Cybersecurity beyond IT: the hidden costs for finance teams

In early 2024, a finance worker at a global enterprise sat down for what appeared to be a routine video call. On the screen were the familiar faces of colleagues, including the CFO. The instructions that followed seemed urgent but legitimate: transfer over $200 million Hong Kong dollars (over €21 million) to multiple bank accounts across 15 transfers. What the worker didn’t realise was that the entire meeting, apart from themselves, was a meticulously crafted deepfake. Within hours, the funds vanished. The criminals had used advanced AI to mimic voices and faces, bypassing every technical control in place.

This story could be the plot for a science fiction film, but cyberattacks like these are a reality for businesses worldwide. In Germany alone, cybercrime cost the economy an estimated €178 billion in 2024. Similar stories have surfaced in the US, the UK, and across Asia. The sheer scale of financial loss and reputational damage has led to a shift in perspective: cybersecurity is no longer the exclusive concern of IT teams. It has become a boardroom priority, essential to risk management, business continuity, and stakeholder trust.

As Dr. Christian Reinhardt, Director of Human Risk Management at SoSafe, explained during a panel discussion with Bastienne Föller, CFO at Treasury Intelligence Solutions (TIS), at Forge Connect in Dusseldorf, “If cybercrime were an economy, it would probably be the third largest in the world”. With these numbers, it’s safe to say that finance professionals and leadership teams cannot afford to treat cyber risk as a distant or technical issue.

As cyber threats become more sophisticated and business models more digital, safeguarding finances and reputation must become a shared responsibility.

The financial reality of cyberattacks

Behind every cyberattack, there is a financial story, one that often unfolds in unpredictable and costly ways. For finance leaders and teams, the impact of a breach goes far beyond the initial ransom or theft. The fallout can disrupt entire operations, derail business plans, and leave a long shadow on reputation and company value.

Bastienne Föller puts it plainly: “If you think about what interests cybercriminals, it’s always about money. Whether it’s ransom, or operational outages that lead to liquidity issues, business plans that have to be thrown out. At the end of the day, it’s always about money. And that’s what lands on my desk, something I see regularly in my work.”

TIS processes around €9.5 billion in payments every day for major financial institutions, making robust cybersecurity a hidden, yet essential, part of their product. “If that’s not in place, customers will leave,” Föller explained. Last year, during a company sale to a private equity firm, she saw how investors scrutinise not just revenue or profit, but a company’s cyber resilience. “They also carry out so-called penetration tests to see how secure the company is against such attacks. Because if something does happen, the company’s reputation can be quickly destroyed. Customers leave, business plans are obsolete, and company value drops. So, from a financing and investor trust perspective, this is a crucial issue.”

The risks are real and multiplying. According to Netwrix’s 2025 Cybersecurity Trends Report, 51% of organisations reported experiencing a security incident in the past 12 months, with phishing being the most common threat. In the US, ransomware attacks alone cost businesses billions in direct losses and insurance claims every year.

The impact extends beyond financial health. Customer attrition, negative media coverage, and regulatory scrutiny often persist long after the technical issues are resolved.

For finance teams, this means cyber risk has become a permanent fixture on the risk register. Boardrooms now view cybersecurity not just as IT hygiene, but as an essential pillar of business continuity and long-term value creation.

Yet, as the frequency and scale of attacks rise, it’s clear that financial losses often begin not with a failure in technology, but with a lapse in human judgment or behaviour. This shift in risk, from technical to human factors, demands a deeper look at how psychology influences an organisation’s defences.

Human psychology: the real “attack surface”

Ask most finance professionals how cybercriminals break through corporate defences, and many will point to technical vulnerabilities. Yet, research and frontline experience show a different reality: people, not systems, are the real “attack surface.”

Christian Reinhardt, Director of Human Risk Management at SoSafe, has studied the psychology of attacks for years. “About nine out of 10 attacks are conducted through the human factor,” he explained during the panel discussion. Attackers know that the fastest way past security controls is to manipulate, pressure, or deceive people inside the company, especially when money or authority is involved.

Criminals are highly organised, persistent, and professionally trained. “Most attackers are not just hoodie-wearing teenagers in a basement with pizza and energy drinks. We’re up against opponents who are very well resourced and, above all, psychologically trained. Our employees will be trained, either by us or by the attackers,” Reinhardt warned.

Classic attack methods exploit urgent requests, authority figures, or emotional triggers, tactics that can trip up even experienced staff. A good example of this is one of the first reported cases of a cyberattack using a voice clone, where an employee from a UK-based energy firm received a call from his boss, who requested a transfer of over €220,000 to the bank account of a Hungarian supplier. The fraudsters went so far as to mimic the executive’s German accent and tone.