—even when verification steps are taken.

During a refinancing process conducted during the pandemic, GXO received an invoice from seemingly a legitimate professional services firm. “The documentation looked entirely credible,” Bolarin explained. “The bank account details appeared authentic, the company had a well-established LinkedIn presence, and the individuals listed as contacts all had profiles with photographs, work histories and global office locations.”

Despite these indicators, the invoice was fraudulent.  “It showed how convincing external signals can be,” she said. “All the superficial markers of legitimacy were there, yet the payment request was not genuine.”

The missing step, she noted, was an internal verification, which would have exposed the inconsistency immediately. “One direct internal check would have confirmed that the invoice did not relate to any authorised work. But because the team relied on external indicators—and because the organisation was working remotely during COVID—those essential internal conversations did not happen.”

The lesson is clear:  “External checks alone are not sufficient. Even when documentation appears legitimate, treasury must validate requests internally. A structured call-back process remains one of the most effective defences.”

Automation’s paradox: efficiency and exposure

Automation is key for modern treasury operations, but Bolarin warns that it can increase the impact of an error or compromise.

“The speed that makes automation valuable can also magnify risk. If a fraudulent payment enters the system, automation can process it within seconds, leaving almost no opportunity to intervene,” she said.

To mitigate this, she emphasised the need for layered controls:

  • Multi-factor authentication: “This must be a baseline requirement for any system we use.”
  • Segregation of duties: “The four-eyes principle remains one of the most effective safeguards.”
  • Zero-trust frameworks: “We no longer rely on perimeter security. We assume compromise and verify continuously.”

Chart 4

Wipro 2025 report said that data quality and privacy concerns (84%) are the biggest barriers to deploying AI in cybersecurity. Many teams also lack in-house AI expertise (75%), and face difficulties integrating AI tools with legacy security systems (72%). Budget constraints continue to slow adoption, even as threat levels accelerate.

AI-based anomaly detection can support fraud prevention, but only within a unified landscape.

“Machine learning is useful when an organisation operates within a single ERP. In fragmented environments with multiple ERPs, anomaly detection becomes inconsistent. In addition, AI systems themselves can be manipulated by malicious code,” she noted.

Bolarin added, “automation does not remove risk; it alters its shape. Treasury needs to anticipate that shift.”

Emerging tools—but with limits

Several emerging technologies offer potential benefits, but Bolarin stressed that none replace the fundamentals of disciplined treasury practice.

“There is a risk of adopting tools simply because they appear advanced. Human judgement remains essential, and no system can fully replace that,” she said.

Digital identity frameworks, for example, counter impersonation—but Bolarin noted they have their own weaknesses. “With personal data, images and voice samples widely available online, digital identity solutions are not immune to manipulation. Deepfakes continue to challenge even sophisticated authentication methods.”

She sees potential in intelligent automation, adaptive security frameworks and decentralised trust models, but emphasises that these capabilities require organisational readiness.

“Predictive analytics and advanced monitoring work only when the underlying systems are standardised and well-integrated. Before implementing such tools, organisations must ensure that their internal structure is strong and consistent.”

The human layer still defines resilience

 Despite advances in technology, Bolarin is clear that treasury resilience ultimately depends on people.

“Technology has introduced a level of complexity that cannot be fully contained by systems alone,” she said. “The human element—verification, questioning, escalation—is essential.”

Processes like supplier onboarding and bank verification must retain human oversight.

“A single phone call to confirm bank details can prevent a severe incident. Treasury should not hesitate to slow down a process when something is unclear,” she added.

Her advice to treasury teams is straightforward:

“It is always better to ask an additional question than to approve a transaction that cannot be reversed. Vigilance is non-negotiable.”