The session opened with a clear message: cyber risk is now firmly on the agenda of corporate boards across the UK and beyond. With the UK being the most targeted country in Europe for cyber-attacks, and estimates placing the annual cost of cyber incidents at nearly £15 billion – roughly half a percent of UK GDP – the significance of the threat cannot be overstated. This elevated risk profile has seen cyber security integrated into both operational and strategic risk assessments by banks and corporates alike.

Christopher McGrath shared first-hand insights from his extensive career in military intelligence and cyber operations, highlighting the increasing complexity of the threat environment. Notably, there has been a shift from tightly-coordinated, siloed threat groups to large, federated operations where dozens of affiliates collaborate under major cybercrime brands. This has led to an exponential increase in breaches and attacks, further complicating defence efforts.

Internationally, the session noted the rise of state-sponsored cyber activity, particularly from Russia and China, and the growing use of hybrid and AI-powered tactics. Of particular concern is the rapid adoption of cloud and software-as-a-service (SaaS) solutions, which, while providing efficiency, can introduce new vulnerabilities if not properly managed and configured.

One of the session’s central themes was the need to move from reactive cyber security to a proactive, intelligence-led approach. “Active cyber defence” means taking initiative to gather information, anticipate threats, and build resilience before incidents occur. Collaboration with European and international partners, especially post-Brexit, was highlighted as vital for improving intelligence sharing and operational readiness.

Treasury functions play a critical role in business resilience and loss prevention. Often, there is a disconnect between IT/security teams and treasury when it comes to assessing the financial impact of supply chain or vendor risks. Christopher stressed the importance of robust business impact assessments, mapping out dependencies and understanding the financial criticality of each supplier.

Attackers are also becoming more commercially savvy, seeking not only to exploit technical vulnerabilities but also to understand the financial value of stolen data for negotiation and extortion purposes. This underscores the need for treasury teams to be actively involved in cyber risk management.

Prioritise assurance, not just compliance: move beyond tick-box exercises. Regularly audit and test your cyber controls, and ensure insurance and assurance processes are rigorous and comprehensive.

Map your supply chain: build a clear, up-to-date map of your critical vendors and suppliers. Understand the operational and financial impact of each, and ensure this information is shared across treasury and security functions.

Adopt threat-led approaches: use available tools to monitor your organisation’s exposure, such as domain vulnerability scans. Many free or low-cost AI tools can help identify potential risks before they are exploited.

Rethink password policies: encourage the use of three random words, a number, and a symbol – a method proven to be effective against current decryption tools. Avoid excessive password changes that may lead to risky user behaviour.

Stay informed and involved: treasury teams should remain engaged with IT and risk functions, ensuring financial risk is fully factored into cyber security planning and incident response.

The fireside chat concluded with a powerful reminder: cyber risk is now a core financial risk, not an IT issue and a major cyber incident has become a “balance sheet issue” – it is a matter of business continuity and reputation. By embracing a proactive, collaborative approach, treasury teams can play a pivotal role in safeguarding their organisations against the ever-changing cyber threat landscape.