Cybersecurity’s New Business Case: Fraud
Lohrmann on Cybersecurity
Government security leaders are struggling. Cyber investments are lagging. Resources are being cut. The problem is getting worse. Let’s explore solutions.
Cybersecurity’s New Business Case: Fraud
Lohrmann on Cybersecurity
Government security leaders are struggling. Cyber investments are lagging. Resources are being cut. The problem is getting worse. Let’s explore solutions.
January 25, 2026 •
Dan Lohrmann
Shutterstock
Attention all government CISOs (and yes, CTOs, CIOs, CFOs, COOs and even a few corporate CEOs can listen in): It’s time to adjust our cyber lingo — again.
Specifically, start talking (more) about financial fraud, AI-generated scams, citizen trust, due diligence, (your government’s) reputation, protecting identities, cyber crime, data integrity and AI-solutions to all of the above.
Stop talking as much about hacking, zero-day exploits, critical network vulnerabilities, next-generation firewalls and other technical security jargon. (OK, a little talk with internal SOC staff may be an exception.)
Across the country, numerous state and local government security leaders are facing budget cuts, staffing shortages, hiring freezes, fewer grants and oftentimes an inability to make a compelling case for new (or ongoing) cybersecurity investments that are needed now.
As many state and local governments struggle with budget shortfalls and staffing challenges, the bad actors are ramping up online fraud schemes that take advantage of identity management flaws in government systems, stolen credentials, a lack of technology systems oversight, network vulnerabilities, phishing campaigns and other weaknesses that traditionally are under the auspices of cybersecurity (or cyber defense) teams.
THE AI-GENERATED FRAUD PROBLEM
Meanwhile national headlines, local news stories and even holiday dinner conversations highlight the urgent problems emerging related to online financial fraud ranging from social engineering attacks against individuals to sophisticated money scams hitting seniors to state and local government services fraud schemes.
According to GAO.gov, there was over $300 billion in fraudulent payments within pandemic-relief programs: “We estimated fraud for unemployment insurance programs between $100-135 billion from April 2020 through May 2023. The Small Business Administration’s (SBA) Office of Inspector General reported about $200 billion in potentially fraudulent pandemic-relief loans under the Paycheck Protection Program and the COVID-19 Economic Injury Disaster Loan program.”
At the same time, recently released Federal Trade Commission data show that consumers reported losing more than $12.5 billion to fraud in 2024, which represents a 25 percent increase over the prior year.
A few more examples:
First and foremost, as I have written many times before: “Get on boats leaving the dock.” In the current context, this means get your cyber team involved with efforts to find and eliminate fraud in government programs.
You can read details on this strategy and other tips on getting management buy-in on cyber projects in this blog.
Third, in support of the first two items, examine report details from this Microsoft Digital Defense Report for 2025, which has sections on fraud, scams and other relevant topics, along with an extensive look on identity management, which is the source of many issues.
“CISOs must implement controls that assume the trust layer is compromised. This means prioritizing controls that fight identity fraud:
“Payment verification: Mandate out-of-band verification (e.g., a voice or video call on a separate, verified line) for all large financial transactions, no matter the internal source.
“Identity analytics: Deploy User and Entity Behavior Analytics (UEBA) to flag anomalous activity. The person who always uses Slack for approvals and suddenly switches to email for a $500,000 transfer should be immediately flagged.
“Endpoint integrity: Ensure your Mobile Threat Defense (MTD) strategy protects against credential harvesting and session hijacking that facilitate identity takeover.”
And last (for now): Re-examine who you are talking to in government about these issues. Beyond auditors and others mentioned, ensure that AI solutions are addressing these real business needs. What AI and cyber solutions are you deploying in your government to stop online fraud and save millions?
FINAL THOUGHTS
Some of you are no doubt wondering, why now? Is this the right time? Beyond the “take lemons and make lemonade” argument, there is another reason I wrote this blog at the end of January 2026.
I just got off the phone with another government CISO who is struggling with major resource issues. This is the fourth public-sector CISO I’ve heard from already this month who feels paralyzed with the same struggles. These pros are struggling to get executive attention, resources and action.
One more thing: I am trying my best to stay out of any political aspects related to the national fraud stories. I know both Democrats and Republicans want to fight financial fraud and ensure that our government systems work in the best, most efficient way possible.
But it is clear to me that security leaders need to be leading solutions to the AI-generated fraud narrative, and waiting is not a viable option.
No doubt, there are aspects of financial fraud that are outside the domain of CISOs and security leaders, such as prosecuting criminals by law enforcement.
But make sure you are part of the effort to fight online financial fraud in your government. Your team will be glad you did.
CybersecurityFinance
Dan Lohrmann
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.
See More Stories by Dan Lohrmann
*** This is a Security Bloggers Network syndicated blog from Lohrmann on Cybersecurity authored by Lohrmann on Cybersecurity. Read the original post at: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/cybersecuritys-new-business-case-fraud
About Author
![[Webinar] Doing More With Less: How Security Teams Escape Manual Work with Efficient Workflows](https://escape.tech/blog/content/images/2026/01/automate-manual-workflows-security.png)
