CYBERSECURITY & FRAUD RISK REPORT 2025

Is Your Organization Prepared for the Next Cyberattack?

Prepared By

Leonidas Hadjimitsis
BSc, MBA (Hons), CISSP, CISM, CISA, CEH, CCNP, ISO 27001 Lead Implementer, PRINCE2

Former Chief Information Security Officer (CISO)

A strategic leader with 25+ years of expertise in information security, risk management, audit, and
business resilience across global corporations and systemic banks.

March 11, 2025

Resilience isn’t just weathering the storm—it’s emerging stronger from it.
Prepare. Adapt. Thrive.
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

Table of Contents
FOREWORD ...................................................................................................................................................................... 2
1. Executive Summary ................................................................................................................................................. 3
2. Are Cyber Attacks Black Swans? .............................................................................................................................. 4
3. Cyber Risk Severity Overview .................................................................................................................................. 6
4. Real Cyberattacks by Sector (2020-2025) ................................................................................................................. 8
5. Implications of Cyber Risk ....................................................................................................................................... 9
6. Cyber Fraud & Cybersecurity: Eliminating Silos for Resilient Defense .....................................................................10
7. Cyber Risk Treatment Approach – A High-Level Mitigation Plan .............................................................................12
7.1 The Four-Step Cyber Risk Treatment Model ................................................................................................12
7.2 The Journey to Residual Risk – Justifying Post-Mitigation Evaluation...........................................................13
8. Risk Owner, Governance & Reporting Structure .....................................................................................................14
9. Cybersecurity & Fraud Workforce: Skills, Challenges, and Industry Demand...........................................................16
10. Navigating High-Stakes Conversations: Cyber Risk and Fraud ...........................................................................18
11. AI & Cybersecurity: Emerging Threats and Defense Strategies ..........................................................................19
11.1 Questions for Business Leaders to Consider: AI Security & Risk Management........................................20
12. Technical Cybersecurity Guidance: Defense-in-Depth Approach .......................................................................22
12.1 Immediate Controls to Reduce Exposure .....................................................................................................22
12.2 Long-Term Risk Reduction & Cyber Resilience .............................................................................................25
12.3 Business Continuity & Disaster Recovery (BC/DR) .......................................................................................26
12.4 Future-Proofing Cybersecurity Investments .................................................................................................27
13. Regulatory Compliance & Global Cybersecurity Standards ...............................................................................28

14. Cyber Risk Preparedness Checklist for Board Members ..............................................................................30

15. Protecting Your Digital Assets – A Guide for Individuals ...................................................................................32
16. Glossary of Terms .............................................................................................................................................34
17. Acronyms .........................................................................................................................................................38
18. References .......................................................................................................................................................40

Disclaimer
This report is for informational purposes only and does not constitute legal, regulatory, or technical advice. It integrates insights from
multiple authoritative sources, including The Cyprus Economy and Competitiveness Council, WEF Global Risks Report 2024, WEF
Cybersecurity Outlook 2025, WEF AI & Cybersecurity Report 2025. IBM Cost of a Data Breach Report 2024, ENISA Threat Landscape 2024,
and various regulatory frameworks (EBA, DORA, NIS2, GDPR, ISO 27001, PSD3).

Organizations must conduct their own risk assessments based on their specific operational, technological, and regulatory contexts. While
every effort has been made to ensure accuracy, cyber threats evolve rapidly, and regulatory landscapes continue to shift. As such, neither
the author nor the publisher assumes liability for any decisions, actions, or consequences resulting from the use of this report.

Before implementing security measures, or making strategic decisions related to cyber risk, businesses should:

 Consult internal and external cybersecurity teams, risk management experts, and regulatory advisors.
 Stay informed on emerging cyber threats, evolving fraud tactics, and updated compliance requirements.
 Continuously evaluate security and fraud controls, response capabilities, and industry best practices.

This report contains forward-looking statements about cybersecurity trends. These statements are subject to risks and uncertainties, and
actual outcomes may differ materially from projections.

Page 1 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

FOREWORD
Prepare for risks.

Businesses don't thrive simply on luck.

Why should you care?
Cyber threats aren’t just evolving—they’re accelerating. The question isn’t if an attack will happen—
it’s when. The rise of AI-driven cybercrime, deepfake fraud, ransomware-as-a-service (RaaS), and
financial fraud has transformed cybersecurity from an IT issue into a boardroom priority.

Organizations that fail to address these threats won’t just suffer financial and operational losses—
they will lose trust, credibility, and resilience in an increasingly hostile digital world.

What you’ll gain from this report:

 Strategic guidance on navigating today’s complex cyber and fraud risk landscape.
 A structured Cyber Risk Preparedness Checklist for Board Members.
 A practical roadmap to assess and strengthen your cybersecurity and fraud resilience.
 Cyber resilience strategies aligned with ECB, DORA, NIS2, PSD3, GDPR, and more.
 Navigating challenging discussions on cybersecurity and fraud.
 Technical Defense-in-Depth & Resilience Strategies.
 Real-World Case Studies & Best Practices—learn from past attacks and apply proven frameworks.

Who should read this?

 Board Members, CEOs, CFOs, CROs – Overseeing strategic cyber risk and business resilience.
 CISOs, CTOs, CIOs, COOs – Implementing cybersecurity & fraud strategies.
 Risk & Compliance Officers – Managing DORA, NIS2, PSD3, GDPR compliance and fraud risk.
 Security & IT Decision-Makers – Strengthening enterprise security with cutting-edge insights.
 Financial Institutions & Systemic Banks – Integrating fraud and cyber risk management.
 Cybersecurity Consultants & Policy Makers – Stay ahead of evolving global cybersecurity
regulations.

About the Author

With 25+ years of expertise in business, technology, information security, fraud prevention, and risk
management, I have led cyber defense strategies in global corporations and systemic banks, including
16 years as Chief Information Security & Fraud Officer. My experience spans finance, regulatory
compliance, academia, and entrepreneurship, providing a unique ability to bridge cybersecurity, fraud
risk, and enterprise governance.

This report is not just an analysis of risks—it is a strategic playbook for decision-makers, security
leaders, and industry professionals.

My goal is simple: to add real value in the fight against cybercrime.

Is Your Organization Prepared for the Next Cyberattack?

Let’s find out!

Page 2 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

1. Executive Summary
Cybersecurity threats have reached a critical level, with cyberattacks on vital infrastructure posing an
imminent and severe risk to national and financial stability. A recent report by The Cyprus Economy
and Competitiveness Council identifies cyberattacks on critical infrastructure as one of the top three
high-severity risks facing Cyprus, with an 85% probability of occurrence and an 83% severity impact
within the next 0-2 years.

These findings align with global risk assessments:

 WEF Global Risks Report 2024 ranks cyber insecurity as one of the top immediate risks,
emphasizing that geopolitical tensions, AI-powered cyber threats, and critical infrastructure
attacks are driving systemic cyber risk.
 WEF Cybersecurity Outlook 2025 warns that AI-enhanced cyberattacks, ransomware-as-a-
service (RaaS), and supply chain vulnerabilities are escalating risk exposure for financial
institutions.
 IBM Cost of a Data Breach Report 2024 reveals that the average cost of a cyber breach has
surged to $4.88 million, with malicious insider attacks averaging USD 4.99 million.
 ENISA Threat Landscape: Finance Sector (2024) confirms that European financial institutions
experienced 488 major cyber incidents in the 18 months leading up to 2024, with ransomware,
phishing, and third-party risks as dominant attack vectors, and highlighting DDoS attacks as
the most frequently reported cyber threat in Europe.

A Wake-Up Call – Cyber Risk is a Business Survival Issue

These numbers are not just statistics—they are a direct warning. Most businesses assume cyber
threats happen to others—until it’s too late. Would you ignore an 85% chance of a heart attack or
stroke in the next two years, hoping for the best? Or would you take immediate action to protect your
future? The same applies to cyber risk: organizations that fail to act now risk financial paralysis,
reputational collapse, and operational failure. Would you invest in the future of such an organization?

Immediate Actions Required – Strengthening Cyber Resilience

To mitigate this high-probability, high-impact cyber risk, organizations must implement a Defense-
in-Depth strategy, focusing on:

 Zero Trust Architecture (ZTA) – Continuous identity verification and strict access controls.
 AI-Powered Threat Detection (SIEM, SOAR, XDR) – Proactive monitoring, real-time attack
detection, and automated response.
 Ransomware Resilience & Data Protection – Immutable backups, encryption, and advanced
Data Loss Prevention (DLP).
 Third-Party & Supply Chain Risk Management – Enhanced vendor security vetting and
contract-based security clauses.
 Regulatory Compliance & Cyber Insurance – Ensuring alignment with ECB, EBA, DORA, NIS2,
ISO 27001, and mitigating financial risk through cyber insurance.
 Continuous Security Awareness & Red Teaming – Employee training, simulated attack testing,
risk analytics.
Cyber risk is not a future concern—it is a present crisis.
Cyber resilience starts with decisive action.
Page 3 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

2. Are Cyber Attacks Black Swans?

Cyber threats are evolving at an unprecedented pace, but are they truly unpredictable? Do
cyberattacks qualify as Black Swan events, or are they more often Grey Swans—known risks that
escalate beyond expectations?

Understanding Black Swan Events

A Black Swan Event, as defined by Nassim Nicholas Taleb, is a highly improbable, high-impact
occurrence that is only rationalized in hindsight. It meets three criteria:

 Unpredictability – The event is a surprise, deemed highly improbable based on available risk
assessments.
 Extreme Impact – It causes catastrophic, widespread consequences across industries and
nations.
 Hindsight Bias – After the event occurs, experts attempt to rationalize it as if it could have
been foreseen, despite failing to predict it initially.

Most Cyber Attacks are NOT Black Swans

Cyber risks are generally known and preventable with strong security measures. However, certain
cyberattacks defy conventional risk models, triggering cascading failures across economies, industries,
and national security frameworks.

Distinguishing Black Swan from Grey Swan Cyber Risks

 Black Swan = A completely unforeseen event with catastrophic consequences.

 Example: A breakthrough in quantum computing instantly rendering all

encryption obsolete, exposing global financial and government systems.

 Grey Swan = A known risk, but its scale, speed, or impact was severely
underestimated.

 Example: A supply chain attack where vulnerabilities were recognized, but the systemic
disruption exceeded all expectations.

Was NotPetya (2017) a True Black Swan?

Initially targeting Ukraine, NotPetya spiraled into a global cyber crisis, crippling multinational
corporations like Maersk and Merck and causing $10 billion in damages. However, NotPetya was not
a true Black Swan, but rather a Grey Swan—its scale and impact were underestimated, but the
fundamental risk was already known.

Cyber Warfare & Ransomware Risks Were Known (Not Unpredictable)

 Ransomware and nation-state cyberattacks were already recognized risks before NotPetya.
 The 2016 Ukraine power grid cyberattack and 2017 WannaCry had already shown how
malware could spread globally.
 Security experts had warned about cyber warfare and critical infrastructure vulnerabilities.

Its Impact Was Devastating—But Not Entirely Unforeseen

 NotPetya masqueraded as ransomware but was actually a wiper malware, crippling

operations globally.

Page 4 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

 Multinational companies suffered billions in losses, but the risk of supply chain cyberattacks
had been discussed before.
 Poor patch management and outdated systems allowed NotPetya to spread, despite industry
warnings.

Hindsight Bias Applies—But Warnings Existed

 After the attack, experts pointed to known vulnerabilities (like EternalBlue, which NotPetya
exploited—the same exploit as WannaCry).
 The possibility of such an attack was discussed before it happened, but its severity was
underestimated.

NotPetya was a Grey Swan. While its full impact was unanticipated, the risk itself was foreseeable.

A Potential Black Swan Cybersecurity Event

Quantum Computing Instantly Breaks Encryption

Scenario: A nation-state or cybercriminal group suddenly achieves quantum supremacy,

rendering all encryption obsolete overnight.

Impact:

 Instant decryption of global financial transactions, classified data, and corporate IP.
 Mass-scale fraud as banking and payment systems lose encryption-based security.
 Total collapse of digital trust, forcing businesses and governments to scramble for post-
quantum cryptography in real time. (see NIST Post-Quantum Cryptography (PQC) standards)

Why a Black Swan?

 Unpredictability: Experts anticipated a gradual transition to quantum-safe cryptography, not

an overnight collapse.
 Hindsight Bias: Quantum risk was widely discussed, but its timeline was underestimated,
leaving global systems exposed.

Cyber Resilience Against Unpredictable Threats

Since Black Swan and Grey Swan cyber risks cannot be fully predicted or eliminated, organizations
must prioritize resilience over reaction:

 Scenario-Based Stress Testing – Simulating extreme cyberattack scenarios to test crisis

response, compliance, and financial resilience.
 Adaptive AI Threat Intelligence – Deploying self-learning cybersecurity systems that can
identify unknown threats and adjust defenses in real time.
 Redundancy & Multi-Layered Failover – Ensuring financial institutions and critical
infrastructure maintain operations even in worst-case cyber incidents.

The greatest cybersecurity risks are not just the ones we anticipate—but the ones we fail to imagine.
While most cyber incidents are predictable, organizations must prepare for both Grey Swans and the
rare but catastrophic Black Swan events—ensuring resilience against seemingly improbable threats,
such as quantum-driven encryption failures or autonomous AI-driven cyber warfare.

Being unprepared is NOT an option. By failing to invest in cyber resilience

today you risk becoming the next case study in tomorrow’s unforeseen crisis.

Page 5 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

3. Cyber Risk Severity Overview

Cyberattacks on critical infrastructure and financial institutions are now among the top three high-
severity risks facing Cyprus. This aligns with global cybersecurity risk assessments, including the WEF
Global Risks Report 2024, which ranks cyber insecurity as a top global threat, reinforcing the need for
immediate risk mitigation.

Note: The WEF Global Risks Report 2024 ranks cyber insecurity as the 4th highest global risk over the
next two years, based on expert perception surveys of systemic risks across industries.

Probability of Occurrence: Very High – Urgent Mitigation Required

Cyber threats are no longer hypothetical. Multiple authoritative sources confirm that cyberattacks are
almost certain to occur:

 The Cyprus Economy and Competitiveness Council (ΣΟΑΚ, 2025) identifies cyberattacks on
critical infrastructure as one of the most severe and urgent risks, with an 85% probability of
occurrence within the next two years.
 The WEF Global Risks Report 2024 ranks cyber insecurity as one of the most severe risks over
the next two years, confirming that financial institutions and critical infrastructure face
immediate cyber threats.
 The ENISA Threat Landscape 2024 reports 488 cyber incidents targeting financial institutions
across Europe in just 18 months, confirming a high likelihood of recurring attacks.

Severity Impact: Very High – Financial, Operational & Reputational Damage

Cyber incidents carry severe financial, operational, and reputational risks. The latest global reports
confirm the escalating impact of cybercrime:

 IBM Cost of a Data Breach Report 2024 reveals that the average cost of a cyber breach has
surged to $4.88 million. Ransomware and data theft result in severe financial and reputational
damage, with an average of 292 days needed to identify and contain breaches involving stolen
credentials. (Note: IBM’s 2024 study notes that 63% of breached organizations surveyed plan
to offset cyber incident costs through price increases or service adjustments.)
 WEF Cybersecurity Outlook 2025 warns that AI-driven threats, deepfake fraud, and supply
chain compromises could:
o Cripple financial operations, leading to significant monetary losses.
o Erode customer trust, increasing legal liabilities and regulatory penalties.
 CrowdStrike Global Threat Report 2025 reveals that the fastest recorded breakout in 2024
occurred in just 51 seconds – the average breakout time dropped to just 48 minutes.

Business thrives on risk—but only when managed. Secure your future.

Page 6 of 43
Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

Source: IBM Cost of a Data Breach Report 2024

https://www.ibm.com/reports/data-breach?src_trk=em67bdc123cf17d6.359173081883324847

Page 7 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

4. Real Cyberattacks by Sector (2020-2025)

1. Government – Russian Cyberattacks on Ukraine (2024)
 Incident: In 2024, Russian cyberattacks on Ukraine surged by nearly 70%, with 4,315 incidents
targeting critical infrastructure, including government services, the energy sector, and defense-
related entities.
 Impact: These attacks aimed to steal sensitive data and disrupt operations, employing tactics such
as malware distribution, phishing, and account compromises.
 Source: Significant Cyber Incidents | Strategic Technologies Program | CSIS

2. Financial Institution – Bybit Cryptocurrency Exchange Heist (2025)

 Incident: North Korea's Lazarus Group executed the largest known cryptocurrency heist, stealing
$1.5 billion from Bybit.
 Impact: This massive theft underscored the vulnerabilities in cryptocurrency exchanges and the
increasing sophistication of state-sponsored cybercriminals.
 Source: North Korea Behind $1.5B Bybit Crypto Hack: FBI - Business Insider

3. Telecommunications – T-Mobile Data Breach (2021)

 Incident: A cyberattack exposed the personal data of over 50 million T-Mobile customers,
including Social Security numbers, names, and driver's license information.
 Impact: The breach raised significant concerns about data security within major
telecommunications providers.
 Source: T-Mobile data breach: More than 50 million people now affected - CNET

4. University – University of California, San Francisco (UCSF) Ransomware Attack (2020)

 Incident: The NetWalker ransomware group attacked UCSF, encrypting critical academic and
medical data. The university paid a $1.14 million ransom to regain access.
 Impact: This incident highlighted the susceptibility of educational institutions to ransomware
attacks, especially those involved in critical research.
 Source: The University Of California Pays $1 Million Ransom Following Cyber Attack

5. Healthcare – Genea IVF Clinic Data Breach (2025)

 Incident: A major cybersecurity breach occurred at Genea, an Australian IVF clinic, with hackers
obtaining nearly a terabyte of sensitive patient data, including medical records and personal
information.
 Impact: The ransomware group Termite infiltrated Genea’s systems for weeks, causing significant
disruptions and publishing the stolen data on the dark web.
 Source: Genea IVF hack: Horror legal loophole leaves Aussies at risk | news.com.au — Australia’s leading news site

6. Critical Infrastructure – Colonial Pipeline Ransomware Attack (2021)

 Incident: The DarkSide ransomware group targeted Colonial Pipeline, the largest fuel supplier in
the U.S., forcing a temporary shutdown of fuel distribution across the East Coast. The company
paid a $4.4 million ransom to restore operations.
 Impact: The attack triggered fuel shortages, panic buying, and government action, leading to a
presidential executive order on cybersecurity and new regulations for critical infrastructure
security.
 Source: The Attack on Colonial Pipeline: What We’ve Learned & What We’ve Done Over the Past Two Years | CISA

No sector is immune. Preparedness is no longer optional; it’s survival.

Page 8 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

5. Implications of Cyber Risk

Cyber threats are no longer just an IT concern—they pose systemic financial, operational, and legal
risks that can destabilize organizations. Without proactive cybersecurity measures, organizations face
severe and often irreversible consequences:

Operational Disruptions & Financial Losses

 Cyber incidents can cripple critical services, halt production, and disrupt supply chains,
causing revenue losses.
 Ransomware, fraud, and data breaches result in direct financial costs, including ransom
payments, legal settlements, and regulatory fines.
 Intellectual property theft exposes organizations to competitive disadvantages and market
losses.

Regulatory & Legal Fallout

 Non-compliance with DORA, NIS2, GDPR, and financial sector regulations can lead to severe
fines, legal action, and operational restrictions.
 Increased regulatory scrutiny could result in licensing risks, reputational damage, and
executive accountability at the board level.

Loss of Customer & Shareholder Trust

 Publicized cybersecurity failures lead to customer attrition, shareholder concerns, and
reputational damage.
 Financial institutions and critical infrastructure providers risk permanent credibility loss,
impacting long-term growth and investor confidence.

Third-Party & Supply Chain Vulnerabilities

 Supplier and vendor security gaps introduce cascading risks across interconnected systems.
 Cloud misconfigurations, weak SaaS controls, and outsourcing dependencies create attack
surfaces that cybercriminals actively exploit.

Cyber Insurance & Recovery Limitations

 Cyber insurance policies often exclude negligence, state-sponsored attacks, and regulatory
fines, leaving businesses exposed to uninsured financial losses. Merck's $1.4B NotPetya claim
was initially denied under a 'war exclusion' but later settled after legal battles, exposing cyber
insurance complexities.
 Recovering from a cyberattack is costly and time-intensive, requiring legal, reputational, and
infrastructure overhauls.

The Rise of Scalable, AI-Driven Cybercrime

 AI-powered fraud, deepfake fraud (223% increase in Q1 2023-Q1 2024), and Ransomware-
as-a-Service (RaaS) allow cybercriminals to scale attacks quickly and bypass traditional
security defenses.
 Legacy security models struggle against adaptive, automated, and highly coordinated cyber
threats.

Cyber Risk unchecked threatens business. Build Resilience, Safeguard Trust.

Page 9 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

6. Cyber Fraud & Cybersecurity: Eliminating Silos for Resilient Defense

Cyber fraud is no longer just a financial crime—it is a cybersecurity battle. Criminals exploit AI-
powered deception, stolen credentials, and weak security defenses to commit large-scale fraud,
bypassing traditional prevention measures. Business leaders, fraud teams, and cybersecurity experts
must collaborate to protect financial assets, customer trust, and regulatory compliance. Organizations
must break down silos between fraud prevention and cybersecurity to mitigate financial losses,
regulatory scrutiny, and reputational damage.

Regulatory Alignment
 EBA (PSD2 & PSD3): Mandates fraud reporting, Strong Customer Authentication (SCA), and
enhanced risk monitoring.
 BCBS AML Standards: Requires a risk-based approach to detect and prevent financial crimes.
 PSD3: Introduces stricter authentication, stronger liability frameworks, and AI-driven fraud
detection.

A unified fraud-cybersecurity strategy enhances threat detection, strengthens defenses, and ensures
regulatory compliance—closing security gaps that enable financial crime.

External Fraud: Cybercrime is Fuelling Fraud at Scale

Cybercriminals leverage AI-driven deception, mass data leaks, and weak third-party security to commit
fraud at scale, evading traditional detection mechanisms.

1. Mass Data Leaks & Credential Exploitation

• Breached personal and financial data fuels identity theft, account takeovers, and synthetic
fraud.
• AI-driven bots automate credential stuffing attacks, bypassing weak authentication.

2. Deepfake Fraud & AI-Powered Social Engineering

• Social engineering tactics exploded by 442% in 2024, with vishing (voice phishing) emerging
as a dominant attack vector. Threat actors masquerade as IT support, financial officers, or
vendors to manipulate employees into providing credentials or executing fraudulent wire
transfers. (CURLY SPIDER successfully infiltrated multiple organizations by tricking employees)
• Deepfake voice and video manipulation tricks executives, banks, and payment processors.
• Business Email Compromise (BEC) & AI-enhanced phishing bypass traditional detection
systems.

3. Ransomware-Linked Financial Crimes

• Stolen financial data is monetized for fraudulent transactions, insider trading, and extortion.
• Double-extortion tactics demand ransom payments while simultaneously monetizing stolen
financial records.

4. Third-Party & Supply Chain Exploitation

• FinTech providers with weaker security controls are infiltrated to manipulate transactions.
• Mule accounts and money laundering schemes are rising due to mass immigration and
economic instability.

Page 10 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

Internal Fraud: Rising Risks Amid Workforce Shifts

Economic pressure, workforce churn, and security gaps are fuelling a rise in internal fraud, from
privilege abuse to insider collusion.

1. Privileged Access & Insider Threats

• Unchecked access privileges enable employees to manipulate transactions, alter financial

records, and exfiltrate sensitive data—often undetected.
• Disgruntled employees, departing staff, and IT administrators with residual access rights
pose major risks.

2. Weak Identity Governance & Segregation of Duties (SoD)

• Poor Least Privilege Access (LPA) policies allow unmonitored privilege escalation.
• A lack of Segregation of Duties (SoD) enables fraudulent payments, unauthorized financial
transactions, and policy bypassing.

3. Third-Party Contractors & Shadow IT Risks

• Unvetted vendors and contractors increase exposure to fraud and insider threats.
• Shadow IT (unapproved cloud apps and cloud storage) allows unauthorized data exfiltration.

Regulatory & Compliance Pressures: PSD3, PSR, FIDA & DORA

Regulators are imposing stricter fraud controls, liability shifts, and real-time fraud detection mandates.

1. PSD3 & PSR: Strengthening Payment Fraud Controls

• PSD3 and PSR will impose stricter fraud liability rules, reinforcing Strong Customer
Authentication (SCA) to mitigate financial crime risks.

2. Financial Data Access (FIDA) & Open Banking Risks

• Open Banking increases fraud exposure through third-party access to financial accounts.
• FIDA mandates enhanced transaction monitoring and AI-driven fraud detection. AI-powered
fraud detection enhances security, but institutions must ensure compliance with regulatory
requirements for AI explainability, particularly under the EU AI Act and financial risk model
governance rules.

3. DORA & EBA Fraud Risk Governance

• The Digital Operational Resilience Act (DORA) expands fraud-related ICT risk governance.
• The European Banking Authority (EBA), under PSD2 and forthcoming PSD3, mandates fraud
risk governance frameworks, including fraud risk monitoring, liability policies, and transaction
monitoring. The ECB, through its banking supervisory role, and DORA, focus on ICT risk
governance and cyber resilience in financial institutions.

Key Takeaway: The human element remains the weakest link—cybersecurity training &
executive awareness programs are critical in mitigating social engineering risks.

Fraud and Cyber Risk are inseparable. Align, adapt, and fortify.

Page 11 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

7. Cyber Risk Treatment Approach – A High-Level Mitigation Plan

To effectively reduce cyber risk, organizations must adopt a structured, business-aligned strategy
that integrates security, compliance, and fraud resilience. The following four-step cyber risk
treatment model ensures a measured, strategic response to mitigate threats while maintaining
operational and financial stability.

7.1 The Four-Step Cyber Risk Treatment Model

1. Avoid – Eliminate Unnecessary Risk Sources

Objective: Remove or reduce exposure to high-impact risks where possible.

 Decommission outdated systems and legacy applications that introduce security

vulnerabilities.
 Eliminate unnecessary data collection and storage to minimize exposure to fraud and data
breaches.
 Restrict high-risk activities (e.g., prevent unmonitored third-party access, disable insecure
authentication methods).
 Conduct due diligence and discontinue high-risk vendor relationships that fail to meet
contractual cybersecurity, fraud prevention, or regulatory standards.

2. Mitigate – Strengthen Controls to Reduce Likelihood & Impact

Objective: Implement security and fraud prevention measures to reduce exposure and impact.

 Adopt a Defense-in-Depth strategy with Zero Trust Architecture (ZTA), ensuring strict
identity verification, continuous access monitoring, and least-privilege enforcement to
minimize exposure.
 Implement real-time fraud detection and transaction monitoring to prevent identity theft,
account takeovers, and payment fraud.
 Deploy Endpoint Detection & Response (EDR/XDR) to identify, contain, and respond to
endpoint threats, preventing lateral movement of attackers within the network.
 Strengthen third-party risk management with continuous vendor security monitoring, API
security controls, and supply chain fraud detection.
 Enhance cyber resilience by conducting red teaming, threat-led penetration testing (TLPT),
and adversary simulations to validate security defenses.
 Enforce least privilege access (LPA) and segregation of duties (SoD) to prevent unauthorized
transactions and insider fraud.

3. Transfer – Shift Financial & Legal Impact Where Possible

Objective: Minimize financial, compliance, and liability exposure through strategic risk-sharing
mechanisms.

 Use cyber insurance to cover financial losses from fraud, data breaches, and ransomware-
related business interruptions.
 Strengthen vendor security governance with contractual obligations for cybersecurity, fraud
controls, and ongoing third-party risk assessments.
 Ensure regulatory compliance accountability by shifting risk to payment processors, Open
Banking providers, and third-party service partners via fraud risk-sharing agreements.

Page 12 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

4. Accept – Define & Govern Residual Risk

Objective: Formally acknowledge and govern residual risks that cannot be fully eliminated.

 Quantify residual risk exposure and ensure alignment with risk appetite and business
strategy.
 Establish real-time cyber and fraud risk monitoring using threat intelligence, behavioral
analytics, and anomaly detection.
 Conduct scenario-based stress testing (e.g., Red Teaming, TLPT, fraud simulations) to
validate security defenses.
 Ensure board-level oversight with structured, periodic reporting on cybersecurity, fraud risk
exposure, and regulatory compliance gaps.

High-Level Alignment with NIST CSF & ISO 27002

The cybersecurity risk treatment model outlined in this report is conceptually aligned with widely
recognized best practices, including:

 NIST Cybersecurity Framework (CSF) – This model broadly reflects NIST CSF’s five core
functions: Identify, Protect, Detect, Respond, and Recover, ensuring a structured risk
management approach.
 ISO 27002:2022 – While not an exhaustive mapping, this report's recommended controls
resonate with ISO 27002’s key security domains, covering governance, technology, and
operational resilience.

While this report does not provide a direct control-by-control mapping, its principles support
organizations in strengthening cyber resilience and aligning their approach with regulatory
expectations under DORA, NIS2, ECB, and other international cybersecurity standards.

7.2 The Journey to Residual Risk – Justifying Post-Mitigation Evaluation

Residual risk is the remaining risk after all reasonable security measures have been applied—no
organization can fully eliminate cyber threats. Even after mitigation efforts, some level of residual
risk remains due to:

 Evolving cyber threats (e.g., AI-driven fraud, supply chain risks, nation-state attacks).
 Regulatory uncertainty as frameworks like PSD3 and DORA introduce evolving fraud and
compliance demands.
 Third-party dependencies (e.g., cloud providers, FinTech integrations, and supply chain
security gaps).
 Insider and external fraud risks that require continuous monitoring and behavioral analytics.

Cybersecurity is not a one-time fix—it’s an ongoing commitment.

Vigilance, adaptability, and resilience are the keys to long-term protection.

Page 13 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

8. Risk Owner, Governance & Reporting Structure

Cyber risk is a strategic business risk requiring clear governance, defined responsibilities, and
executive oversight. As cyber threats continue to evolve in sophistication and frequency, supervisory
authorities and regulatory bodies such as the European Central Bank (ECB), European Banking
Authority (EBA), as well as the Digital Operational Resilience Act (DORA) mandate that organizations
establish robust risk ownership and accountability frameworks to ensure financial stability and
operational resilience.

A well-defined cybersecurity governance model helps organizations:

 Strengthen risk accountability across leadership teams.

 Improve decision-making for cybersecurity investments.
 Align security initiatives with business priorities and resilience strategies.
 Ensure regulatory compliance and avoid penalties.

However, the role of the Chief Information Security Officer (CISO) varies across organizations,
depending on their industry, regulatory obligations, and internal governance structures. In systemic
financial institutions, the CISO typically operates as a Second Line of Defense (2LoD) control function,
ensuring independent oversight rather than direct cyber risk ownership. In non-banking organizations,
the CISO may be the primary cybersecurity risk owner, though best practices suggest that cyber risk
ownership is often shared with the CTO, CIO, or COO, depending on the organization's structure.

This section outlines the governance best practices for systemic banks and other organizations,
ensuring that risk ownership, accountability, and reporting structures align with regulatory mandates,
industry standards, and organizational needs.

Standard Governance Structure for Systemic Banks (ECB Best Practice)

Function Responsibility

Chief Technology Officer (CTO) &/or Chief Operating Officer (COO) – Share
responsibilities for cybersecurity controls, IT operations, and operational resilience.
Risk Owner
The CTO focuses on technology and security controls, while the COO on operational
continuity and resilience, including physical security controls.

Chief Executive Officer (CEO) – Holds ultimate accountability for cybersecurity risk
Accountability
at the executive level.

Chief Information Security Officer (CISO) – Provides independent oversight, ensures

Monitored By
cybersecurity governance, and reports risk exposure to executives and the board.

Risk Management Committee, Board of Directors – Oversees cyber risk exposure

Reported To
and ensures compliance with regulatory mandates and frameworks.

Why the CISO Should NOT Be the Risk Owner in Systemic Banks
In systemic financial institutions, the CISO operates as a Second Line of Defense (2LoD) and must
remain independent from direct cybersecurity risk ownership.

 Independence & Oversight: The CISO’s primary role is to monitor, challenge, and report
cybersecurity risks, ensuring that risk management is properly executed by the First Line of
Defense (1LoD) (business and IT leaders).

Page 14 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

 Conflict of Interest: If the CISO were the Risk Owner, they would be both implementing and
assessing security controls, violating segregation of duties and governance best practices.

 Regulatory Alignment: ECB, EBA, and DORA frameworks require risk ownership to be with
business and IT leadership (1LoD), while the CISO reports risk exposure to executives and
the board directly.

Governance Model for Non-Banks or Organizations Without a 2LoD CISO Role

For organizations where the CISO is part of operational management rather than a control function,
the governance structure may be adapted as follows:

Function Responsibility

Chief Information Security Officer (CISO) – Directly responsible for implementing

Risk Owner
cybersecurity risk management strategies.

Chief Risk Officer (CRO) or CEO – Holds executive accountability for cybersecurity
Accountability
risks.

Internal Audit, Compliance – Ensures oversight of cybersecurity measures and

Monitored By
governance.

CEO, Executive or Board Risk Committee, Board of Directors – Oversees cyber risk
Reported To
exposure and ensures compliance with regulatory mandates.

When should the CISO be the Risk Owner?

 In non-financial organizations where the CISO is responsible for both cybersecurity strategy
and execution.
 In small-to-medium enterprises (SMEs) where risk oversight functions are integrated within
IT security leadership.
 When there is no independent risk oversight structure, and the CISO directly implements,
monitors, and reports cyber risk exposure.

Conclusion: A Governance Structure Tailored to Organizational Needs

Cyber risk ownership must be structured based on industry regulations, internal governance models,
and risk oversight requirements:

 Systemic Banks: Risk ownership remains with business and IT leaders (1LoD), with the CISO
acting as an independent risk advisor (2LoD).
 Non-Banking Organizations: The CISO may serve as the direct Risk Owner if no independent
oversight function exists.
 Board & Executive-Level Responsibility: Regardless of structure, ultimate accountability
remains with the CEO and the Board, ensuring compliance, risk governance, and
cybersecurity resilience.

Cyber risk is not just an IT issue—it’s a boardroom priority.

A strong governance model fosters accountability, resilience, and trust—
because security is everyone’s responsibility.

Page 15 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

9. Cybersecurity & Fraud Workforce: Skills, Challenges, and Industry Demand

As cyber threats and financial fraud grow, demand for skilled professionals outpaces supply. With a 4
million cybersecurity workforce gap, unfilled roles heighten risk. IBM Cost of a Data Breach Report
2024 shows understaffed teams take 96 days longer to contain breaches. Can you afford the delays?

At the same time, salary discrepancies create additional challenges in attracting and retaining talent.
While top-tier professionals command six-figure salaries, entry-level cybersecurity and fraud
prevention roles often start at €30K–€45K in Europe and $50K–$70K in the U.S., depending on
location, industry, and required skills. However, as experience grows, mid-to-senior-level
professionals can achieve significantly higher earnings, making cybersecurity and fraud prevention
lucrative but competitive career fields.

Key skills in demand include threat detection, penetration testing, incident response, cloud security,
and AI-driven threat analysis for cybersecurity, while fraud prevention requires expertise in
transaction monitoring, behavioral analytics, AML, regulatory compliance, and forensic investigation.

Common Cybersecurity & Fraud Roles: Career Path from Entry-Level to Executive

Role Description

Cybersecurity Analyst Monitors networks for threats, investigates alerts, and manages security controls.
/ SOC Analyst Requires knowledge of intrusion detection, endpoint security, and incident response.

Analyzes financial transactions to detect fraud patterns, using AI and behavioral

Fraud Analyst analytics. Works closely with cybersecurity teams on account takeovers and phishing-
related fraud.

Penetration Tester Simulates cyberattacks to identify vulnerabilities before attackers exploit them.
(Ethical Hacker) Requires hacking, scripting, and network security skills.

Threat Intelligence Tracks cybercriminal tactics, monitoring the dark web and fraud networks to anticipate
Analyst threats. Provides insights to fraud and security teams.

Develops and maintains security tools, firewalls, and access controls. Specializations
Security Engineer
include cloud security and application security.

Investigates financial crimes, payment fraud, and internal fraud cases, often in
Fraud Investigator
collaboration with law enforcement.

Security Architect / Designs cybersecurity frameworks and awareness programs, leads security teams, and
Security Manager ensures compliance with standards like ISO 27001 and NIST.

Fraud Prevention Oversees fraud detection and response programs, manages fraud analytics, and
Manager coordinates with cybersecurity leadership.

Head of Fraud
Develops fraud risk strategies, oversees AML and compliance programs, and integrates
Prevention / Director
fraud intelligence with cybersecurity measures.
of Financial Crime

Chief Information Leads the organization’s cybersecurity strategy, risk management, and compliance
Security Officer (CISO) programs. Often reports to the Board Risk Committee, CEO, CRO, COO, or CIO.

Talent gaps fuel cyber risk. Invest in expertise, fortify resilience.

Page 16 of 43
Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

Source: (ISC)² Cybersecurity Workforce Report 2024

https://www.isc2.org/Insights/2024/10/ISC2-2024-Cybersecurity-Workforce-Study

Page 17 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

10.Navigating High-Stakes Conversations: Cyber Risk and Fraud

In today’s high-stakes cybersecurity landscape, discussions on cyber risk and fraud can quickly escalate
into blame games or defensive risk transference. This not only hinders effective solutions but also
increases financial exposure and reputational harm. A structured and empathetic approach is essential
to fostering productive collaboration and risk mitigation.

The 3P Framework: Prepare, Present, Progress

1. Prepare (Before the Conversation):
• Know Your Goal: Define the desired outcome.
• Understand Their Perspective: Anticipate their concerns and reactions.
• Plan, But Stay Flexible: Outline key points and solutions, but remain adaptable.
• Check Your Emotions: Ensure you approach the discussion calmly.
• Practice: Mentally rehearse the conversation, focusing on your message and their potential
responses.
2. Present (During the Conversation):
• Lead with Empathy: Acknowledge their feelings and concerns.
• Stay Calm & Listen: Practice active listening and avoid combative responses.
• Communicate with precision: Use facts, not assumptions. Be specific, avoid generalizations,
and clarify your intent to prevent misinterpretations.
• Respect Boundaries: Be clear about what you can and cannot commit to.
• Focus on Solutions: Shift the focus from blame to collaborative problem-solving.
• Practice: Employ the "R.E.S.T." rule: Regulate emotions, Empathize, State your point, Talk
solutions.
3. Progress (After the Conversation):
• Reflect on What Worked: Identify areas for improvement.
• Adjust for Next Time: Note lessons learned.
• Follow Up & Ensure Accountability: Convert discussions into concrete action steps. Clarify
responsibilities, set deadlines, and track progress.
• Practice: Take time to reflect on the conversation's effectiveness.

Key Principles:

• Lead with Empathy: Acknowledge feelings before addressing facts.

• Ask to Understand: Use open-ended questions to gain perspective.
• Really Listen: Give your full attention and validate their concerns.
• Own Your Emotions: Acknowledge your feelings without playing
the victim.
• Focus on Solutions: Work together to find a way forward.
• The Golden Rule: Pause, breathe, and respond—don’t react. Use
the Physiological Sigh (two short inhales, one long exhale) to
regulate stress and stay composed under pressure.

By implementing these strategies, you can transform stressful discussions into productive
collaborations, fostering a culture of shared responsibility and effective risk mitigation.

Clear communication transforms dialogue into decisive action.

Foster structured conversations, align on risks, and stay prepared—
because preparation is half the battle.

Page 18 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

11.AI & Cybersecurity: Emerging Threats and Defense Strategies

Why AI is a Game-Changer in Cybersecurity
Artificial Intelligence (AI) is transforming the cybersecurity landscape—both as an enabler of advanced
defense mechanisms and as a weapon for cybercriminals. As cybercriminals weaponize AI,
organizations must counteract with equally sophisticated AI-driven security defenses. The WEF AI &
Cybersecurity Report 2025 highlights that AI-driven threats are outpacing traditional defenses,
making it imperative for organizations to adapt, invest, and prepare for this evolving cyber-fraud
battlefield.

Key AI-Driven Cyber Risks:

 AI-Powered Malware & Ransomware – Malware that autonomously evades detection,
adapts in real-time, and learns from cybersecurity defenses.
 Deepfake Fraud & AI-Generated Social Engineering – Realistic synthetic voices and videos
used for identity theft, fraud, and CEO impersonation attacks. AI-enhanced BEC (Business
Email Compromise) attacks have become far more convincing, leading to a $25.6 million
fraud incident in 2024.
 AI-Augmented Phishing & Credential Theft – AI-automated phishing campaigns that
bypass traditional detection with hyper-personalized attacks.
 Automated Exploit Discovery & Zero-Day Attacks – AI systems scanning global networks
for vulnerabilities, weaponizing cyberattacks at scale.
 AI-Generated Disinformation & Cyber Influence Operations – AI-enhanced information
warfare targeting reputations, financial markets, and national security.

The Dual Challenge: AI as a Threat and a Defense Mechanism

While cybercriminals leverage AI for automation, deception, and large-scale attacks, organizations can
counter AI threats with AI-driven security solutions.

AI-Powered Defense Strategies:

 Threat Intelligence & Anomaly Detection – AI-enhanced Security Information & Event
Management (SIEM) and Endpoint Detection & Response (EDR) for real-time cyber risk
assessment.
 Behavioral AI & Insider Threat Detection – AI-driven user behavior analytics (UBA) to detect
account compromise, data exfiltration, and privilege abuse.
 AI-Powered Fraud Prevention – Transaction monitoring, biometric fraud detection, and AI-
based anomaly detection models.
 Generative AI for Cyber Defense – AI-assisted threat hunting, Red Team simulations, and
automated code analysis to mitigate software vulnerabilities.
 Post-Quantum Cryptography Readiness –AI is accelerating cryptanalysis, making quantum-
era threats more urgent. AI-driven decryption techniques could compromise traditional
encryption well before quantum computers become mainstream. Organizations must
proactively migrate to post-quantum cryptography (PQC) while monitoring AI-assisted
cryptanalysis advancements to stay ahead of emerging decryption risks.

AI Regulation & Cybersecurity Compliance

AI’s integration into cybersecurity also brings regulatory challenges, as frameworks like DORA, NIS2,
GDPR, and PSD3 evolve to address AI-related security risks. Key compliance considerations include:

Page 19 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

• AI model transparency & explainability for security decision-making

• AI ethics & accountability in automated cybersecurity systems
• AI-driven fraud risk governance under PSD3 & FIDA (Financial Data Access Framework)

11.1 Questions for Business Leaders to Consider: AI Security & Risk Management
AI adoption presents both transformative opportunities and evolving cybersecurity risks. Business
leaders must define strategic parameters to ensure AI-driven innovation aligns with security,
compliance, and risk management.

The following critical questions, drawn from the WEF AI & Cybersecurity Report 2025, guide AI
governance and cybersecurity readiness:

1. Risk Tolerance & AI Oversight

• Question: Has a clearly defined AI risk tolerance framework been established and effectively
communicated across all relevant stakeholders?
• Why it matters: Organizations must balance innovation with risk exposure. AI deployment
should align with enterprise-wide risk management strategies.
• Action: Develop an AI risk register, conduct scenario analysis, and ensure board-level
oversight on AI-related risks.
2. AI Risk-Reward Assessment
• Question: Are AI adoption decisions guided by a structured framework that evaluates both
potential benefits and risks, ensuring alignment with business objectives?
• Why it matters: Organizations need a systematic approach to assess AI projects before
implementation to avoid uncalculated risks.
• Action: Implement a risk-reward matrix for AI investments, incorporating compliance, security,
and ethical considerations.
3. AI Governance & Deployment Monitoring
• Question: Is there a centralized governance framework to track and manage AI projects,
particularly in decentralized or multi-departmental environments?
• Why it matters: AI models increasingly rely on third-party datasets, APIs, and pre-trained
models, introducing hidden vulnerabilities. Risks such as model poisoning, data manipulation,
and shadow AI deployments can compromise security. Organizations must verify AI model
integrity, enforce supplier risk assessments, and implement continuous monitoring of third-
party AI components.
• Action: Establish a cross-functional AI governance team, enforce security-by-design principles,
and continuously monitor AI usage across all departments.
4. AI-Specific Cyber Threats & Organizational Vulnerabilities
• Question: Has the organization conducted a comprehensive AI-specific cybersecurity risk
assessment, including emerging threats like adversarial AI, model poisoning, and data
inference attacks?
• Why it matters: AI systems introduce novel attack vectors that could compromise business
operations and regulatory compliance.
• Action: AI adversarial attacks, including evasion techniques, data poisoning, and prompt
injection, pose a significant threat to AI-driven security systems. Red Team exercises should
be expanded to simulate adversarial machine learning (AML) tactics, stress-testing AI models
against real-world manipulation attempts. Security teams must deploy adversarial robustness
testing to mitigate AI exploitation risks.

Page 20 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

5. Stakeholder Roles & AI Security Accountability

• Question: Have key stakeholders across business, risk, compliance, and technology been
identified and assigned clear AI security responsibilities?
• Why it matters: Effective AI security requires collaboration between legal, IT, security,
compliance, and frontline business units.
• Action: While AI enhances cybersecurity automation, it should augment—not replace—
human decision-making. Over-reliance on AI-generated risk assessments can lead to false
positives, AI bias, and misclassifications. Organizations must implement "human-in-the-loop"
oversight, ensuring that AI security decisions are validated by experienced security
professionals to prevent automated security failures.
6. AI Compliance, Assurance & Regulatory Alignment
• Question: Are AI deployments systematically reviewed for compliance with legal, regulatory,
and organizational policies, including data privacy, security, and ethical AI guidelines?
• Why it matters: AI regulatory scrutiny is increasing, with emerging frameworks such as the EU
AI Act, DORA, NIS2, and global cybersecurity mandates.
• Action: Implement an AI security compliance review, conduct routine audits, and align AI
projects with evolving global and sector-specific regulations.

Key Considerations for Implementation

• Embed AI security in governance frameworks – Integrate AI security risk considerations
across existing risk, compliance, and cybersecurity programs.
• Ensure AI security throughout its lifecycle – From development to deployment, incorporate
security testing, monitoring, and risk mitigation.
• Foster a security-aware AI culture – Promote ongoing learning and training to build AI-specific
cybersecurity awareness across teams.
• Document AI security policies and decisions – Maintain audit trails and risk registers for AI-
related cyber risk governance.

What Organizations Must Do Now

 Prioritize AI in Cybersecurity Strategies – AI-driven threats are already here—defense
strategies must match AI's sophistication. The only viable defense is fighting AI with AI—
developing adaptive, AI-powered security mechanisms that can operate at speed and scale.
 Invest in AI-Powered Cyber Resilience – AI-driven cyber threats require AI-powered solutions,
from autonomous SOCs to behavioral AI fraud detection.
 Prepare for AI-Driven Regulations – Organizations must stay ahead of AI compliance
requirements to mitigate regulatory risk and ensure legal defensibility.

“In the next decade, companies will be defined by their AI strategy: innovators
will succeed, while resistors will vanish. Today’s chief information security
officers (CISOs) play a critical role in this journey, and must move from blocking
the use of AI, to enabling it. But with the technology still in its infancy, the lack
of understanding around AI has the potential to shift the balance of power to
threat actors. The only viable defence is fighting AI with AI – developing
personalized, adaptive security approaches that can protect an organization at
speed and at scale.”
-Matthew Prince, CEO and Co-Founder, Cloudflare
Page 21 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

12. Technical Cybersecurity Guidance: Defense-in-Depth Approach

Cyber threats are evolving at an unprecedented pace, fueled by AI-driven attacks, ransomware-as-a-
service (RaaS), deepfake fraud, and geopolitical tensions. The WEF Global Risks Report 2024 identifies
cyber insecurity as a critical global threat, while IBM’s Cost of a Data Breach Report 2024 reveals that
the average breach now costs $4.88 million, with containment times averaging 292 days. Alarmingly,
79% of cyber intrusions in 2024 were malware-free, relying instead on credential abuse, remote
access exploitation, and trusted IT relationships to bypass defenses. To counter these threats,
organizations must adopt a Defense-in-Depth (DiD) approach, ensuring multiple layers of security,
strengthened identity and access management (IAM), behavioral analytics, and a Zero Trust
Architecture (ZTA) that continuously verifies trust at every level.

12.1 Immediate Controls to Reduce Exposure

Objective: Implement immediate measures to reduce cyber risk exposure, block known threats, and
contain ongoing cyber incidents before they escalate.

1. Perimeter & Internet Security (External Defense)

Modern cyber threats are increasingly targeting external attack surfaces, including cloud-based
services and remote work environments.

Next-Generation Firewalls (NGFWs) & Intrusion Prevention Systems (IPS)

 Deploy AI-powered layer-7 firewalls with deep packet inspection (DPI) for anomaly detection
and automated threat blocking.
 Implement geo-restriction policies to prevent access from high-risk regions.
 Use IPS with real-time threat intelligence feeds to detect and mitigate zero-day exploits.

Web Application Firewalls (WAFs)

 Protect APIs and web applications against SQL Injection, XSS, and OWASP Top 10
vulnerabilities.
 Implement AI-powered WAFs capable of behavioral analysis to identify and mitigate AI-
enhanced attack patterns dynamically.

DNS Security & Secure Web Gateways (SWG)

 Implement AI-driven DNS-layer protection to block malicious domains, phishing campaigns,
and C2 (command-and-control) communications.
 Enforce SSL decryption and real-time content filtering to detect hidden threats.

Cloud Security Posture Management (CSPM)

 Continuous cloud workload scanning to detect misconfigurations (e.g., exposed S3 buckets,
over-permissive IAM roles).
 Enforce Zero Trust in multi-cloud environments using microsegmentation and identity-based
access policies.

2. Application Security & Secure Software Development

Secure Software Development Lifecycle (SDLC)

 Implement DevSecOps practices to integrate security from the initial stages of development.

Page 22 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

 Conduct automated static and dynamic application security testing (SAST/DAST) to detect
vulnerabilities pre-deployment.
 Use Software Composition Analysis (SCA) to identify and mitigate risks in third-party and
open-source software dependencies.

Application Security Testing

 Implement Static (SAST), Dynamic (DAST), and Interactive (IAST) Application Security Testing
to detect and remediate vulnerabilities throughout the software development lifecycle
(SDLC), ensuring secure-by-design applications.
 Implement Runtime Application Self-Protection (RASP) to detect and mitigate threats in real-
time.

API Security & Secure Code Practices

 Enforce API security standards (OAuth 2.0, OpenID Connect, and API gateways) to prevent
unauthorized access and API abuse.
 Implement API threat monitoring to detect anomalies such as excessive API calls, credential
stuffing, and API-based attacks.
 Apply secure coding practices to mitigate risks like SQL Injection, Cross-Site Scripting (XSS),
and Insecure Deserialization, in alignment with the OWASP Top 10 vulnerabilities.

Software Supply Chain Security

 Enforce code signing and artifact integrity checks to prevent software tampering.
 Use SBOM (Software Bill of Materials) to track dependencies and detect supply chain risks.
 Adopt Zero Trust principles in CI/CD pipelines, ensuring privilege-based access controls for
development, testing, and deployment environments.

3. Endpoint & Device Security

With the rise of remote work and cloud-based applications, endpoint security is a prime attack vector.

Extended Detection & Response (XDR)

 Use AI-driven behavioral analytics to detect anomalies across endpoints, email, cloud, and
network layers.
 Automate incident response playbooks for faster containment and remediation.
 Implement application allow-listing (e.g., AppLocker, which restricts execution to explicitly
approved applications on endpoints and servers) and real-time file integrity monitoring (FIM)
to prevent unauthorized code execution and detect tampering.

Endpoint Detection & Response (EDR) & Managed Detection and Response (MDR)
 Deploy EDR solutions with autonomous rollback and behavioral threat hunting to neutralize
ransomware and fileless malware attacks.
 24/7 SOC monitoring through MDR providers enhances threat visibility.

Application Whitelisting & Privilege Management

 Enforce allow-listing of authorized applications to prevent malware execution.
 Implement Role-Based Access Control (RBAC) and Privileged Access Management (PAM) to
reduce privilege escalation risks.

Page 23 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

Disk & File Encryption

 Ensure AES-256 encryption for data at rest and in transit across all endpoints.
 Deploy Full Disk Encryption (FDE) and BitLocker for Windows environments.

4. Network Security & Data Leakage Prevention (DLP)

Internal networks must be segmented to limit lateral movement and prevent data exfiltration.

Network Segmentation & Zero Trust Network Access (ZTNA)

 Implement microsegmentation to restrict traffic between departments and high-risk zones.
 Use Software-Defined Perimeters (SDP) to enforce Zero Trust principles.

Data Leakage Prevention (DLP) Solutions

 Deploy AI-powered DLP with content-aware inspection to monitor, classify, and prevent
unauthorized data exfiltration across cloud and endpoint environments.
 Restrict data transfers via USB, unauthorized cloud apps, and email forwarding.

Network Traffic Analysis (NTA) & Anomaly Detection

 Use AI-driven behavioral analytics to detect lateral movement, brute-force attacks, and data
exfiltration attempts.

Network Access Control (NAC)

 Ensure only compliant devices (patched, encrypted, corporate-owned) can access the internal
network.

Web Application Firewalls (WAFs)

 Deploy AI-driven WAFs that automatically adapt to emerging attack patterns.
 Implement Behavioral AI for anomaly detection, reducing false positives in application-layer
security.
 Ensure WAFs are integrated with API security controls to prevent attacks on microservices-
based architectures.

5. Insider Threat & Physical Security

Physical and insider risks remain a major concern, particularly with the rise of AI-enhanced fraud and
social engineering.

Access Control Systems (ACS) & Surveillance

 Implement biometric authentication (fingerprint, retina scans) for data center and server
room access.
 Use intelligent CCTV with AI-driven anomaly detection for proactive security monitoring.

User Behavior Analytics (UBA), Identity & Access Management (IAM) & Insider
Threat Monitoring
 Implement IAM solutions with Multi-Factor Authentication (MFA), Role-Based Access
Control (RBAC), and Just-In-Time (JIT) access to minimize privilege abuse.

Page 24 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

 Organizations must proactively monitor insider threats, including privilege misuse, data
exfiltration attempts, and behavior anomalies that could indicate a disgruntled employee or
compromised access credentials.
 Continuously monitor privileged access sessions with session recording, anomaly detection,
and AI-driven risk scoring to flag potential insider threats.

6. Vulnerability & Patch Management

Zero-day exploits and software vulnerabilities remain one of the biggest attack vectors.

Vulnerability Management Program (VMP)

 Implement continuous vulnerability scanning and automated prioritization of critical CVEs.
 Deploy risk-based patching to address the most critical vulnerabilities first.

Automated Patch Deployment & Virtual Patching

 Utilize automated patch management tools to reduce exposure windows.
 Virtual patching is essential for mitigating zero-day vulnerabilities or protecting legacy
systems that cannot be immediately patched due to operational constraints.

Application Security Patching

 Automate patch deployment for applications and third-party libraries to reduce
vulnerability exposure windows.
 Apply virtual patching via Intrusion Prevention Systems (IPS) for zero-day application
vulnerabilities.

12.2 Long-Term Risk Reduction & Cyber Resilience

Objective: Strengthen resilience through long-term cybersecurity programs, employee training, and
regulatory compliance.

1. Cybersecurity Awareness & Behavioral Training

 Deploy AI-driven phishing simulations, adaptive role-based training, and just-in-time security
awareness to counter evolving social engineering tactics.
 Conduct social engineering awareness programs for executives and employees.

2. Third-Party & Supply Chain Risk Management

 Enforce continuous vendor security audits and contractual cybersecurity requirements.
 Implement Zero Trust-based vendor risk assessment with continuous monitoring and
adaptive security controls for third-party integrations.

3. Regulatory & Compliance Alignment

 Ensure compliance with ECB, EBA, DORA, NIS2, GDPR, ISO 27001, and NIST frameworks.
 Maintain audit-ready security documentation.

4. Advanced Threat Intelligence & Threat Hunting

 AI-driven security tools enhance anomaly detection, but human expertise remains critical for
validating and responding to emerging threats. A hybrid approach combining AI automation
with skilled cybersecurity teams ensures effective threat management.

Page 25 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

 Conduct proactive Red Team testing and Purple Team collaboration.

Threat Intelligence for Application Security

 Leverage machine learning-based anomaly detection for real-time monitoring of application
logs.
 Integrate real-time software supply chain threat intelligence feeds (e.g., CISA KEV, MITRE
ATT&CK, OWASP Dependency-Check) to detect compromised third-party libraries and
mitigate supply chain threats like Log4j and SolarWinds-type attacks.

5. Resilience & Incident Response Testing

 Conduct annual cybersecurity resilience drills with executive participation.
 Perform crisis simulation exercises with legal, risk, and business continuity teams.

12.3 Business Continuity & Disaster Recovery (BC/DR)

Objective: Ensure operational resilience, minimize downtime, and enable rapid recovery from cyber
incidents. Cloud intrusions surged by 26% in 2024, with 35% of breaches caused by valid credential
abuse rather than malware. Cloud resilience depends on zero-trust security models, privileged
access controls, and continuous monitoring.

1. Incident Response Readiness

A well-prepared incident response plan reduces breach containment time and recovery costs.

Security Information & Event Management (SIEM) & SOAR

 Integrate SIEM with real-time AI-powered correlation and SOAR automation to detect,
prioritize, and remediate security incidents with minimal human intervention.
 Integrate SOAR playbooks for rapid threat containment.

Tabletop Exercises & Red/Blue Team Simulations

 Conduct real-world attack simulations to identify gaps in defenses; executives should
actively participate in cyber crisis simulations to enhance decision-making, refine
communication strategies, and ensure alignment with regulatory expectations.
 Improve SOC team readiness through adversary emulation.

Ransomware Resilience Framework

 Deploy air-gapped, immutable backups with ransomware rollback mechanisms and conduct
quarterly unannounced recovery testing to validate resilience under real-world attack
scenarios.

2. Redundant Data Backup & Recovery Testing

 Maintain air-gapped, encrypted backups across multiple locations.
 Conduct regular backup restoration drills.

3. Incident Escalation & Crisis Management

 Establish predefined escalation paths for executive leadership and regulators.
 Implement automated incident notification workflows.

Page 26 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

4. Cyber Insurance & Financial Risk Mitigation

 Review cyber insurance policies to ensure coverage for ransomware, fraud-related losses,
business interruptions, and regulatory non-compliance fines.
 Integrate cyber risk assessments into enterprise risk management strategies.

12.4 Future-Proofing Cybersecurity Investments

Objective: Ensure cybersecurity investments align with emerging threats, evolving attack techniques,
and regulatory requirements to maintain long-term resilience.

1. AI-Powered Security Enhancements

 Deploy AI-driven security orchestration for real-time threat correlation, deep learning-
based anomaly detection, and automated adaptive threat intelligence responses.
 Automate threat intelligence processing and risk-based decision-making to enhance
detection accuracy and reduce false positives.
 Leverage AI-driven Red Teaming to simulate adversary techniques and test defenses against
automated, evolving threats.
 Implement AI-driven application security scanning tools to automate bug detection and
remediation recommendations in development environments.
 Use Generative AI for Security Code Review, reducing vulnerabilities before deployment.

2. Preparing for Quantum-Resilient Cryptography

 Assess long-term migration paths to quantum-resistant encryption algorithms in alignment
with NIST Post-Quantum Cryptography (PQC) standards.
 Conduct cryptographic inventory assessments to identify legacy encryption methods that
may require future upgrades.
 Continuously monitor quantum computing advancements, evaluate post-quantum
cryptographic solutions, and establish a phased transition plan aligned with NIST PQC
standards.
 Ensure application encryption methods transition to post-quantum cryptography (PQC)
standards.
 Conduct cryptographic health assessments for applications storing sensitive data.

3. Continuous Cyber Resilience Testing

 Integrate AI-powered security validation, leveraging Breach and Attack Simulation (BAS) to
continuously test defenses, detect misconfigurations, and adaptively respond to emerging
threats in real time.
 Implement cyber resilience scoring frameworks to measure, benchmark, and track
improvements in security posture.
 Expand Red & Purple Teaming strategies to assess defenses against AI-enhanced cyber
threats, deepfake fraud, and supply chain compromises.

Cybersecurity is an Evolving Discipline

Organizations must update security strategies, review compliance annually, and leverage AI-driven
threat intelligence to stay ahead of emerging risks.

Security is not a static goal. It is a continuous process of adaptation and

vigilance. Fortify, adapt, and stay ahead in the cyber battlefield.
Page 27 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

13. Regulatory Compliance & Global Cybersecurity Standards

Regulatory Framework /
Region Key Focus
Standard

Mandates cybersecurity resilience for financial

APRA CPS 234 Australia institutions, focusing on incident response planning, risk
assessments, and third-party security governance.

Basel Committee on Defines cyber resilience principles for financial

Banking Supervision (BCBS) Global institutions, focusing on threat intelligence, incident
Cyber Resilience Guidelines response frameworks, and cybersecurity governance.

Establishes strict ICT risk management requirements,

Digital Operational mandates third-party risk governance, requires advanced
EU
Resilience Act (DORA) incident reporting, and enforces operational resilience
testing for financial institutions.

Regulates high-risk AI applications in cybersecurity, fraud

EU Artificial Intelligence Act EU detection, automated decision-making, and consumer
protection, enforcing AI governance and ethical AI use.

Establishes ICT risk governance, cybersecurity control

EBA ICT & Security Risk
EU requirements, and regulatory reporting obligations for
Management Guidelines
financial institutions, ensuring robust risk mitigation.

European Central Bank

Requires board-level cyber risk governance, systemic
(ECB) Cyber Resilience
EU resilience testing, and third-party risk oversight to ensure
Oversight Expectations
financial stability in the banking sector.
(CROE)

A framework for banks and financial institutions to

FFIEC Cybersecurity
USA assess cybersecurity maturity, enhance resilience, and
Assessment Tool (CAT)
comply with regulatory expectations.

Requires data protection by design, breach notification

GDPR (General Data within 72 hours, AI-related privacy controls, and secure
EU
Protection Regulation) cross-border data transfers to safeguard personal
information.

ISO/IEC 27001:2022 Provides a comprehensive security framework for risk

(Information Security Global assessment, cloud security governance, supply chain
Management) security, and business continuity planning.

Outlines cybersecurity policies for financial services and

MAS Technology Risk
fintech companies, covering AI security governance,
Management (TRM) Singapore
incident response mandates, and risk-based security
Guidelines
controls.

Page 28 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

Regulatory Framework /
Region Key Focus
Standard

Strengthens incident reporting obligations, risk

management mandates, and sector-specific security
NIS2 Directive EU
controls. Imposes stricter penalties for non-compliance
and expands cybersecurity accountability.

A risk-based cybersecurity strategy guiding organizations

NIST Cybersecurity
USA in identifying, protecting, detecting, responding to, and
Framework (CSF) v2.0
recovering from cyber threats across industries.

Establishes a set of security and privacy controls designed

NIST SP 800-53 USA to protect financial, healthcare, and critical infrastructure
organizations from evolving cyber threats.

Expands fraud risk monitoring, real-time transaction

Payment Services
authentication, mandates secure Open Banking security
Regulations (PSD2 → PSD3, EU
controls, and enhances incident reporting requirements
PSR, FIDA)
in the financial sector.

Cybersecurity and financial fraud risk are now top regulatory priorities across DORA, ECB oversight,
PSD3, NIS2, and global cybersecurity frameworks. Financial institutions must implement AI-driven
fraud detection, secure Open Banking APIs, real-time anomaly detection, and cyber resilience
frameworks to ensure compliance and mitigate emerging threats.

Regulatory compliance isn’t just a requirement—it’s proactive defense.

Aligning with DORA, NIS2, PSD3, ECB CROE, and global security mandates
builds resilience against tomorrow’s threats.

Page 29 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

14. Cyber Risk Preparedness Checklist for Board Members

Why It Matters
Cybersecurity and fraud resilience are critical for business survival, financial stability, and regulatory
compliance. As highlighted in the report, cyber threats pose an 85% probability of occurrence within
the next two years, with an 83% severity impact. Board members must ensure their organizations are
prepared to withstand, respond to, and recover from cyber threats. This checklist provides a
structured framework for board-level oversight and strategic decision-making.

1. Governance & Accountability

Cyber Risk Ownership & Board Engagement

 Has the board formally designated a cybersecurity risk owner (e.g., CTO or COO) with
oversight from the CISO?
 Are cybersecurity briefings from security leadership and updates on risk exposure, regulatory
changes, and incident trends regularly scheduled at board meetings?

Cybersecurity as a Board-Level Priority

 Is cyber risk formally integrated into the organization's Enterprise Risk Management (ERM)
framework, considering the high-severity risk assessment in Section 3?
 Are key cybersecurity objectives, metrics, maturity levels, and key risk indicators (KRIs)
reported to the board on a consistent schedule, reflecting the comprehensive approach
detailed in the report?

2. Risk Management & Compliance

Cyber Risk Assessment & Strategic Resilience Planning

 Does the organization conduct an annual enterprise-wide, risk-based cybersecurity

assessment to identify critical vulnerabilities?
 Are third-party and supply chain risks assessed regularly, with appropriate security clauses
embedded in vendor contracts?
 Has the organization established a clearly defined risk appetite framework for cybersecurity
and fraud risk exposure?

Regulatory Compliance & Legal Obligations

 How compliant is the organization with relevant regulations (e.g., DORA, NIS2, GDPR, PSD3,
and EBA guidelines)?
 Are cyber incident reporting obligations regularly tested through regulatory drills?
 Has the board reviewed cyber insurance coverage to ensure alignment with the organization's
financial risk exposure?

3. Cyber Resilience & Incident Response

Incident Readiness & Response Framework

 Does the organization maintain a comprehensive Cyber Incident Response Plan (CIRP) that
aligns with regulatory expectations?
 Are cyber crisis simulations and tabletop exercises conducted annually with executive
management participation?

Page 30 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

 Has the Business Continuity & Disaster Recovery (BC/DR) plan been tested specifically under
cyberattack scenarios?

Threat Intelligence & Proactive Defense

 Does the organization leverage advanced technologies such as AI-driven threat detection,
behavioral analytics, and Security Information and Event Management (SIEM) monitoring?
 Are penetration tests and red teaming exercises regularly conducted to validate security
defenses?
 Is real-time monitoring in place for emerging threats, including ransomware, AI-powered
fraud, and insider risks, as discussed throughout the report?

4. Workforce & Security Culture

Executive Cybersecurity Training & Awareness

 How frequently does the board undergo executive-level cybersecurity training on risk
mitigation and compliance responsibilities?
 Are all employees required to participate in mandatory security awareness programs and
phishing simulations?
 Is there a clear zero-tolerance policy for social engineering fraud (e.g., deepfake scams,
Business Email Compromise)?

Cybersecurity & Fraud Workforce Strategy

 Does the organization have a strategic plan to address cybersecurity talent shortages in the
market?
 Are cybersecurity and fraud prevention teams integrated for a unified defense approach?
 Are compensation and incentives appropriately structured to attract and retain top security
talent, addressing the workforce challenges mentioned in Section 9?

5. Board-Level Cyberattack Simulations & Crisis Management

Cyber Incident Response Drills

 Has the board participated in tabletop exercises simulating modern threats such as
ransomware, deepfake fraud, or AI-driven cyberattacks?
 Are real-world case studies analyzed to understand the impact of cyberattacks and improve
response readiness?
 Does the board have a specific playbook for cyber crises, including media response, legal
actions, and regulatory engagement?

Action Plan for Board Members

 Schedule a comprehensive cybersecurity governance review with risk and security teams.
 Ensure all regulatory compliance gaps are identified and addressed before the next audit cycle.
 Mandate the development of a board-approved cyber resilience strategy for 2025 and beyond.
 Prioritize investment in AI-driven threat detection and fraud mitigation technologies, as
emphasized throughout the report.

Cyber resilience starts at the top—boardroom decisions shape an

organization’s ability to survive the next cyber crisis.
Lead with vigilance, act with urgency.
Page 31 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

15. Protecting Your Digital Assets – A Guide for Individuals

Why Personal Cybersecurity Matters
Cyber threats don’t only target corporations and governments—individuals are prime targets for
cybercriminals due to their online presence, financial transactions, and personal data exposure.
Identity theft, ransomware, phishing, and deepfake fraud are increasing at an alarming rate.

Key Trends:
 A 223% increase in deepfake fraud targeting individuals and executives for financial theft
(Accenture’s Cyber Intelligence (ACI) researchers, 2024).
 The Federal Trade Commission (FTC) received 5.7 million total fraud and identity theft reports, 1.4
million of which were identity theft cases (2025 Identity Theft Facts and Statistics).
 75% of Small to Medium size Businesses (SMBs) could not continue operating if they were hit
with ransomware (survey of 1,200 SMBs by Momentive on behalf of CyberCatch).

Cyber resilience isn’t just for corporations—individuals must take proactive steps to safeguard their
digital identity and financial assets.

Essential Cybersecurity Practices for Individuals

1. Strengthen Your Passwords & Authentication

Use unique, complex passwords (12+ characters, mix of letters, numbers, symbols).

Enable Multi-Factor Authentication (MFA) for banking, email, social media, and cloud storage.

Use a password manager instead of reusing passwords.

2. Secure Your Devices & Software

Keep operating systems, apps, and antivirus software updated to prevent malware infections.

Use reputable security software with AI-driven threat detection.

Avoid downloading apps or files from unknown sources.

3. Protect Your Personal & Financial Data

Never store sensitive information (passwords, SSNs, banking details) in emails or text files.

Use encrypted cloud storage for sensitive data.

Monitor your credit score and bank transactions regularly for unauthorized activity.

4. Recognize and Avoid Phishing & Deepfake Scams

Never click on unexpected email links or attachments—always verify the sender.

Be cautious of urgent messages claiming, “Your account is at risk!”—this is a common phishing

tactic.

Deepfake videos and AI-generated voice scams are rising. If you receive an unusual request from
someone, verify with a phone call or video chat.

Page 32 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

5. Secure Your Home & Public Networks

Change default Wi-Fi router passwords and enable strong WPA3 encryption.

Use a VPN when accessing public Wi-Fi to encrypt your internet traffic.

Disable Bluetooth and location services when not in use.

6. Back Up Important Data

Regularly back up critical files to an external hard drive or cloud storage.

Keep offline copies of important documents like passports, IDs, and tax records.

7. Protect Your Online Privacy

Adjust social media privacy settings—limit public visibility of your personal details.

Use private browsing modes or search engines that don’t track personal data.

Review app permissions—don’t grant unnecessary access to microphone, camera, or contacts.

8. Plan for Digital Crisis Management

Have a cyber incident response plan:

 Know how to freeze your credit in case of identity theft.

 Save hotlines for your bank, mobile provider, and cybersecurity support.

Regularly test your defenses: simulate phishing attacks with free tools to check your awareness.

9. Educate Your Family & Employees

Teach children and elderly family members to recognize cyber threats.

If you run a small business, implement basic cybersecurity awareness training.

10. Enable AI-Driven Security Tools

AI-powered security solutions can detect fraud, malware, and phishing attempts in real-time.

Use AI-driven personal cybersecurity apps like Norton 360, Microsoft Defender, or SentinelOne
to automate risk detection.

Final Takeaway: Cybersecurity is a Lifelong Habit

Cyber resilience is not just about tools—it’s about mindset and vigilance. By following these 10
steps, you can significantly reduce your personal cybersecurity risk, safeguard your digital assets, and
protect your financial future.

In today’s digital landscape, cybersecurity is not just a corporate concern—

it’s personal!
Take action, stay informed, and build habits that protect your digital identity.

Page 33 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

16. Glossary of Terms

A

 Access Control Systems (ACS) & Surveillance: Physical security measures such as smart access cards,
biometric scanners, and CCTV monitoring to prevent unauthorized entry into data centers, server
rooms, and corporate offices.

 Advanced Persistent Threat (APT): A stealthy cyberattack where adversaries gain unauthorized access
to a network and remain undetected for extended periods to steal data or disrupt operations.

 AI-Driven Attacks: Cyberattacks leveraging artificial intelligence (AI) to automate, scale, and adapt
hacking techniques, making them more difficult to detect.

 AI-Driven Threat Detection & Response: Adaptive security monitoring approach leveraging real-time
AI-based risk scoring, anomaly detection, and automated threat mitigation. Enhances visibility across
cloud, endpoint, and network environments.

 API Security: Protection of Application Programming Interfaces (APIs) through strict authentication
controls, rate limiting, input validation, and OWASP API Security Best Practices to prevent API abuse
and unauthorized access.

 Application Security Testing (AST): The practice of assessing applications for vulnerabilities using Static
Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive
Application Security Testing (IAST) to detect OWASP Top 10 risks.

 Application Whitelisting & Privilege Management: A security approach that restricts unauthorized
applications from executing and enforces least privilege access through Role-Based Access Control
(RBAC) and Privileged Access Management (PAM).

 Automated Security Validation (ASV) – A security process that continuously tests cyber defenses using
automated attack simulations.

 Biometric Authentication & Smart Cards: Security mechanisms using fingerprints, retina scans, facial
recognition, or hardware-based smart cards to authenticate privileged access securely.

 Business Continuity Planning (BCP): A strategic approach to ensuring the continuation of critical
business functions during and after a cyber incident. Now includes AI-assisted Business Impact Analysis
(BIA) to identify critical systems and automate recovery planning.

 Chief Information Security Officer (CISO): A senior executive responsible for cybersecurity governance,
risk assessment, and security oversight, ensuring compliance with regulatory frameworks.

 Cloud Security Posture Management (CSPM): A security solution that continuously monitors cloud
environments (AWS, Azure, GCP) to detect misconfigurations, enforce security policies, and reduce
cloud security risks.

 Compliance Risk: The potential for financial loss, regulatory penalties, or reputational damage due to
non-compliance with laws and regulations such as GDPR, DORA, and NIS2.

 Critical Infrastructure: Systems and assets essential for society’s functioning, including banking,
healthcare, energy, and transportation sectors.

Page 34 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

 Cybercrime-as-a-Service (CaaS) – A growing underground economy where hackers sell pre-built

cyberattack tools, enabling non-technical criminals to launch sophisticated attacks.

 Cyber Threat Intelligence (CTI) – The collection, analysis, and dissemination of threat data to predict,
prevent, and respond to cyber risks

 Data Loss Prevention (DLP): Security measures designed to detect and prevent unauthorized access,
sharing, or exfiltration of sensitive data. Now includes Cloud DLP & AI-Powered Data Classification for
enhanced visibility into shadow data risks in multi-cloud environments.

 Deepfake Fraud – AI-generated synthetic media (videos, voice, or images) used for fraud,
misinformation, identity theft, or financial manipulation.

 Defense-in-Depth (DiD): A multilayered cybersecurity strategy that uses multiple defensive measures
to protect IT systems from cyber threats.

 Digital Operational Resilience Act (DORA): A European Union regulation establishing requirements for
ICT risk management, incident reporting, resilience testing, and third-party risk oversight in the financial
sector.

 Distributed Denial of Service (DDoS) Attack: A cyberattack in which multiple systems overwhelm a
target’s network, service, or website, disrupting normal operations.

 DNS Security & Secure Web Gateways (SWG): Prevent access to malicious websites, phishing sites, and
unauthorized internet services, enforcing safe browsing policies.

 ECB Cyber Resilience Expectations: European Central Bank (ECB) requirements for financial institutions
to strengthen cyber resilience, manage ICT risk, and ensure operational continuity.

 Endpoint Detection & Response (EDR) & Managed Detection and Response (MDR): EDR provides real-
time endpoint visibility, threat detection, and response automation, while MDR includes 24/7
monitoring by a SOC team with proactive threat hunting.

 Extended Detection & Response (XDR): An advanced security solution that integrates threat detection
across endpoints, email, networks, and cloud to correlate and mitigate attacks in real time.

 Extended Security Posture Management (XSPM) – An advanced security model integrating attack
simulation, breach and attack testing, continuous validation, and real-time risk assessments.

 Fraud Risk Management: Security measures designed to detect, prevent, and respond to fraudulent
activities, including identity theft and financial fraud. Now includes AI-Driven Transaction Fraud
Detection, aligning with PSD3 and FIDA mandates on real-time fraud detection and adaptive anomaly
monitoring.

 General Data Protection Regulation (GDPR): A European privacy law mandating strict requirements for
handling and protecting personal data.

 Governance & Compliance Alignment: Ensuring adherence to ECB, EBA, DORA, NIS2, ISO 27001, NIST,
and CIS Controls in cybersecurity operations.

Page 35 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

 Identity and Access Management (IAM) – Systems and policies that control user access, enforcing least
privilege and Multi-Factor Authentication (MFA) to protect sensitive systems.

 Incident Response (IR): A structured cybersecurity process for detecting, responding to, and recovering
from cyber incidents, reducing downtime and limiting damage.

 Insider Threat: A cybersecurity risk arising from employees, contractors, or trusted third parties who
misuse their access to compromise data, security, or financial integrity.

 ISO 27001: An internationally recognized standard for information security management systems
(ISMS).

 Managed Detection and Response (MDR): A security service providing continuous threat monitoring,
detection, and rapid incident response.

 Multi-Factor Authentication (MFA): A layered security approach requiring two or more verification
methods (e.g., password + biometric + token) to authenticate users securely.

 National Digital Security Authority (NDSA): The regulatory body overseeing national cybersecurity
requirements and critical infrastructure protection.

 Network Access Control (NAC): A security framework enforcing policy-based controls to allow only
compliant, authenticated, and authorized devices onto internal networks.

 NIS2 Directive: A European Union directive strengthening cybersecurity risk management and incident
reporting for critical and important entities.

 Patch Management: The process of identifying, testing, and applying updates to software and systems
to mitigate security vulnerabilities.

 Phishing Attack: A cyberattack where attackers impersonate trusted entities to deceive users into
revealing sensitive information, such as credentials or financial details.

 Quantum-Safe Cryptography – Encryption techniques designed to resist attacks from quantum

computers, ensuring long-term security of sensitive data. Now includes NIST Post-Quantum
Cryptography (PQC) Migration Strategies, emphasizing the need for organizations to assess
cryptographic dependencies before 2026 transition deadlines.

 Ransomware: A type of malware that encrypts files or entire systems, demanding ransom payment for
decryption, often using double-extortion tactics to monetize stolen data.

 Red Teaming: Simulated adversarial cyberattacks conducted by ethical hackers to evaluate and
strengthen an organization’s security posture. Expanded to include AI-Powered Adversarial Emulation,
highlighting advanced AI-driven penetration testing frameworks.

Page 36 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

 Regulatory Compliance Alignment: Ensuring cybersecurity measures meet legal and regulatory
requirements set by ECB, EBA, DORA, and NIS2.

 Residual Risk: The remaining risk after security measures have been applied, acknowledging that no
system is 100% risk-free.

 Runtime Application Self-Protection (RASP): A security technology embedded within applications that
detects and prevents runtime threats such as code injection, privilege escalation, and API abuse.

 Secure Software Development Lifecycle (SDLC): A DevSecOps approach integrating security at every
stage of software development. Includes threat modeling, secure coding practices, automated security
testing, and continuous risk assessments.

 Security Information & Event Management (SIEM): A cybersecurity solution that collects, analyzes,
and responds to security events in real-time.

 Security Orchestration, Automation, and Response (SOAR): A system that automates security
workflows, improving threat detection and incident response. Expanded to GenAI-Enhanced Security
Automation, covering AI-driven playbook execution and real-time threat remediation.

 Software Bill of Materials (SBOM): A detailed inventory of software components used in an application,
ensuring transparency and reducing risks from supply chain attacks.

 Supply Chain Risk Management (SCRM): Security practices aimed at identifying, mitigating, and
managing cyber risks introduced by third-party vendors, suppliers, and service providers.

 Systemic Bank: A financial institution whose failure could destabilize the financial system.

 Threat Intelligence: The process of collecting and analyzing cybersecurity threat data to predict and
prevent attacks.

 Third-Party Risk Management: Assessing and mitigating security risks posed by external vendors,
contractors, and supply chain partners.

 Vulnerability Management Program (VMP): A structured risk-based approach to continuously identify,

assess, and remediate vulnerabilities. Expanded to Continuous Attack Surface Management (ASM) for
real-time exposure risk monitoring.

 Zero-Day Exploit: A cyberattack targeting undiscovered software vulnerabilities before a patch is

available. Expanded to include AI-Assisted Zero-Day Risk Prioritization, leveraging machine learning for
predictive vulnerability exploitation modeling.

 Zero Trust Architecture (ZTA): A security model enforcing strict identity verification for every user and
device attempting to access a network.

 Zero Trust Network Access (ZTNA) – A security model enforcing strict authentication and least-privilege
access to all network resources, regardless of user or device location.

Page 37 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

17. Acronyms
A–C

1. AI – Artificial Intelligence

2. AML – Anti-Money Laundering

3. API – Application Programming Interface

4. APRA CPS 234 – Australian Prudential Regulation Authority Cybersecurity Standard

5. BEC – Business Email Compromise

6. BCBS – Basel Committee on Banking Supervision

7. BAS – Breach and Attack Simulation

8. CROE – Cyber Resilience Oversight Expectations

9. CASB – Cloud Access Security Broker

10. CSPM – Cloud Security Posture Management

11. CTI – Cyber Threat Intelligence

12. CVE – Common Vulnerabilities and Exposures

D–G

13. DLP – Data Loss Prevention

14. DORA – Digital Operational Resilience Act

15. ECB – European Central Bank

16. EBA – European Banking Authority

17. EDR – Endpoint Detection and Response

18. FFIEC – Federal Financial Institutions Examination Council

19. FDE – Full Disk Encryption

20. FIDA – Financial Data Access Framework

G–M

21. GDPR – General Data Protection Regulation

22. IAM – Identity and Access Management

23. IPS – Intrusion Prevention System

24. ISO 27001 – International Standard for Information Security Management

25. JIT – Just-In-Time Access

26. MAS TRM – Monetary Authority of Singapore Technology Risk Management

27. MFA – Multi-Factor Authentication

28. MITRE ATT&CK – MITRE Adversarial Tactics, Techniques, and Common Knowledge

Page 38 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

N–P

29. NGFW – Next-Generation Firewall

30. NIS2 – Network and Information Security Directive 2

31. NIST CSF – National Institute of Standards and Technology Cybersecurity Framework

32. NIST SP 800-53 – NIST Special Publication for Security and Privacy Controls

33. NTA – Network Traffic Analysis

34. PAM – Privileged Access Management

35. PQC – Post-Quantum Cryptography

36. PSD2 – Payment Services Directive 2

37. PSD3 – Payment Services Directive 3

38. PSR – Payment Services Regulation

R–T

39. RaaS – Ransomware-as-a-Service

40. RBAC – Role-Based Access Control

41. RASP – Runtime Application Self-Protection

42. SAST/DAST – Static and Dynamic Application Security Testing

43. SBOM – Software Bill of Materials

44. SDLC – Secure Software Development Lifecycle

45. SIEM – Security Information and Event Management

46. SOAR – Security Orchestration, Automation, and Response

47. SOC – Security Operations Center

48. TLPT – Threat-Led Penetration Testing

49. TTPs – Tactics, Techniques, and Procedures

U–Z

50. UBA – User Behavior Analytics

51. WAF – Web Application Firewall

52. XDR – Extended Detection and Response

53. ZTA – Zero Trust Architecture

54. ZTNA – Zero Trust Network Access

Page 39 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

18. References
1. Key Cybersecurity & Threat Intelligence Reports

1. World Economic Forum (WEF) – The Global Risks Report 2024 – Analysis of global threats, including
cybersecurity risks, geopolitical instability, and financial vulnerabilities.

https://www.weforum.org/publications/global-risks-report-2024/

2. World Economic Forum (WEF) – Global Cybersecurity Outlook 2025 – Strategic insights into AI-driven
cyber threats, regulatory trends, and resilience strategies for financial institutions.
https://www.weforum.org/publications/global-cybersecurity-outlook-2025/

3. World Economic Forum (WEF) – AI & Cybersecurity Report 2025 – Comprehensive analysis of the
intersection between artificial intelligence and cybersecurity, focusing on balancing risks and rewards.

https://reports.weforum.org/docs/WEF_Artificial_Intelligence_and_Cybersecurity_Balancing_Risk
s_and_Rewards_2025.pdf

4. CrowdStrike Global Threat Report 2025 – Provides intelligence on the evolving cyber threat landscape,
including AI-driven attacks, malware-free intrusions, and geopolitical cyber risks.

https://www.crowdstrike.com/en-us/global-threat-report/

5. IBM Cost of a Data Breach Report 2024 – Comprehensive analysis of breach trends, including the
financial impact, containment times, and best practices for risk mitigation.

https://www.ibm.com/security/data-breach

6. 2025 Identity Theft Facts and Statistics – IdentityTheft.org (2025). Comprehensive identity theft trends,
financial losses, and emerging fraud tactics. Covers statistics on synthetic identities, account takeovers,
and consumer fraud protection strategies.

https://identitytheft.org/statistics/

7. Deepfake Technology: New Cybersecurity Threats – Accenture (2024). Beyond Illusion: Unmasking the
Real Threats of Deepfakes. Explores the rise of AI-driven deepfake attacks and their implications for
cybersecurity, fraud prevention, and digital trust.

https://www.accenture.com/us-en/blogs/security/beyond-illusion-unmasking-real-threats-
deepfakes

8. SMBRS Cybersecurity Risk Assessment Report – CyberCatch (2025). Small and Medium Business Risk
Study (SMBRS) Report. Analyzes cybersecurity vulnerabilities in SMBs, including phishing, ransomware,
and compliance gaps.

https://cybercatch.com/smbrs-download/

9. ENISA Threat Landscape: Finance Sector 2024 – Reports 488 cyber incidents in financial institutions
across Europe, highlighting key threat vectors such as ransomware, supply chain attacks, and phishing.

https://www.enisa.europa.eu/sites/default/files/2025-02/Finance%20TL%202024_Final.pdf

10. The Cyprus Economy and Competitiveness Council, "Economic Risks in Cyprus" – Identifies
cyberattacks on critical infrastructure as one of the top three imminent risks to the Cypriot economy.

http://www.ecompet.cy/ecompet/ecompet.nsf/All/BD581EE12C9160CBC2258C36004099C3?Ope
nDocument

Page 40 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

Additional Threat Intelligence Resources

1. MITRE ATT&CK Framework – A global knowledge base of cyber adversary tactics, techniques, and
procedures.

https://attack.mitre.org & https://attack.mitre.org/matrices/enterprise/

2. Cybersecurity & Infrastructure Security Agency (CISA) – Known Exploited Vulnerabilities Catalog – U.S.
database of actively exploited security vulnerabilities.

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

3. FBI IC3 (Internet Crime Complaint Center) Annual Report 2024 – For fraud & cybercrime trends
affecting financial institutions.

https://www.ic3.gov

4. NIST Post-Quantum Cryptography Standards – A Framework for the Future of Encryption.

https://csrc.nist.gov/projects/post-quantum-cryptography

2. Regulatory & Compliance Frameworks

1. European Central Bank (ECB) Cyber Resilience Oversight Expectations (CROE) – Establishes resilience
testing, third-party risk oversight, and systemic risk governance for financial institutions.

https://www.ecb.europa.eu/press/pr/date/2018/html/ecb.pr181203_1.en.html

2. Digital Operational Resilience Act (DORA) – EU regulation mandating ICT risk management, third-party
risk oversight, resilience testing, and incident reporting for financial institutions.

https://www.eiopa.europa.eu/digital-operational-resilience-act-dora_en &
https://finance.ec.europa.eu/regulation-and-supervision/financial-services-legislation/implementing-
and-delegated-acts/digital-operational-resilience-regulation_en

3. NIS2 Directive (Network and Information Security 2) – Strengthens cybersecurity risk management,
incident reporting, and governance for critical sectors, including banking and finance.

https://eur-lex.europa.eu/eli/dir/2022/2555/oj/eng

4. General Data Protection Regulation (GDPR) – EU regulation requiring stringent data protection
measures, breach notification, and privacy-by-design security frameworks.

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=LEGISSUM%3A310401_2

5. ISO/IEC 27001:2022 (Information Security Management) – International standard for Information

Security governance, risk management, and business continuity.

https://www.iso.org/standard/27001

6. EBA Guidelines on ICT & Security Risk Management – European Banking Authority (EBA) framework
defining ICT governance, operational resilience, and incident response requirements.

https://www.eba.europa.eu/activities/single-rulebook/regulatory-activities/internal-
governance/guidelines-ict-and-security-risk-management

7. NIST Cybersecurity Framework (CSF) v2.0 – Focuses on high-level cybersecurity governance and risk
management strategies. Provides a risk-based approach for cybersecurity, aligning with global financial
and operational resilience strategies. Used by financial institutions, critical infrastructure sectors, and

Page 41 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

enterprises worldwide. Also, NIST SP 800-53 → Provides detailed security and privacy controls for
federal agencies, financial institutions, and critical infrastructure sectors.

https://www.nist.gov/cyberframework & https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final

8. Basel III Cybersecurity Guidelines (2024) – Introduces cyber risk governance mandates for systemic
financial stability. Ensures banks and financial firms enhance cybersecurity defenses against emerging
threats.

https://www.bis.org/basel_framework/

9. FIDA (Financial Data Access Framework) – Regulates Open Banking fraud risk under PSD3.

https://finance.ec.europa.eu/publications/financial-data-access-and-payments-package_en &
https://finance.ec.europa.eu/digital-finance/framework-financial-data-access_en

10. Payment Services Directive 3 (PSD3) – EU Proposal. European Commission (2023). Proposal for a
Directive on payment services and electronic money services (PSD3). Establishes enhanced fraud risk
management, liability frameworks, and strengthened consumer protections.

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:52023PC0366

11. Payment Services Regulation (PSR) – EU Proposal. Proposed Regulation on payment services in the
internal market (PSR). Introduces stricter security measures, operational resilience requirements, and
real-time fraud detection mandates.

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:52023PC0367

3. Real-World Cyber Attack Case Studies (2017-2025)

Major Historical Cyber Incidents (2017-2020)

1. NotPetya Malware Attack (2017) – Russian-linked wiper malware caused $10 billion in damages to
multinational corporations, including Maersk and Merck.

Greenberg, A. (2018). The Untold Story of NotPetya, the Most Devastating Cyberattack in History.
WIRED. https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/

2. Merck’s $1.4B Cyber Insurance Dispute Over NotPetya (2024) – The legal battle over cyber insurance
coverage for the NotPetya attack.

CyberNews (2024). Merck Settles NotPetya Insurance Claim for $1.4B.

https://cybernews.com/news/merck-settles-notpetya-insurance-billions/

3. SolarWinds Supply Chain Attack (2020) – A sophisticated cyber espionage campaign compromised over
18,000 organizations, including U.S. federal agencies.

Sanger, D. (2020). Russia Uses Hacked Networks to Spy on U.S. The New York Times.
https://www.nytimes.com/2020/12/14/us/politics/russia-hack-nsa-homeland-security-pentagon.html

Recent Cyber Attacks (2020-2025)

1. Russian Cyberattacks on Ukraine (2024) – A significant surge of nearly 70% in cyberattacks targeted
Ukraine’s government services, energy sector, and defense infrastructure, employing malware,
phishing, and account compromises.
Source: Significant Cyber Incidents | Strategic Technologies Program | CSIS
https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents

Page 42 of 43
 Cybersecurity & Fraud Risk Report 2025: Is Your Organization Prepared for the Next Cyberattack?

2. Bybit Cryptocurrency Exchange Heist (2025) – North Korea’s Lazarus Group executed the largest
known cryptocurrency heist, stealing $1.5 billion from Bybit.
Source: North Korea Behind $1.5B Bybit Crypto Hack: FBI - Business Insider
https://www.businessinsider.com/north-korea-behind-bybit-crypto-hack-fbi-billion-dollar-heist-2025-
2 & https://www.ic3.gov/PSA/2025/PSA250226

3. T-Mobile Data Breach (2021) – A cyberattack compromised over 50 million T-Mobile customer
records, including Social Security numbers, names, and driver's license information.
Source: T-Mobile Data Breach - Business Insider
https://www.cnet.com/news/privacy/t-mobile-data-breach-more-than-50-million-people-now-
affected/ & https://www.reuters.com/business/media-telecom/us-reaches-315-million-settlement-
with-t-mobile-over-data-breaches-2024-09-30/

4. University of California, San Francisco Ransomware Attack (2020) – The NetWalker ransomware
group attacked UCSF, encrypting critical academic and medical data. UCSF paid $1.14 million in
ransom to regain access.
Source: The University Of California Pays $1 Million Ransom Following Cyber Attack
https://www.forbes.com/sites/daveywinder/2020/06/29/the-university-of-california-pays-1-million-
ransom-following-cyber-attack/

5. Genea IVF Clinic Data Breach (2025) – A major breach at Genea, an Australian IVF clinic, resulted in
nearly a terabyte of sensitive patient data being stolen and published on the dark web.
Source: Genea IVF Hack: Horror Legal Loophole Leaves Aussies at Risk - News.com.au
https://www.news.com.au/lifestyle/health/breathtaking-genea-cyberattack-reveals-stunning-
australian-problem/news-story/5e6fe1e4a3d0634064a4c3f53d53e6f0

6. Colonial Pipeline Ransomware Attack (2021) – The DarkSide ransomware group forced a temporary
shutdown of the U.S. East Coast’s largest fuel supplier, resulting in fuel shortages and a $4.4 million
ransom payment.
Source: The Attack on Colonial Pipeline: What We’ve Learned & What We’ve Done Over the Past
Two Years | CISA
https://www.cisa.gov/news-events/news/attack-colonial-pipeline-what-weve-learned-what-weve-
done-over-past-two-years

4. Salary & Workforce Data

1. (ISC)² Cybersecurity Workforce Report 2024 – Reveals how the economy and AI are the prevailing
forces redefining the environment in which cyber professionals work.

https://www.isc2.org/Insights/2024/10/ISC2-2024-Cybersecurity-Workforce-Study

2. Glassdoor (2024) – Global cybersecurity and fraud salary benchmarks.

https://www.glassdoor.com & https://www.glassdoor.com/Salaries/cyber-security-salary-
SRCH_KO0,14.htm

3. Payscale (2024) – Average salaries for cybersecurity and fraud professionals by region.
https://www.payscale.com

Cyber threats evolve, and so must our knowledge.

Staying informed through authoritative sources is not optional—it’s essential.
Every organization will be breached—it’s no longer a question of if, but when.
Success isn’t just about preventing cyberattacks—
it’s about how well you respond and recover.

Page 43 of 43