Each month, the team at Eftsure monitors the headlines for the latest accounts payable (AP) and security news. We bring you all the essential stories in our cyber brief so your team can stay secure.
Review: Phishing exposes enterprise blind spots amid growing AI and third-party risks
PYMNTS’ review of 2025’s biggest phishing scams finds that recent attacks succeeded less through technical exploits and more by abusing trust in identity, vendors and routine business workflows.
High-profile incidents show how attackers used credible context, stolen data and social engineering to bypass controls. The broader analysis of 2025 cyber trends adds that AI and third-party risk amplified these threats, enabling faster, more scalable attacks across supply chains. In other words, fragmented oversight leaves organisations exposed even when core systems prove to be secure.
Cyber insurance pricing expected to stay flat into mid-2026
Cyber insurance premiums are forecast to remain largely unchanged through mid-2026 as market conditions stabilise following years of volatility, according to Gallagher’s industry outlook.
This steadiness reflects continued competition among carriers despite persistent risks from ransomware, supply chain vulnerabilities and emerging AI threats. Insurers are refining policy language and focusing on risk management strategies to address evolving exposures such as deepfakes and social engineering. Some sectors, like healthcare, may still see slight price increases due to unique claims dynamics.
CFOs and CISOs clash over cybersecurity budget priorities
A new survey by security firm Expel reveals tension between CFOs and CISOs over cybersecurity spending as threats intensify. Finance leaders often seek measurable risk reduction to justify increases in security budgets, while security teams use best-practice and compliance metrics that may not resonate financially.
About 40% of CFOs said quantifying risk would make investment decisions easier.
Scammers built fake AFP office in Cambodian scam centre
Scammers operating from a Cambodian compound staged a convincing fake Australian Federal Police office to deceive victims, showcasing how organised fraud syndicates mimic legitimate state authorities.
Thai troops discovered the mock AFP set, complete with logos and flags, while inspecting the abandoned six-storey scam hub in O’Smach. Investigators found evidence of extensive operations targeting people worldwide, with trafficked workers forced to run scams. Police impersonators also targeted victims in countries like China, India, Thailand, Japan, Malaysia, Singapore and Brazil.
AI agent identity risks challenge enterprise security and governance
An analysis in BleepingComputer warns that autonomous AI agents introduce significant identity and security risks because they don’t fit traditional human or machine access models.
These agents can act independently across systems, often without clear ownership, visibility or lifecycle controls, increasing the likelihood of over-privileged access and credential misuse. Recent media attention on platforms like Moltbot has heightened awareness of autonomous agent behaviour, but the larger concern for finance leaders lies in unmanaged agent identities creating systemic risk across sensitive business and payment environments.
