Fraud isn’t just knocking on the door anymore—it’s barging right in. According to Trustmi’s newly released 2025 Socially Engineered Fraud & Risk Report, a staggering 83.6% of enterprises endured at least one fraud attempt in the past year, and many paid dearly for it. Nearly half of those who reported losses saw a single incident cost more than $500,000, while one in four said the damage exceeded $1 million.

The report, based on a survey of 525 finance and cybersecurity leaders from enterprises with $1 billion or more in revenue, paints a stark picture: social engineering fraud is no longer a rare event but an operational constant. In fact, nearly one in six enterprises now faces attempted fraud weekly.

AI Supercharges Fraud, Enterprises Struggle to Keep Pace

Trustmi CEO and Co-Founder Shai Gabay didn’t mince words: “GenAI has weaponized fraud into a coordinated business attack.” These aren’t just phishing emails from the shadows—they’re multi-step campaigns exploiting both technological loopholes and organizational blind spots.

Attackers are getting smarter, blending into workflows, hopping across systems, and playing finance teams against security teams. And enterprises? Too many still operate in silos.

• 34.4% of surveyed leaders admitted that gaps between finance and security contributed to a recent fraud or near miss.
• Only 27% said fraud prevention is jointly owned by both teams, leaving the majority stuck in a blame game about who’s really in charge.

When Controls Fail, the Bill Comes Due

The report also highlights that fraudsters are routinely blowing past the very safeguards designed to stop them. In 88% of major fraud cases, at least one critical control failed—and often, several did.

The weakest links:

• Email and messaging security (44.6% failure rate)
• Employee security awareness training (32.2%)
• Third-party vendor compromises (31.6%)
• Detection and escalation processes (27.85%)
• Bank account validation tools (26.5%)

And let’s not forget the human factor: 46% of incidents came down to plain old human error. Fraudsters know that while systems may be hardened, people are still persuadable.

Why This Matters

The Trustmi report lands at a time when enterprises are already grappling with rising cyber insurance costs, tighter regulatory expectations, and a flood of GenAI-driven attacks. Rivals like Abnormal Security and Proofpoint have flagged similar trends: the battleground is no longer purely technical—it’s organizational.

For big enterprises, the price of complacency is no longer theoretical. Fraud is evolving into a chronic operating expense, and silos between finance and security are making the check much larger than it needs to be.

The Way Forward

Trustmi’s prescription boils down to four priorities:

1. Unify ownership of fraud prevention between finance and security.
2. Deploy cross-platform detection instead of isolated tools.
3. Build defenses resilient to GenAI-enhanced fraud.
4. Track total fraud impact—including compliance, operational disruption, and reputational harm—not just direct losses.

The takeaway? Enterprises can no longer afford to treat fraud as someone else’s problem or a once-a-year fire drill. It’s weekly, it’s adaptive, and it’s expensive. The silos have to fall—or the losses will keep climbing.