Table of Contents
More than 80 percent of large U.S. companies were targeted by socially engineered fraud in the past year, according to Trustmi’s 2025 Socially Engineered Fraud & Risk Report. Nearly half of those organizations reported a direct financial loss, with many incidents costing more than $500,000.
The findings show that these attacks are recurring problems that disrupt operations, trigger audits, and shake trust across the business. CISOs who treat fraud as a rare finance problem may be missing its broader impact.
Where silos become attack surfaces
The report highlights misalignment between finance and security as a key driver of risk. One-third of respondents said poor coordination contributed to a recent fraud incident or near miss. Only a quarter said both teams always share visibility into incidents.
Attackers are exploiting those gaps. More than 70 percent of reported incidents moved across multiple systems, from email to ERP to vendor portals. Each handoff between teams created blind spots where fraudsters could operate without detection.
GenAI reshaping the fraud landscape
Generative AI has made fraud faster, cheaper, and harder to spot. Spoofed logins, vendor impersonation, invoice fraud, and even deepfakes are now combined in sequences that mimic normal workflows.
Most defenses remain tied to a single system. Training, manual verification, and email filtering all continue to fail when attacks span multiple platforms. Nearly nine in ten organizations said at least one of their safeguards broke down during a major incident.
“GenAI has weaponized fraud into a coordinated business attack,” said Shai Gabay, CEO of Trustmi. “Attacks now cross multiple systems, exploiting every gap between teams and tools. Without unified visibility and coordination, enterprises will continue to face threats no single control can stop.”
Recommendations for CISOs
The report calls for a shift in approach. Fraud prevention should be treated as a shared responsibility, with finance and security teams aligned on ownership, KPIs, and real-time visibility.
It also stresses the need for GenAI-resilient defenses. Behavioral AI and contextual monitoring can spot anomalies across systems, giving enterprises a chance to detect coordinated campaigns before money moves.
Finally, CISOs are urged to track more than direct losses. Operational disruption, compliance fallout, and reputational damage should be part of the case for investment in stronger defenses.
