Each month, the team at Eftsure monitors the headlines for the latest accounts payable (AP) and security news. We bring you all the essential stories in our cyber brief so your team can stay secure.
Review: Phishing exposes enterprise blind spots amid growing AI and third-party risks
PYMNTS’ review of 2025’s biggest phishing scams finds that recent attacks succeeded less through technical exploits and more by abusing trust in identity, vendors and routine business workflows.
High-profile incidents show how attackers used credible context, stolen data and social engineering to bypass controls. The broader analysis of 2025 cyber trends adds that AI and third-party risk amplified these threats, enabling faster, more scalable attacks across supply chains. In other words, fragmented oversight leaves organizations exposed even when core systems prove to be secure.
Cyber insurance pricing expected to stay flat into mid-2026
Cyber insurance premiums are forecast to remain largely unchanged through mid-2026 as market conditions stabilize following years of volatility, according to Gallagher’s industry outlook.
This steadiness reflects continued competition among carriers despite persistent risks from ransomware, supply chain vulnerabilities and emerging AI threats. Insurers are refining policy language and focusing on risk management strategies to address evolving exposures such as deepfakes and social engineering. Some sectors, like healthcare, may still see slight price increases due to unique claims dynamics.
CFOs and CISOs clash over cybersecurity budget priorities
A new survey by security firm Expel reveals tension between CFOs and CISOs over cybersecurity spending as threats intensify. Finance leaders often seek measurable risk reduction to justify increases in security budgets, while security teams use best-practice and compliance metrics that may not resonate financially.
About 40% of CFOs said quantifying risk would make investment decisions easier.
Congress warns of AI cyber threats tied to major U.S. events
US lawmakers cautioned that a new wave of AI-driven cyber threats could intensify around high-profile events like the 2026 FIFA World Cup. Testimony highlighted that modern attacks are more automated, scalable and harder to attribute, with generative models aiding tailored phishing, synthetic identities and deepfake campaigns that could undermine traditional defenses. Financial institutions – especially those connected to critical infrastructure – face elevated risk.
The hearing stressed the need for incorporating cross-sector collaboration and AI governance into broader security strategies.
AI agent identity risks challenge enterprise security and governance
An analysis in BleepingComputer warns that autonomous AI agents introduce significant identity and security risks because they don’t fit traditional human or machine access models.
These agents can act independently across systems, often without clear ownership, visibility or lifecycle controls, increasing the likelihood of over-privileged access and credential misuse. Recent media attention on platforms like Moltbot has heightened awareness of autonomous agent behavior, but the larger concern for finance leaders lies in unmanaged agent identities creating systemic risk across sensitive business and payment environments.
