Ask 500 finance and security leaders who owns socially engineered fraud, and you won’t get a straight answer. In The 2025 Trustmi Socially Engineered Fraud & Risk Report, based on a survey of this critical audience, more than a third pointed to finance, another third to security, and the rest split responsibility elsewhere. Meanwhile, attackers aren’t debating org charts. They’re exploiting the gap.
That fragmentation is exactly what Gartner highlights with its concept of cyberfraud fusion: the convergence of cybersecurity, identity, and online fraud prevention into unified defenses. In its Emerging Tech: The Future of Online Fraud Prevention Report, Gartner outlines a vision for how enterprises will combat fraud. By 2027, orchestration platforms will integrate data into a unified system; by 2029, more than half of vendors will offer consolidated technology stacks; and by 2031, financial institutions and online retailers will converge fraud prevention personnel under the CISO.
The vision is sound, but the timeline leaves a gap. Fraudsters don’t follow roadmaps, and six years is a long time to leave enterprises exposed. The problem is already costing enterprises millions today, which is why a more immediate path to fusion is needed.
The Millions Behind Modern Fraud
The findings in the survey show just how mainstream this enterprise threat already is. In our survey of more than 500 mid-to-senior finance and cybersecurity leaders at $1B+ U.S. enterprises:
- 83% of enterprises experienced at least one fraud attempt in the past year, and nearly one in six face attacks every week.
- 34% of incidents were tied to misalignment between finance and security teams, proof that attackers are exploiting silos, not just technical flaws.
- Nearly half of the direct-loss incidents cost $500,000 or more, with one in four topping $1 million.
These are not incidental losses. They represent a systemic, enterprise-scale risk that GenAI has only amplified. It makes attacks faster, more convincing, and harder to detect.
The bottom line: socially engineered fraud isn’t a rare nuisance. It is draining millions from enterprises right now and addressing it cannot wait.
The Cost of Waiting Six Years
Gartner’s roadmap projects that by 2031, many organizations will be consolidating online fraud prevention roles and responsibilities into cybersecurity teams. It’s a sound vision, but six years is a long time to wait while losses keep compounding.
Fraud has already evolved into a cybersecurity-grade problem. GenAI has industrialized the attacker’s toolkit, enabling persistent, multi-step campaigns that no single team or tool can counter alone. The cost of delay is not theoretical. It is quantifiable, immediate, and compounding. Global social engineering fraud losses are now expected to exceed $100 billion, making it clear that enterprises cannot afford to treat this as a future problem. For many enterprises, six more years at today’s pace of losses would mean billions in avoidable damage.
The Playbook: Exploiting Silos and Gaps
Gartner is right about where fraud grows strongest: in the seams between systems and teams. Our survey shows how those silos are already being exploited. Seventy percent of incidents touched multiple platforms (email, ERP, vendor portals, payments), and nearly 9 in 10 organizations reported at least one control failure during a major incident. These multi-system sequences are often designed to bypass single-system defenses and hide in handoffs, so an initial spoofed login can quickly morph into vendor impersonation and a fraudulent invoice that reaches the payment stage.
I’ve seen how this misalignment plays out in practice. Call it “fraud,” and finance takes ownership. Call it “social engineering,” and security does. Each side points to the other but when a payment fraud succeeds, it exploits both finance workflows, security controls, and the blind spot between them.
And the misalignment problem runs deeper than finance and security. The Ivanti State of Cybersecurity Trends Report 2025 found that 44% of organizations struggle to manage risk due to poor alignment between IT and security teams. Further, 40% report using mismatched tools, and 46% say IT lacks urgency around cybersecurity issues. Silos aren’t an exception. They’re the rule. And they’ve become the new attack surface.
An Alternate Path: Visibility Over Reorg
The good news is that organizations don’t need to wait for an org chart revolution to achieve “fusion.” The practical path forward lies in shared visibility across finance and security.
Instead of teams debating ownership, technology can correlate anomalies across payments, ERPs, email, and identity systems. This allows teams to respond in concert, even if they remain structurally separate. This is fusion in practice.
And visibility matters most where fraud strikes: the workflows of vendor onboarding, invoice approvals, and bank account changes. Without alignment across finance and security at these choke points, enterprises will keep suffering breakdowns, whether the fraud begins as a phishing email, a vendor compromise, or a manipulated ERP entry.
Why Fusion Must Start Now
Fraud is a crisis today, and while we applaud Gartner’s focus on this issue, enterprises cannot afford to treat it solely as a back-office issue for finance or a side channel to cybersecurity. It is an issue for both, and precisely why shared visibility is non-negotiable.
Attackers’ efforts are already fused, seamlessly blending social engineering, technical compromise, and financial deception. Defenders must meet them with the same unity of perspective, even if their organizational structure has not yet caught up. It can begin today with finance and security leaders agreeing on a shared path forward, which includes aligning on detection and response and treating fraud risk as a joint responsibility.
If there is one truth fraudsters rely on, it’s that enterprises will remain siloed longer than they can withstand and proving them wrong requires breaking those silos and fusing defenses now.
___
Author Bio:
Shai Gabay is a co-founder and the CEO of Trustmi, a leading end-to-end payment security platform founded in Israel in 2021. Prior to Trustmi, he was General Manager at Opera, VP of Product and Services at Cynet, CIO at Cyberbit and the CISO at Discount Bank. Shai holds a bachelor’s degree from Shenkar College in software engineering, and also a Master’s degree in Business Administration and Management from Tel Aviv University.
Join our LinkedIn group Information Security Community!
