We no longer support this browser. Using a supported browser will provide a better experience.

Please update your browser.

Close browser message

Treasury and Payments

Improve your working capital, reduce fraud and minimize the impact of unexpected disruptions with our treasury solutions—from digital portals to integrated payables and receivables—all designed to make your operations smoother and more efficient.

Learn more about our treasury solutions:

Commercial Real Estate

Get the strategic support to be successful throughout market and real estate cycles with insights, hands-on service, comprehensive financial solutions and unrivaled certainty of execution.

Learn more about our commercial real estate solutions:

International Banking

Global opportunities mean global challenges. But real success means understanding the local markets you serve—which is why we bring the business solutions, insights and market perspective you need. 

Learn more about our international banking solutions:

Cybersecurity and Fraud Protection

Developing a Culture of Cyber Preparedness

We spoke with Mike Kelly, Commercial Banking’s Head of Cybersecurity and Technology Controls, about how to create an environment that prioritizes security and fraud preparedness. Learn why organizations today are so focused on security, and what steps you can take to defend yourself from fraud.

The cybersecurity field continues to evolve, and we hear all the time about new schemes from criminals trying to gain access to systems. What have our clients learned and what more do they need to know now?

Over the past few years we’ve seen cyber criminals expand their targets to include a broad range of types and sizes of organizations, and clients—from smaller businesses, like laundromats and corner stores, to large corporations—want to stay ahead of cyberattacks.

It’s important for every company or organization to take as many steps as they can to help prevent cyberattacks. Larger companies clearly have more resources, but there is a lot that smaller businesses can do, too. Keep anti-virus software up to date. Don’t open emails from addresses you don’t recognize. Validate all requests for payment by speaking to the person making the request, either in person or with a known phone number. Bring in a cybersecurity consultant for a review of their systems and vulnerabilities. Small steps matter.

What’s motivating the shift in interest in cybersecurity preparedness?

Unfortunately, cyberattacks are escalating, and that’s the motivation. The wide range of targets, the increased public attention and the experience of actually being targeted—whether it’s successful or not—are the biggest drivers of clients’ cybersecurity preparedness.

In the last three years, we’ve doubled the number of clients that we meet with to discuss the tools and controls they can use. We visit offices, speak at conferences and have detailed discussions, and sometimes that’s still not enough. For example, recently one of our clients was developing a cybersecurity program based on best practices. Unfortunately, the client’s project was delayed by other priorities that impacted the program’s launch.

During the delay, criminals launched a cyber attack against them and demanded a ransom to return the client’s employee data. Since the incident, building and maintaining a solid cybersecurity program quickly has become a top priority for that client.

The more organizations are hit with some type of cyber event or cyberfraud, the greater the interest they have in maturing their programs.

If awareness is growing, what’s still in the way of clients creating a culture of cybersecurity preparedness?

Culturally, there’s a difference between organizations that have experienced an incident and those that haven’t. The organizations that have moved the needle the most are those that have experienced an attack, even if it was not successful.

Every organization has to weigh competing priorities. It’s natural that the people deciding an organization’s priorities give it more attention after an incident. You just “get it” once you’ve lived through it.

So what can cybersecurity leaders do to help push organizational cultures toward cyber preparedness?

Cybersecurity preparedness programs don’t have to be expensive, but the lessons that come from a cyberattack are costly in terms of lost business and reputation, lost revenue and lost assets.

Organizations are more likely to be the target of a cyberattack than to experience a fire in their office, but often, they are more likely to practice fire drills than cyber preparedness drills. Testing systems helps to uncover gaps in cybersecurity preparedness and employee training.

Given the broad range of organizations that are targeted by cyber criminals, what advice can you give companies that are looking to create or mature their cybersecurity programs?

Cybersecurity preparedness programs don’t have to mean an organization must invest in expensive solutions. Having people involved in a system creates an opportunity for human error. So a strong return on investment can come from lower tech strategies including training and testing—such as phishing drills and tabletop exercises.

An old fence can still keep people out. Finding and mending any gaps in that fence is critical, and repeated training and practice is one of the simplest ways to do that.

Get in Touch and Stay Informed