The overwhelming majority of organizations are finding themselves victims of fraud attempts, in many cases on a weekly basis, according to a new report.
The
For organizations reporting direct losses, nearly half (47.6%) lost $500,000 or more in a single incident, and one in four lost over $1 million from a single attack. The survey found these incidents are increasingly adaptive, multistep campaigns that exploit organizational silos as much as technical weaknesses. Attacks are also becoming more frequent, with nearly one in six enterprises facing fraud attempts every week.
"Gen AI has weaponized fraud into a coordinated business attack," said Trustmi CEO Shai Gabay in a statement. "Attacks now cross multiple systems, exploiting every gap between teams and tools. Without unified visibility and coordination, enterprises will continue to face threats no single control can stop."
The fraudsters often use "social engineering," exploiting vulnerabilities in people. Among organizations with losses, 26.75% lost over $1 million in a single incident; 29.19% lost between $500,000 to $1 million, and 22% lost between $100,000 to $500,000.
Only 27% of respondents said fraud prevention ownership is shared between the finance and security teams The majority pointed to a single team, with finance and security leaders nearly evenly split on who should own it. Around one-third (34.5%) of respondents cited misalignment between the two groups as a factor in a recent fraud or near miss.
The report also found safeguards buckling under AI-enhanced pressure and cross-platform attacks. In 88% of major incidents, at least one critical control failed, often more. The survey also found that 70% of incidents spanned multiple platforms and teams, compounding the chance of breakdown as fraudsters moved across systems.
The controls with the highest failure rates included email and messaging security:(44.6%), employee security awareness training (32.2%), compromised third-party vendors: (31.6%), threat detection/escalation process (27.85%) and bank account validation tools (26.5%).
Cyber attackers successfully bypassed security systems, in part due to human error (46.10%), or because the mail looked legitimate (40.57%), there was a trusted but compromised source (32%), the fraud crossed multiple systems: 31.62%, the security tools missed it (25.33%), and validations were followed but were ineffective (21.52%).
