Ponemon Report 2023

Explore illuminating insights from interviews with 659 finance executives featured in the 2023 Ponemon Institute Report. In a groundbreaking market survey conducted in March 2023, Creednz partnered with the renowned Ponemon Institute, helmed by Dr. Larry Ponemon, a former senior partner at PWC and founder of the firm's global compliance risk-management group.

This pioneering research marks a significant milestone, capturing responses from 659 finance executives representing 18 diverse industries across the United States. These executives hail from corporations with average annual revenues in the $400 million range and maintain supply chains averaging 2,800 suppliers.

Traditionally, industry statistics have relied upon aggregate data, such as the FBI Internet Crime Reports (The IC3), which reported a staggering $50 billion in losses from scams like Business Email Compromise between 2013 and 2022. However, these figures lacked granularity, leaving questions unanswered regarding the affected companies and the prevalence of such losses.

Our research revolutionizes this landscape by providing valuable insights for companies to recalibrate their risk focus. By shedding light on the accountability aspects of payment scams, we bridge the gap between finance and cybersecurity departments, revealing how these financial challenges squarely fall within the purview of corporate finance.

Vendor & Executive Impersonation

Impersonation tactics are used to deceive organizations into fraudulent payments or divulging sensitive information. Business Email Compromise (BEC) is a common tactic where they impersonatevendors or key personnel to manipulate financial processes.

Third-Party Compromise

Occurs when an organization’s vendor or
supplier is hacked, leading to the manipulation of billing details or bank accounts, potentially resulting in fraudulent transactions.

Account Takeover

Happens when an attacker gains unauthorized access to a corporate bank account belonging to a legitimate finance individual, often using stolen or compromised credentials, to make unauthorized transactions or divert funds.

Malicious Insider/
User Entitlement Fraud

Intentional actions by current or former
employees, contractors, or business partners, and instances of attackers gaining access to user accounts with higher privileges, often through compromised credentials, to manipulate payment transactions.

Sanctioned Entities

Payments made to sanctioned entities, resulting in potential legal repercussions, financial losses, and reputational damage.

Systems & Human Error

Although not fraud, these unintentional errors can cause identical financial losses.
This includes instances where someone inputs incorrect information or payment files become corrupted, leading to discrepancies or erroneous transactions.

Finacial Services
Services
Public Sector
Manufacturing
Retailing
Energy & Utilities

Hospitality
Communications
Pharmaceuticals
Transportation
Healthcare
Industrial

Defense
Education
Consumer Products
Tech
Entertainment
Agriculture

Tarnished Reputation

60%
report damage to organization’s
reputation

46%
report loss of shareholders’
confidence

Loss of Trust

51%
suffered a negative impact on
organization’s compliance with
regulations

38%

noticied a loss of confidence in
management’s ability to prevent
payment transaction fraud

Additional Cost

27%
of organizations terminated
employees responsible for
making payments

19%
of organizations had to pay
legal fines

Finance teams of larger organizations deal with numerous transactions across multiple bank accounts. Organizations represented in this research have average annual revenues of $446M, averaging 2,836 vendors on their supply chain with an average of 25,000 monthly payment volumes.

This complexity makes effective vendor management and payment security measures crucial. However, many surveyed financial teams lack trust in their existing risk mitigation practices and fail to take adequate action to guard against vulnerabilities despite being aware of the risks.

Master Vendor Alignment

Bank Account Validation

Effective Collabortion

Amidst the increasing sophistication of scams, finance teams are locked in a perpetual battle against the looming specter of financial loss due to fraudulent activities.

These threats materialize in various guises, whether through the cunning disguise of an external phishing attack masquerading as a colleague, a vendor's data breach, or even an internal compromise. To secure your organization's financial assets, steadfast vigilance, master vendor alignment, bank account validation, and effective collaboration become imperatives.

Our comprehensive toolkit is meticulously crafted to bolster and elevate financial controls across treasury, accounts payable, and accounts receivable functions. It equips your team with the precision to manage bank account access, enforce rigorous treasury policies, and systematically validate transactions, guaranteeing the highest levels of security and precision in financial operations. Safeguard your financial integrity with unwavering confidence.

Don’t wait for a breach – act now to secure your financial future and safeguard your organization’s assets.

Request a demo

Home > Report

Ponemon Insitute Report

Featured on:

Index

Summary

88%

$150k

659

Evaluating the Risk of Transaction Fraud