“Socially engineered fraud is thriving not only because it’s supercharged by GenAI, but because enterprise defenses remain fragmented, split by silos in visibility, ownership, and controls,” according to The Trustmi 2025 Socially Engineered Fraud & Risk Report, which found that 83.6% of companies experienced at least one fraud attempt in the past year. 

The report further highlights that poor coordination across teams, systems, and processes continues to leave U.S. businesses exposed to high-impact fraud. Notably, 34.4% of survey respondents said gaps between finance and security teams contributed to a recent fraud incident or near miss. The Trustmi survey included over 500 mid-to-senior finance and security professionals from U.S. companies with annual revenues of $1 billion or more.

To better understand these challenges, the survey explored not only the prevalence and impact of socially engineered fraud, but also how effectively finance and security teams collaborate and whether existing prevention controls are keeping pace with evolving threats. Here are the key takeaways:

Fraud refuses to fade, losses too big to ignore

Far from being rare, socially engineered fraud has become the norm. Nearly one in four firms face multiple fraud attempts each year, and almost one in six enterprises encounter them every week, as per Trustmi’s survey report.

The advent of generative AI has significantly lowered the barrier for cyber attackers to execute frequent, credible campaigns at scale. The fallout from a successful strike is both immediate and expensive. Trustmi’s findings reinforce this reality: among organizations reporting direct losses, “Nearly half (47.6%) lost $500K or more in a single incident, and one in four lost over $1 million from a single attack.”

Source: The Trustmi 2025 Socially Engineered Fraud & Risk Report

But the damage doesn’t stop at financial loss. Fraud ripples through the entire organization. Trustmi’s survey shows that high-impact incidents don’t just drain the balance sheet—they disrupt operations, stall processes, and invite audits and regulatory scrutiny. They erode reputation and trust, while pulling in legal, IT, finance, procurement, and even the C-suite to manage the repercussions.

Finance-Security collaboration gap: A gateway to fraud

Trustmi’s report states, “The steep financial losses enterprises reported don’t come from frequency alone. They reflect where attacks land: in the gaps between finance and security.” These collaboration gaps serve as gateways for fraud, highlighting that attackers often exploit organizational blind spots—not just technological weaknesses.

Source: The Trustmi 2025 Socially Engineered Fraud & Risk Report

The report emphasizes that unclear ownership creates openings, and each handoff between finance and security teams becomes an exploitable entry point for fraud. The biggest vulnerability isn’t technology alone—it’s misaligned responsibilities. When no single team can monitor fraud prevention end-to-end, organizations remain exposed to attacks that could have been prevented with clearer collaboration.

According to the Trustmi survey, just 27% of organizations share ownership of fraud prevention between finance and security teams. The majority rely on a single team, with security leading in 53% of cases and finance in 16%, while 4% of respondents are unsure who owns it. This imbalance underscores how gaps in team alignment and responsibility create fertile ground for fraud, making collaboration between finance and security not just desirable—but essential.

Traditional safeguards can’t keep up with evolving fraud

The report illustrates a sobering reality: traditional safeguards are buckling under the pressure of AI-enhanced attacks and cross-platform exploits. In about 9 out of 10 major incidents, companies saw at least one critical control fail or be bypassed entirely. Even more concerning, 70% of recent attacks affected multiple platforms—from email and enterprise resource planning (ERP) to vendor portals and payment software—compounding the risk as malicious actors moved across systems. The following controls demonstrated the highest failure rates:

• Email and messaging security: 44.6%
• Employee security awareness training: 32.2%
• Compromised third-party vendors: 31.6%
• Threat detection/escalation process: 27.9%
• Bank account validation tools: 26.5%
• Vendor onboarding: 21.3%

In conclusion, socially engineered fraud—supercharged by GenAI and amplified by fragmented defences—is no longer a rare threat but a persistent, high-impact risk for corporations. To reduce enterprise-wide exposure, Trustmi recommends that organizations unify ownership of fraud prevention across finance and security teams, deploy cross-platform detection capable of monitoring complex attack paths, and build Gen AI-resilient protections against AI-driven threats.

Equally important is tracking not just direct financial losses, but the full operational, compliance, and reputational impact of fraud. As Shai Gabay, CEO and Co-Founder of Trustmi, explains, "Attacks now cross multiple systems, exploiting every gap between teams and tools. Without unified visibility and coordination, enterprises will continue to face threats no single control can stop." The message is clear: without integrated visibility and joint action, even the most advanced safeguards will prove insufficient—leaving companies vulnerable to cyber attacks that no single measure can contain.