In a recent KeyBank survey of owners and executives of U.S. businesses, data shows seven in ten companies polled reported experiencing a cyber or fraud incident in the past year. The question is no longer if you will be targeted. Rather, the question is: “Are you prepared?”
The unfortunate reality is that cyber and fraud threats have become a part of the everyday business landscape. As a result, balancing risk mitigation with business continuity has become a day-to-day operation.
Prepare for the inevitable
Collaboration is critical. Even a small disconnect between a business unit (i.e., finance) and IT can lead to large consequences: operational slowdowns, reputational hits and shaken customer confidence.
These attacks go beyond technical headaches. Phishing, data manipulation and identity theft can strike the systems that power financial reporting, cash flow visibility and investor confidence. When those systems are compromised, the impact is immediate and often expensive.
That’s why protecting against cyber and fraud threats has fast become a strategic priority. Cross-functional alignment, a culture of accountability and investments in controls and training aren’t just defensive moves anymore. They’re key drivers that help protect value and position your business to respond with speed and clarity when it matters most.
Identify points of attack
Among the most common fraud incidents, phishing and email spoofing (33%) lead the way, followed closely by data corruption (32%) and identity theft (24%).
And in the spirit of what is old is new again, physical mail theft and check alteration is on the rise —23% of surveyed leaders reported incidents between July 2024 and July 2025.
These patterns are important to be aware of. They should influence how you prioritize cybersecurity investments and shape your response strategies.
For example: criminals are smart at finding weak links, and paper checks are a weak link. The risk is especially high in environments where paper checks are still part of routine disbursements. To combat this, more companies are accelerating the shift to digital payments, tightening reconciliation practices and equipping staff to spot red flags
before fraud occurs.
Protect for long-term resilience
For many businesses, cybersecurity is about more than avoiding theft. It’s about protecting liquidity and ensuring financial operations are strong in a high-threat landscape.
The following are some cybersecurity points of emphasis:
• Anti-virus protection and anti-malware on all business computers
• Implementation of multi-factor authentication
• Strong password requirements
• Unauthorized device (i.e., USB sticks) prevention
• Managed detection response (MDR) to monitor computer environments
• VPN access for out-of-network users
• Dual authorization for outgoing payments
• Documented security policies and procedures
Each of these measures are important and effective, but basic controls and technology aren’t always enough. A foundational gap remains with employee training.
Cyber threats like phishing and social engineering are designed to manipulate human behavior. Every employee needs to understand their role in protecting the business. Clear, written policies and regular training are frontline defenses against costly breaches.
In an environment where just a single misstep can lead to financial loss, reputational damage and operational disruption, investing in employee awareness is a must. It’s a strategic move that strengthens internal controls, reinforces accountability and helps ensure your business is protected from the inside out.