As the digital threat landscape rapidly evolves, corporate treasurers are increasingly at the forefront of organisational risk management. Cybersecurity has become a top priority beyond IT departments, with treasurers focusing on operational resilience and secure liquidity to uphold trust and ensure business continuity. Securing adequate cash flow and liquidity to support critical operations amid disruptions and market volatility remains fundamental to treasury resilience.
Mark Bellward, BNY’s head of liquidity and margin services for EMEA markets, underscores the rising urgency: “Addressing pressures on supply chains, working capital, and liquidity management is critical. Operational resiliency in the face of these ever-evolving cyber threats must form a key component of the corporate treasurer’s mindset.”
How confident is your ability to withstand attacks? Do you fully understand your resilience? And if that resilience fails, what is your contingency plan?
Cyber crime is a formidable global threat. According to a recent World Economic Forum study, ransomware alone is now a circa $10 trillion industry – effectively making it the world’s third-largest economy. For many organisations, a cyber breach is not just about lost data. It can mean paralysed systems, delayed payments, reputational harm, and severe financial consequences.
“You open your laptop on a Monday morning and discover you can’t access the system because your organisation has been hit with a ransomware demand,” says Bellward. “But payroll still need to go out that day. That’s the kind of moment that makes people sit up and pay attention.”
For BNY, cybersecurity responsibility extends well beyond safeguarding hardware and online systems. As a globally systemically important bank, BNY plays a critical role in the nation’s financial infrastructure. “If BNY were to go down, the entire financial system could be paralysed, markets impacted and businesses at a standstill. That is why it is imperative for BNY to maintain the highest standards of cybersecurity resilience to protect not only its clients but also the stability of the broader economy,” says Bellward.
Bellward emphasises that treasurers need to focus on ensuring operational continuity amid these cyber threats. “How confident is your ability to withstand attacks? Do you fully understand your resilience? And if that resilience fails, what is your contingency plan?”
Treasurers may not be cybersecurity experts, but they must be informed enough to ask the right questions to protect their firm’s liquidity and capital position from threats. “Treasurers need to understand the key issues, what questions to raise with their internal teams, and how to ensure protocols are in place within their own treasury functions to avoid falling victim to cyber attacks,” says Bellward.
In this context, resilience means building layered defences, both internally and through third-party providers. “That layered security approach should extend across the market,” he explains. “Do you have controls over your networks, your applications and your perimeters? Have you put effective governance in place? Is cyber risk on your executive agenda? Have you educated your business? Is your Management Information of high quality? Have you identified what you need to protect? Are you aware of emerging threats? Are you testing your defences?”
Modern risk detection is increasingly powered by technology. “At BNY, our Cyber Technology Operations Center (CTOC) reviews trillions of events every month using sophisticated technologies including machine learning and artificial intelligence,” Bellward notes. “We use these technologies to correlate patterns in our environment and detect anomalous behaviours that may warrant investigation.” One example: “If someone logs in from London but their access badge is swiped in New York, that triggers an alert.”
The CTOC team monitors activity with precision: “BNY tracks threats by individual, by role and by region, analysing every event to identify anything unusual.” Machine learning and AI are continuously learning and allowing further tuning of the alerting in our environment.
Though rooted in advanced technology, these proactive strategies serve a simple purpose: predictive threat detection before they become a reality.
On the client side, secure access is non-negotiable. “Clients on LiquidityDirect, BNY’s comprehensive short-term investment platform, must have two-factor authentication in place,” says Bellward. With many treasurers now leveraging APIs to connect with banks and market platforms, endpoint security has become mission critical.
“Securing API and maintaining connections, especially those used for financial transactions and financial data, is a fundamental part of cybersecurity hygiene,” he adds. But technology alone is not enough. Organisational preparedness plays an equally vital role. “It’s also about how quickly you can get back up and running,” Bellward notes.
This is where continuous assessment, including recovery and response protocols, threat-led penetration testing and simulated attack scenarios, often referred to as ‘war games’, come into play, helping teams rehearse their reactions and strengthen resilience before a real incident occurs.
While robust API security is essential to protect data in transit and ensure trusted interactions, the rise of blockchain technology introduces a new dimension where data integrity and transparency are part of the on-chain infrastructure. This shift from traditional API-based data exchange to on-chain data management is security through cryptographic validation.
“At BNY, we are focusing on building the financial infrastructure of the future by bridging traditional and digital financial ecosystems,” says Bellward. “By providing comprehensive data solutions with their on-chain data product, we power the on-chain investor community with critical fund data using smart contract technology. This offering is part of a full suite of digital assets solutions that enable clients to receive a holistic view of their digital asset activity.”
Data published on-chain is immutable, highly available and resilient because of their decentralised, distributed nature and key to building confidence in on-chain investment activities.
If someone in your supply chain suffers a cyber attack or experiences a cyber event of any kind, it will inevitably impact you
Corporate treasurers must also regularly scrutinise the resilience of their providers, i.e. their banks, market data providers and treasury management systems, because when a provider fails, those who made the decision to engage them may be held accountable.
Treasurers often face a trade-off between newer, lower-cost platforms and more established providers with proven security credentials. Bellward is unequivocal: “I would suggest they choose the one that is most secure.”
This caution is well-founded. Ransomware and supply chain disruption top the World Economic Forum’s list of organisational cyber risks. “If someone in your supply chain suffers a cyber attack or experiences a cyber event of any kind, it will inevitably impact you,” Bellward warns.
Liquidity planning and cyber resilience are inextricably linked, especially when access to funds is on the line. “You don’t have liquidity if your provider is taken offline,” warns Bellward. “If your liquidity plan lacks resilience, you may find yourself unable to access cash when you need it most.”
To mitigate this risk, he encourages treasurers to adopt a ‘cash ladder’ approach, mapping out how much cash is immediately available, how much can be accessed within a month, and what’s committed to longer-term facilities.
“Resilience within that structure means ensuring those funds remain accessible, even if one provider is compromised,” he explains. One practical safeguard is diversification. “You could have multiple providers offering the same product. If one liquidity solution is affected by an incident, you can pivot to another,” Bellward suggests.
The most valuable thing corporate treasurers can do today is adopt a mindset rooted in scrutiny and preparedness. “First, are they factoring resilience into their decision-making? And second, how are they measuring it? What questions are they putting to their providers?” asks Bellward.
Cybersecurity is no longer someone else’s responsibility; it has become central to treasury operations, influencing everything from daily liquidity management to the stability of entire financial ecosystems.
“There are some best practices I would emphasise every treasurer to consider,” says Bellward. “First, prioritise operational resilience by integrating cybersecurity into your core treasury and business continuity plans and ask the right questions. Understand cybersecurity risks and regularly assess both your internal teams and third-party providers.” Bellward also stresses the importance of implementing layered security with multiple defence layers internally and across counterparties.
“Technology should play a major role.” Bellward suggests leveraging advanced technology like AI and analytics is crucial for proactively detecting anomalies and threats. Also, securing access and maintaining API hygiene is vital for financial transactions and data exchange.
Finally, Bellward says to adopt a mindset of continuous scrutiny and preparedness. Proceed to measure and question the resilience of your operations, providers and counterparties. Take an all-hazards resilience approach, planning beyond cyber risks to include data centre failures, natural disasters, pandemics and geopolitical events.
Philip Smith is editor of The Treasurer. This article is based on a conversation with Mark Bellward, BNY’s head of liquidity and margin services in the EMEA markets, and first appeared in The Treasurer Issue 3, 2025
