New threats are outpacing traditional controls
Eftsure’s annual Cybersecurity Guide for CFOs is now available and it’s our most in-depth (and global) edition yet.
The ninth edition of the Guide, Beyond Borders, Beyond Control, examines fraud risk as a borderless, multi-dimensional — and multi-national — challenge. It unpacks how today’s cybercriminals are running professionalized scam operations, exploiting emerging technologies, and targeting finance functions through increasingly sophisticated methods.
But there are ways for leaders to take control. We'll also look at practical steps for focusing on what matters: understanding where their cross-border controls are vulnerable and taking the lead on fraud mitigation strategies.
Let’s take a look at some of the key threats CFOs are up against and why the guide is essential reading for 2026.
International cybercrime is a (booming) business model
Scams aren’t just opportunistic one-offs. In 2026, many are run by criminal organizations with the structure and resources of major enterprises, complete with HR departments, AI specialists, and financial operations.
These scams often start with data theft or social engineering and can end in multimillion-dollar fraud. Business email compromise (BEC) continues to dominate losses globally, aided by generative AI and dark web data. The rise of voice cloning and deepfake videos means a scammer can now impersonate your CEO, call your AP team, and request an urgent payment.
International operations, international risk
Cross-border payments, vendor networks, and patchy compliance frameworks heighten these vulnerabilities. It’s harder to verify international counterparties, and even harder to detect red flags, in a multilingual, fast-moving, fragmented environment.
In this year’s guide, you’ll find real examples of fraud targeting finance teams across the US, UK, Australia, and Southeast Asia, including large-scale scams where both vendors and buyers were compromised simultaneously.
The message is clear: borders don’t protect you. Controls need to account for fraudsters who operate globally, at scale, and with alarming precision.
Scam economies are highly evolved
The guide lifts the curtain on the industrialized nature of today’s scam operations and the compounds in which dirty work happens. These are large-scale criminal hubs, often operating with impunity or tacit endorsement from local officials and even using trafficked victims for human labor.
Combined with AI tools like business invoice swappers or LLM-assisted phishing kits, even low-level threat actors can deploy high-impact attacks. Many don’t need a high success rate: just one fraudulent payment can net six or seven figures.
The compliance burden is shifting
From SEC rules on cyber incident disclosure to new UK reimbursement obligations, finance leaders are increasingly accountable for fraud-related failures, even if the attack originated elsewhere. As data privacy and security laws evolve, so does the pressure on finance teams to demonstrate not just controls, but control over their controls.
The 2026 edition of the Cybersecurity Guide for CFOs includes key compliance trends and outlines how overlapping responsibilities between finance and IT can create blind spots.
Get the full guide: strategies, frameworks, and red team tactics
This year’s guide doesn’t just map the risk, it shows CFOs how to respond. From AI threat assessment to finance-led pressure-testing, the full document includes actionable tools and scenarios to strengthen your fraud defenses.
Download the full guide to learn how to:
- Identify vulnerabilities across payment processes
- Apply red teaming and adversarial thinking to finance
- Protect against scam tactics using real-world pressure tests
- Align your fraud strategy with cyber compliance obligations
Access the full Cybersecurity Guide to start pressure-testing your controls.
