Many businesses haven’t yet realized the importance of protecting their business payment workflow from fraud and errors. In theory, financial professionals understand that business payment fraud is a threat to their business, but few look to mitigate those risks right now in a proactive way. Unfortunately, finance teams can’t afford to push off addressing this issue. Large enterprise businesses are particularly vulnerable, and there are many compelling reasons to find a solution to secure their business payments sooner rather than later.
According to the 2023 AFP Payments Fraud and Control Survey Report underwritten by J.P. Morgan, 84% of businesses with annual revenue of at least $1 billion and with more than 100 payment accounts noted they were victims of attempted or actual business payments fraud in 2022. When looking at respondents from companies with at least $1 billion in annual revenue with any number of payment accounts, over three-fourths (78%) said they were hit with attempted or actual payments fraud. And looking at a broader swath of companies surveyed, the total average in the report for attempted or actual fraud was 65%. While the report mentions this total average is lower than in recent years, it is still almost two-thirds of all businesses surveyed.
These numbers show that large businesses making many payments to many vendors have a high risk of getting hit with business payment fraud. This makes sense: the more vendors and payments there are in a company’s process, the more opportunities there are for bad actors to attack the payment process and steal funds. Also, the size of vendor payments at an enterprise company can be substantial, so there’s a lot of money at stake compared with smaller businesses. It isn’t uncommon for a multibillion-dollar company to pay millions of dollars to just one of their vendors (or even several). If a threat actor impersonating a vendor is able to divert even just a fraction of those funds away from the real vendor, the payout would still be sizable. In other words, the bigger the business, the bigger the threat of business payment fraud and the bigger the losses. For enterprise businesses, the number of actual fraud and fraud attempts isn’t going to diminish any time soon.
Recently, we conducted our own survey to look at business payment fraud specifically during the end-of-year holidays. In our 2023 Trustmi Business Payments Holiday Report, we found that the threat of fraud on B2B payments is greater this time of year, with 75% of respondents saying they are more concerned about business payment fraud during the holiday season compared to other times. And almost two thirds of the respondents asserted that they have experienced a B2B payments fraud incident during the holidays in the past. Already we know that large businesses are prime targets for fraudsters, and now we see that the end of the year becomes an even more precarious time. How many more holiday seasons can businesses get through without getting hit by B2B payment fraud if these risks continue to grow?
New corporate rules and regulations impacting public companies have big implications for why businesses need to ensure full protection for their B2B payments today. On July 26 of this year, the Securities and Exchange Commission (SEC) released its final rule on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure which applies to all organizations reporting under the Exchange Act of 1934. The aim of the rule is to improve and standardize the way public companies disclose cybersecurity information. These changes require companies to promptly report "material cybersecurity incidents” and provide annual disclosures regarding how they manage cybersecurity risks, their strategy, and governance.
Why does this matter? With this new rule, a cyberattack that impacts the business payment process causing financial losses must be disclosed—there's no way around it. This type of breach absolutely falls under the definition of a “material cybersecurity incident” as outlined in this new rule. In other words, this type of attack and the accompanying losses would be considered information that an investor or potential investor would have a right to know and needs to know. When it comes to a process like business payments that is so vulnerable to cyberattacks, organizations will no longer be able to keep any incidents private and handle them internally. Finance and business leaders will certainly not want to be in a position where they need to publicly own up to errors and fraud resulting in losses for their investors. The new rule is set to take effect very soon in mid-December, which means businesses need to figure out now how they plan to better protect their business payments so that they can have one less cybersecurity risk to worry about disclosing to their investors.
Working with a solution like Trustmi can help enterprise companies eliminate losses from cyberattacks and errors that affect their business payments. And we can get you started today. We know that getting up and running quickly is essential when the risks are rife with many dollars at stake. Learn how you can get started with Trustmi within one week so you can rest assured your business payments are secured going into 2024.