Banks Investing in Automated Cyber-Defenses to Fight Business Email Compromise, Survey Shows


The COVID-19 pandemic has intensified both the threat of fraud and the response to it, with corporate environments and banking in particular aligning on defensive automation, according to a new report.

Bottomline and Strategic Treasurer this week published the 2021 Treasury Fraud & Controls Survey, the duo’s sixth such annual survey. The survey gathered details about corporate and banking experiences, actions and plans regarding fraud.

The key takeaway: as the pandemic heightened the threat of fraud, organizations started to invest in automated cyber defenses.

Respondents increased spending on security significantly from 2019 to today, (2019: 17%; 2020: 19%; 2021: 22%). The reason ties in to another key finding, namely that 86% of bank respondents perceive Business Email Compromise (BEC) as their greatest risk over the next 1-2 years. The research also found that a fifth of fraud experiences had a COVID-19 connection (21%).

This finding is echoed in the most recent Bitdefender threat landscape report, where we note that four out of 10 COVID-themed emails are spam, likely motivated by fraud.

Bottomline and Strategic Treasurer researchers also found that smaller firms were hit hardest – 26% of small business fraud had a link to the virus, as opposed to only 17% for larger companies.

“Presumably, their potential payouts previously fell below the radar of criminals who now, with the development of greater automation and a backdrop of expanded vulnerabilities, have broadened their sights to include targets of all sizes,” the surveyors reason.

“Against a multi-year trend of increasing sophistication and automation of fraud, opportunistic criminals leveraged the pandemic-driven push to remote operations to strike in a blitz offensive,” the researchers say. “The rapid transition to a work from home (WFH) environment created exposure s that outpaced structural and procedural defenses, resulting in accelerated threats and fraud loss.”

In response to the threat, organizations are enhancing both human and technical aspects of defense, the survey found. For example, staff assignments in accountability for managing fraud have grown by 50% from just two years ago. On the technology side, businesses are increasing their use of backend functions like fraud interdiction and optimizing the use of digital tools to improve customer experience and close any gaps that attackers might exploit.

“Ultimately, we are seeing digital warfare escalation, in which firms are meeting the criminal use of automation with their own defensive tools and controls,” says Craig Jeffery, managing partner of Strategic Treasurer.