Finding No. 3
Cybersecurity, integrated technology remain major challenges
Finance pros seek A/R and payments improvements
Nearly 3/4 of the organizations surveyed by the Association for Financial Professionals were targets of payments fraud in their most recent survey — so it stands to reason that for our respondents, cybersecurity is their biggest concern. More than half (52%) say in our survey it poses the biggest challenge to their business in 2022, up from 42% in 2021. Coming in second and not far behind at third: problems integrating technology (26%) and dealing with exchange rates (25%). Interestingly, problems with integrating technology persist despite the challenge of legacy technology dropping in the rankings from No. 2 last year to No. 6. One explanation is that respondents have increased their spending on finance technology over the last two years, but haven’t been able to integrate these solutions with their systems of record – which could also explain why the issues with process and efficiency detailed in the previous section remain.
Biggest A/R and payments concerns in 2022
CYBERSECURITY
INTEGRATING TECHNOLOGY
EXCHANGE RATES
When asked for their one wish in payment processes, three things rose to the top:
Fast payment process
No or low fees/costs and rates
Easier payment methods
What's working to alleviate concerns when it comes to receiving payments?
Better security & fraud detection processes
Using dashboard technology & analytics
Automating the process
Offering payment in local currency and easing reconciling
SPOTLIGHT
Industry standard & regulation
The compliance burden on companies will only increase in 2022. Here's three reasons why:
PCI DSS v.4.0
Organizations managing environments within the PCI DSS scope should prepare for some very heavy lifting with the newly published PCI DSS v4.0 standard. While organizations will have two years to transition, it has changed significantly since its last update in 2016. Updates move compliance from a once- a-year, audit-driven event to a continuous improvement process aimed at best securing payments.
Federal security regs to increase
A new law passed under the Consolidated Appropriations Act puts stringent timelines on reporting cyber incidents, requiring critical infrastructure owners and operators to report to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency within 72 hours of when they’ve suffered a major hack. It requires those same owners and operators to report a ransomware payment within 24 hours.
Payment processes are targeted
Payments is a main target in hacks – with 28% of those polled in Hiscox’s Cyber Readiness survey dealing with payment diversion fraud arising from business email compromise. Phishing has fallen as the first point of entry to hackers – with corporate-owned servers taking the No. 1 spot in Hiscox’s Cyber Readiness survey. Cloud-based servers were second, followed by the company website, and employee error such as phishing or spoofing.