The Digital Agenda Has Increased the Cybercrime and Fraud Threat Landscape – It's Now Critical for Corporate Treasury to Build Resilience

Whilst embarking on a digital transformation journey will bring operational and financial efficiencies, it also expands the attack surface and introduces new vulnerabilities, which allow cyber criminals and bad actors to operate with greater sophistication and speed.

Current projections indicate that global Authorized Push Payment (APP) fraud losses could reach US$331bn by 2027¹. In the US alone, the FBI's IC3 reported over 859,00 complaints in 2024, with $16.6 billion in losses. Phishing and social engineering dominate as entry vectors, but compromised credentials are becoming more common with approximately 22% of breaches now starting with stolen login data². Finally, the average cost of ransomware recovery in 2024 reached $2.73 million, with an average of 21 days of downtime for organizations.

These are concerning numbers and in this joint article Mark Sutton (Zanders) and Andrew Compton (Cortida) highlight some of the key risks within both the systems landscape and the underlying operational processes and provide some suggestions around possible risk mitigation.

What are the Key Risks

The current cybercrime and payment-fraud risk landscape is being shaped by four foundational forces linked to:

• The rise of the digital agenda, including instant payments within corporate treasury,
• The darker side of AI which is enabling fraud,
• The increase in professionalized cybercrime,
• and lastly, an increasingly interconnected and complex ecosystem.

As the above foundational forces converge, we see the manifestation in corporate treasury through various risk categories (including but not limited to):

• Business email compromise (BEC) and impersonation fraud.
• AI-enabled social engineering and identity fraud.
• Real-time payment fraud risk.
• Vendor / supplier payment fraud and master-data compromise.
• Malware and ransomware.
• Supply-chain compromise.

Possible Risk Mitigation Options

Practical mitigation options are based on a combination of process, technology and governance measures that must:

• Include a strategy that removes the reliance on email or voice as a trusted payment instruction channel.
• Require design controls that assume identity signals can be spoofed.
• Accelerate fraud detection to before payment release rather than after.
• Elevate controls to protect vendor master data as a critical financial asset.
• Ensure treasury and payments endpoints are recognised as critical payment infrastructure.
• Extend treasury control framework beyond organizational boundaries.

How can Zanders/Cortida Help?

Corporate treasurers now need to move away from a reactive approach to an "always-on" monitoring, control and mitigation operating model. Effective risk mitigation now requires a layered control model that combines process, technology, governance, and behavioural controls. The Zanders/Cortida partnership considers the full end-to-end payment risks landscape through a structured payment and systems security framework.

If you would like to learn more about this new service, please speak to your Zanders relationship contact to arrange a more focused discussion.