World Economic Forum: Cyber-Fraud Overtakes Ransomware as Top Cybersecurity Concern for Business Leaders

Cyber-fraud has overtaken ransomware as the leading cybersecurity concern for business leaders worldwide, according to new insights highlighted by the World Economic Forum. The shift reflects a changing threat landscape in which financially motivated fraud schemes are becoming more frequent, more sophisticated, and more damaging than traditional extortion-based attacks.

A Shift in the Cyber Risk Landscape

For several years, ransomware dominated boardroom discussions as organizations grappled with disruptive attacks that halted operations and demanded multimillion-dollar payouts. While ransomware remains a serious threat, business leaders are now increasingly alarmed by cyber-fraud, which often operates quietly, persistently, and at scale.

Cyber-fraud encompasses a wide range of activities, including business email compromise, payment diversion scams, identity theft, deepfake-enabled social engineering, and account takeover. Unlike ransomware incidents, fraud-related losses may go undetected for extended periods, allowing attackers to siphon funds repeatedly before alarms are raised.

Why Cyber-Fraud Is Rising

The World Economic Forum points to several factors driving the surge in cyber-fraud. The widespread adoption of digital payments, cloud platforms, and remote work has expanded the attack surface for criminals. At the same time, advances in artificial intelligence have lowered the barrier for conducting convincing impersonation and phishing attacks.

AI-generated emails, voice cloning, and deepfake video are increasingly used to impersonate executives, suppliers, or trusted partners. These techniques have significantly increased the success rate of fraud campaigns, even against organizations with mature cybersecurity programs.

Business Email Compromise at the Core

Business email compromise remains one of the most financially damaging forms of cyber-fraud. Attackers infiltrate or spoof corporate email accounts to manipulate payment instructions, redirect invoices, or authorize fraudulent wire transfers.

According to industry estimates referenced by the Forum, global losses from email-based fraud now exceed tens of billions of dollars annually, outpacing many ransomware campaigns in cumulative financial impact.

Why Ransomware Is No Longer the Top Fear

While ransomware attacks continue, organizations have improved resilience through backups, incident response planning, and greater awareness. In many sectors, ransom payments have declined as companies refuse to negotiate or are able to restore systems independently.

Cyber-fraud, by contrast, targets human trust rather than system availability. Even well-secured environments remain vulnerable if employees can be manipulated into authorizing transactions or sharing credentials.

Impact on Boards and Executives

The elevation of cyber-fraud to the top concern reflects growing anxiety at the executive and board level. Fraud directly affects financial statements, regulatory compliance, and corporate reputation, often without the visibility of a major outage.

Executives are also increasingly being targeted personally, with attackers impersonating CEOs or CFOs to pressure staff into urgent financial actions. These attacks exploit hierarchical trust and time pressure, making them particularly effective.

Defensive Priorities Are Changing

In response, the World Economic Forum notes a shift in defensive priorities. Organizations are investing more in identity security, payment verification controls, and employee awareness programs focused on social engineering rather than purely technical exploits.

Multi-factor authentication, strict payment approval workflows, and out-of-band verification for financial requests are becoming standard controls. Behavioral analytics and anomaly detection are also being used to spot suspicious transaction patterns before funds are lost.

The Role of Regulation and Governance

Regulators are paying closer attention to cyber-fraud as losses mount. Financial institutions and large enterprises are facing increased expectations to demonstrate robust controls against digital fraud, including executive impersonation and AI-enabled scams.

Failure to prevent or quickly detect fraud incidents can lead to regulatory penalties, shareholder scrutiny, and litigation, elevating cyber-fraud from an IT issue to a core governance concern.

A New Reality for Cyber Risk Management

The World Economic Forum’s assessment underscores a broader reality: cyber risk is no longer defined solely by system breaches and outages. Instead, the most damaging attacks increasingly exploit human behavior, trust, and complex digital workflows.

As cyber-fraud continues to evolve faster than traditional defenses, organizations are being forced to rethink cybersecurity as a blend of technology, process, and human judgment. For business leaders, the challenge is no longer just keeping systems running, but ensuring that digital trust itself is not weaponized against them.