Firm fined $2.5m over cyber failures
An investment firm has been fined $2.5 million after a cyber attack exposed sensitive customer data, following action by the corporate regulator.
The case highlights how regulators are increasingly treating cybersecurity as a governance and risk management responsibilities, reinforcing the idea that cyber threats form a growing cornerstone of an organisation’s overall risk profile – especially since failures in cyber governance can result in regulatory penalties as well as operational and reputational damage.
Government weighs cyber insurance support for smaller organisations
The federal government is examining cyber insurance accessibility as part of its ongoing national cyber strategy.
Home Affairs says many small businesses and not-for-profits struggle to access coverage due to cost or strict security requirements. While policymakers are considering ways to improve availability, officials note the cyber insurance market is still evolving and warn that any intervention should be be carefully designed to avoid distorting pricing or competition.
Fraud prevention becomes a core finance strategy
Finance leaders are increasingly treating fraud prevention as a financial performance issue, not just a compliance task. New research highlighted by PYMNTS shows many CFOs now view fraud controls as part of cash flow and margin protection strategies. As B2B payment volumes grow, even small fraud losses can accumulate quickly across large transaction volumes. The shift reflects rising scam activity and the need for stronger verification controls around vendors, payments and supplier banking changes.
AI deepfakes continue to heighten risks for finance teams
Experts are again sounding the alarm that deepfake audio and video could significantly increase business email compromise and executive impersonation scams in 2026.
These attacks may mimic the voice or appearance of senior leaders requesting urgent payments or confidential data. For finance teams, this raises the importance of verification controls that don’t rely solely on any one factor when approving high value transactions.
“Scam states” draw drug trade comparisons as geopolitical pressures mount
Governments and analysts are warning that industrial-scale scam compounds across Southeast Asia are becoming deeply entrenched criminal hubs, similar to how black-market drug trades have become embedded in local economies elsewhere.
Cambodia says it plans to shut down remaining online scam centres by April after targeting hundreds of suspected sites since 2025. However, experts caution that many operations simply relocate across the region, particularly between Cambodia, Myanmar and Laos. Some analysts now describe parts of the region as emerging “scam states,” where organised networks run large-scale fraud operations targeting victims worldwide.
Meta has removed more than 150,000 accounts linked to organised scam networks operating from SEA compounds.
The takedown followed a multinational investigation involving authorities from the US, UK, Australia and several Asian countries. Many accounts were tied to fraud operations in Cambodia, Myanmar and Laos running romance scams, investment fraud and impersonation schemes targeting victims worldwide.
New report: BEC ranks among top cyber incidents in 2025
Business email compromise (BEC) remains a major financial cyber risk according to industry research. In its 2026 DFIR Threat Report, CyberCX found BEC was the second most common incident type its responders handled in 2025, showing how attackers continue to exploit trusted payment and vendor relationships.
Cyber extortion ranked next. Drawing on frontline investigations, the report outlines the dominance of financially motivated cybercrime and the growing focus on payment processes and sensitive financial data as prime targets for attackers.
