Cybersecurity’s New Business Case: Fraud

Attention all government CISOs (and yes, CTOs, CIOs, CFOs, COOs and even a few corporate CEOs can listen in): It’s time to adjust our cyber lingo — again.

Specifically, start talking (more) about financial fraud, AI-generated scams, citizen trust, due diligence, (your government’s) reputation, protecting identities, cyber crime, data integrity and AI-solutions to all of the above.

Stop talking as much about hacking, zero-day exploits, critical network vulnerabilities, next-generation firewalls and other technical security jargon. (OK, a little talk with internal SOC staff may be an exception.)      

But why?

Across the country, numerous state and local government security leaders are facing budget cuts, staffing shortages, hiring freezes, fewer grants and oftentimes an inability to make a compelling case for new (or ongoing) cybersecurity investments that are needed now.

As many state and local governments struggle with budget shortfalls and staffing challenges, the bad actors are ramping up online fraud schemes that take advantage of identity management flaws in government systems, stolen credentials, a lack of technology systems oversight, network vulnerabilities, phishing campaigns and other weaknesses that traditionally are under the auspices of cybersecurity (or cyber defense) teams.

THE AI-GENERATED FRAUD PROBLEM

Meanwhile national headlines, local news stories and even holiday dinner conversations highlight the urgent problems emerging related to online financial fraud ranging from social engineering attacks against individuals to sophisticated money scams hitting seniors to state and local government services fraud schemes.

According to GAO.gov, there was over $300 billion in fraudulent payments within pandemic-relief programs: “We estimated fraud for unemployment insurance programs between $100-135 billion from April 2020 through May 2023. The Small Business Administration’s (SBA) Office of Inspector General reported about $200 billion in potentially fraudulent pandemic-relief loans under the Paycheck Protection Program and the COVID-19 Economic Injury Disaster Loan program.”

At the same time, recently released Federal Trade Commission data show that consumers reported losing more than $12.5 billion to fraud in 2024, which represents a 25 percent increase over the prior year.

In response, the Trump administration has announced a new Department of Justice Division for National Fraud Enforcement.

But fraud is not a right-left issue; both Democrats and Republicans want to fight fraud. For example, Democratic California Rep. Ro Khanna is calling for more work on fraud prevention in government programs.

MORE ON AI-ENABLED FRAUD

And yes, AI is making these problems worse, as articulated in 2026 security predictions from top global vendors. For example, this report from Cybersecurity Ventures and CyberCrime Magazine highlights:

• “Cybersecurity Ventures predicts that the world will spend $522 billion on cybersecurity products and services in 2026.”
• “Cybersecurity Ventures predicts that cybercrime will cost the world $10.5 trillion annually by 2025, up from $3 trillion in 2015.”
• “The U.S. spends more than $25 billion on cybersecurity every year, more than any other nation.”

As AI-enabled cyber attacks crossed a major tipping point in 2025, vital questions have emerged in 2026 for CxOs regarding how prepared organizations are to defend critical data, systems, networks and more.

A few more examples:

• Morgan Stanley has this section on their website on Cybersecurity and Fraud Awareness: “At Morgan Stanley, we have controls and processes in place that offer fraud protection to our clients and our infrastructure. The following resources are intended to help users enhance those processes to further protect themselves from cyber threats. …”
• The University of Tulsa offers this material on online fraud.
• The FDIC offers this consumer resource center material on cyber fraud.
• The World Economic Forum shared this video from Davos, which identified that 77 percent of global leadership respondents saw an increase in cyber-enabled fraud in the past year.

First and foremost, as I have written many times before: “Get on boats leaving the dock.” In the current context, this means get your cyber team involved with efforts to find and eliminate fraud in government programs.

You can read details on this strategy and other tips on getting management buy-in on cyber projects in this blog.

Second, work with your government auditors on these fraud-fighting efforts, when possible.

Third, in support of the first two items, examine report details from this Microsoft Digital Defense Report for 2025, which has sections on fraud, scams and other relevant topics, along with an extensive look on identity management, which is the source of many issues.

Fourth, and more specifically, I like several of the SecureWorld Expo recommendations listed in this piece. Here are three:

“CISOs must implement controls that assume the trust layer is compromised. This means prioritizing controls that fight identity fraud:

• “Payment verification: Mandate out-of-band verification (e.g., a voice or video call on a separate, verified line) for all large financial transactions, no matter the internal source.
• “Identity analytics: Deploy User and Entity Behavior Analytics (UEBA) to flag anomalous activity. The person who always uses Slack for approvals and suddenly switches to email for a $500,000 transfer should be immediately flagged.
• “Endpoint integrity: Ensure your Mobile Threat Defense (MTD) strategy protects against credential harvesting and session hijacking that facilitate identity takeover.”

And last (for now): Re-examine who you are talking to in government about these issues. Beyond auditors and others mentioned, ensure that AI solutions are addressing these real business needs. What AI and cyber solutions are you deploying in your government to stop online fraud and save millions?

FINAL THOUGHTS

Some of you are no doubt wondering, why now? Is this the right time? Beyond the “take lemons and make lemonade” argument, there is another reason I wrote this blog at the end of January 2026.

I just got off the phone with another government CISO who is struggling with major resource issues. This is the fourth public-sector CISO I’ve heard from already this month who feels paralyzed with the same struggles. These pros are struggling to get executive attention, resources and action.

One more thing: I am trying my best to stay out of any political aspects related to the national fraud stories. I know both Democrats and Republicans want to fight financial fraud and ensure that our government systems work in the best, most efficient way possible.

But it is clear to me that security leaders need to be leading solutions to the AI-generated fraud narrative, and waiting is not a viable option.

No doubt, there are aspects of financial fraud that are outside the domain of CISOs and security leaders, such as prosecuting criminals by law enforcement.

But make sure you are part of the effort to fight online financial fraud in your government. Your team will be glad you did.