Business email compromise is a top concern for banks
Bottomline and Strategic Treasurer released the results of a survey that gathered details about corporate and banking experiences, actions and plans regarding fraud. Results show that the pandemic accelerated both the threat of fraud and the response to it, with corporate and banking alignment on defensive automation.
Banks worry about business email compromise
- Spending more/significantly more on security is a 3-year trend (2019: 17%; 2020: 19%; 2021: 22%).
- 86% of respondents from banks perceive business email compromise / authorized fraud to be the greatest risk to their business over the next 1-2 years.
- 21% of fraud experiences had a COVID-19 connection.
Against a multi-year trend of increasing sophistication and automation of fraud, opportunistic criminals leveraged the pandemic-driven push to remote operations to strike in a blitz offensive. The rapid transition to a work from home (WFH) environment created exposures that outpaced structural and procedural defenses, resulting in accelerated threats and fraud loss.
Smaller firms were hit the hardest (26% of small business fraud had a tie to the virus, as opposed to only 17% for larger companies). Presumably, their potential payouts previously fell below the radar of criminals who now, with the development of greater automation and a backdrop of expanded vulnerabilities, have broadened their sights to include targets of all sizes.
Intentional and multifaceted organizational responses
Organizational responses have been intentional and multifaceted, enhancing both human and technical elements of defense:
- Staff assignments in accountability for managing fraud have grown by 50% from levels measured just two years ago.
- On the technology front, firms are advancing via increased levels of automation, use of backend functions like fraud interdiction, and improved customer experience (90% noted this as a key area of technology investment) for optimizing the use of these digital tools – a trend which overlaps both banks and corporates.
“Ultimately, we are seeing digital warfare escalation, in which firms are meeting the criminal use of automation with their own defensive tools and controls,” says Craig Jeffery, Managing Partner of Strategic Treasurer.
Omri Kletter, VP, Cyber Crime and Fraud Management at Bottomline, also commented on the escalation: “Investments to digitally transform customer experiences and power faster payments are met with equally dynamic threats.
“Survey results show ongoing concern about business email compromise, authorized fraud, and account takeover, as well as an increase in threats faced by small and medium-sized corporate customers.”