Cyber-fraud fusion isn’t a new industry buzzword. It’s a necessary evolution in cybersecurity, where digital trust for customers sits at the intersection of risk and identity. At our recent CISO Live Panel during RSA, it became clear that information security leaders are facing a pivotal choice: take ownership of customer trust and earn a seat at the revenue table, or continue to focus on workforce risk decisions only.
The CISO’s territory is quickly expanding, shifting from protecting the workforce to being the ultimate steward of identity trust. Gartner predicts that by 2031, half of all large financial and commerce organizations will consolidate fraud operations into cybersecurity teams. Precise, user-level transaction insights are proving imperative for infosec, with leaders on the ground agreeing that this new era of the CISO isn’t a tactical experiment aimed at an unknown problem. It’s a strategic response to real changes in digital risk.
Why CISOs are Taking On Fraud Operations & Outcomes
Fraud actors operate at scale through deep alliances, upping the pressure on risk professionals to establish and improve collaboration between their own internal teams. Sift Trust and Safety Architect (and former fraudster) Alexander Hall, along with Yuval Shchory, Senior Director, Product Management at Sift, joined executives from Deloitte, Vercel, and Ping Identity to drive this conversation forward.
Vercel’s Chief Information Security Officer, Ty Sbano, pointed out that CISOs have always dealt with users, both malicious and trusted. The panel discussed how that relationship has traditionally been about protecting the workforce and systems while minimizing disruption, rather than understanding or managing digital customer behavior. Fraud teams without the right resources are stuck prioritizing the customer experience at the cost of security, or interrupting growth with friction and manual review.
Recent research shows that both open the door to churn and profit loss: 80% of consumers will stop engaging with a brand that exposed them to account takeover, and many will abandon transactions before checkout if the process becomes too complicated.
Businesses simply can’t afford that.
Risk, Identity, and the Cyber Fraud Fusion Imperative
In some environments, fraud risk is centralized within the cybersecurity org, but those operations must stay consistently and accurately informed by the rest of the business. During the panel, Ping Identity’s Loren Russon noted that there will need to be a shift in who controls implementation of identity and authentication technologies for both the workforce and customer use cases, which are sometimes led separately. Until identity strategy is unified, Russon emphasized, organizations will keep losing ground to fraudsters.
CISOs need to quickly gain a nuanced understanding of risk; Hall cautioned against conflating fraud risk with cyber attacks, even as the trend is to converge under the CISO umbrella. “Fraud actors can only exploit the same digital channels your customers already use,” he said during the panel. “But cyber attackers exploit what the workforce users never touch—like APIs and infrastructure. Practical ownership has to take precedence.”
This is the future of fraud, and it’s unfolding right now. In their latest Emerging Tech Report, Gartner warns that point solutions often lead to disjointed defenses. The same is true for customer experience: poorly integrated fraud and security tech stacks often introduce friction in the wrong places, and as Russo explains, the wrong friction can be just as dangerous as too little, hurting acceptance rates without actually stopping fraud.
RSA 2025: Top Takeaways for CISOs
Echoing broader themes from RSA Conference 2025, the panel discussion highlighted how the lines between fraud and cybersecurity leadership are blurring, and identity-first security is no longer niche, rather the norm.
Across vendor sessions and executive briefings, three major takeaways emerged:
- Identity-first security was front and center, especially in the context of user journey protection.
- Behavioral risk and continuous identity assessment are moving from nice-to-have to need-to-have.
- Fraud is increasingly being addressed as a cybersecurity concern, not just a financial metric.
Gartner’s prediction about the alignment of fraud and cybersecurity is already playing out. The RSA Conference exhibit hall was filled with vendors pushing platform consolidation, shared risk and threat signals, and unified governance, and conversations that used to focus on fraud or security now center on digital trust.
The push toward unified risk platforms was widespread, with many vendors showcasing integrated tools that span fraud detection, identity verification, and access control. RSA Conference attendees walked away with a clear message: fragmented teams and tech stacks kill revenue and damage user experiences. Cyber-fraud fusion is the survival strategy that will allow digital businesses to build identity-centric trust with, and for, their customers.
Join Sift at Risk Revenue Day SF
The future of fraud prevention will live within the CISO realm—but it requires a new playbook, and new partnerships. Connect with the Sift team face-to-face this May at our event, Risk Revenue Day SF, and spend the evening networking, learning, and socializing with fellow cybersecurity and infosec professionals.
