One of the most effective tools in the fight against cybercrime is information sharing—particularly through anonymized consortium data signals—a practice increasingly referred to as cyber fusion. Despite its promise, many institutions remain wary of collaborating in this way, often even within their own organizations.
Greater cooperation—through shared data and interoperable fraud, anti-money laundering, and cyber tools—not only enhances the ability to detect and prevent financial crime, but also delivers measurable benefits to the bottom line.
In a PaymentsJournal Podcast, Teresa Walsh, an intelligence professional with over 20 years experience in both the government and financial services sector, and Tracy Goldberg, Director of Cybersecurity at Javelin Strategy & Research, spoke about the advantages of adopting cyber fusion and the key barriers that keep financial institutions from pursuing it more widely.
Breaking Down the Silos
The financial industry is notorious for operating in silos, with people focused myopically on their own teams’ responsibilities—often without considering how one function impacts another. As organizations network and build stronger internal connections, it becomes clear that no single group holds the complete picture. Combating cybercriminals effectively requires consolidating information and fostering collaboration across functions.
Companies approach cyber fusion in different ways. In some cases, it involves integration within the information security department—bringing together not only the cyber threat intelligence team but also incident responders, forensic teams, AML teams, and Financial Intelligence Units. Each of these groups plays a role in the broader effort.
“First you have to understand what exactly you’re fusing,” said Walsh. “I see an increasingly prominent blurring of lines between what we would define as cybercrime versus nation-state or cyber espionage attacks. We need to get outside the box a little bit and realize that whether it’s a scam that’s impacted a consumer or a phishing attack that has compromised an employee, all of this ties together. The sooner we can connect those dots and share information across these different industries, the better off we’re going to be long-term.”
Starting Within the Organization
Cyber fusion can start within the organization by cross-sharing information and tools across departments such as AML, communications, and HR. From there, the effort can expand to include cross-industry collaboration and broader information sharing. Cyber fusion should remain fluid. There’s no way to predict what the landscape will look like in five years, so it’s essential to develop a strategy that allows for adaptability and agility.
Intelligence needs to be integrated into the process, supporting decision-makers at all levels. It shouldn’t be produced for its own sake—it must serve a clear purpose.
“You’re trying to deliver intelligence to help people looking at expanding out into a new country or deciding whether or not the technology stack that they currently have is good enough, and you’re helping them make those decisions,” said Walsh. “They need objective intelligence that’s not just about the technical ones and zeros. Most risk equations are going to talk about the threat that’s out there.”
“There’s a certain threat actor, there’s a certain tool that they’re using, and it could present a risk to your company,” she said. “What is that and how much exposure do you have? Risk managers need to have good intelligence to help them understand that threat. Analysts try to bring to the table a good understanding of that threat intelligence landscape, helping risk managers decide whether we’re doing well, and if not, how can we do better?”
Cyber risk goes beyond technology; it also involves the human element, where individuals can be psychologically manipulated. Sourcing threat intelligence experts may require thinking outside the box, including those with backgrounds in psychology or behavioral analysis. Technology has its limits, especially as many risks stem from socially engineered attacks, such as phishing texts or direct communication through social media.
“The threat intel community has been thinking along these lines for a long time, but it has to get back to the decision-makers,” said Goldberg. “It’s going to be a cultural change from the top down, and we have to get buy-in from all of these players to move in a direction where cyber fusion can be successful.”
Conversation Is Key
Most industries could benefit from creating a cyber fusion by connecting cyber teams with other internal departments. Valuable insights often emerge from stepping out of isolated workflows and engaging in open dialogue across teams. Understanding what others are working on, how different efforts intersect, and where collaboration can enhance outcomes is key to strengthening cybersecurity efforts.
“Whether it’s a small group of internal people or peer organizations that would be considered competitive to your company, you’re all basically trying to do the same function,” said Walsh. “Some of these threats are not just targeting you, they’re probably targeting a lot of different companies just like you as well. If we want to fight cyber criminals that are trying to steal information or extort money from your companies, we need to work together. We all have pieces of the puzzle, but also it helps people just on a psychological level to know that they’re not alone.”
You Are Not Alone
Sometimes the job can feel overwhelming, and it helps to connect with someone who has already been through it—or is navigating it right now. Even someone in another department might be working through the other side of the same challenge. As Walsh noted, don’t hesitate to reach out and start a conversation.
“Once everybody starts bringing all that knowledge together, whether it’s actual intelligence or just even the best practice of how to do the job, it crowdsources all of this information together,” said Walsh. “You’re no longer just an army of one trying to figure it out by yourself. You have the capabilities of a strong network around you. I’m always going to be the champion of consortiums, whether they’re official, unofficial, big or small.”
Building Trust
Transactional data can be anonymized to help these consortiums function. Some players in the space—whether on the payment side or within digital banking platforms—have access to significant amounts of data and can observe transactions across multiple organizations. Anonymizing this information could support the formation of a consortium that brings all of these players together in a trusted environment.
The trust factor remains one of the biggest challenges. Many financial institutions are hesitant to share data due to concerns about overexposure or violating data-sharing regulations. If they do share data, there’s a risk of repercussions from law enforcement or regulatory agencies, potentially resulting in fines or other penalties.
“We have to get outside some of that thinking and ask vendors to step up to the plate and help with some of this consortium data sharing,” said Goldberg. “That’s where we need to have conversations with the regulators. When you talk to regulators, they’re surprised that people are hesitant about sharing different types of threats. That’s where clarity is needed, especially when we’re going cross-sector because the financial regulator, for instance, is not going to tell a telco what to do.
Walsh added: “We need more open conversations to make sure that we’re not putting roadblocks in front of ourselves, because the bad guys definitely aren’t. If we keep putting roadblock after roadblock in front of ourselves and taking a risk-averse approach of why we shouldn’t be working together, they’re going to be able to get away with what they’re already getting away with, which is billions of dollars worth of cybercrime.”
