Unrelenting Business Email Compromise Trends Despite Decrease in Cyber Claims
Despite Drop in Cyber Claims, BEC Keeps Going Strong
In 2024, cyber claims, specifically those pertaining to ransomware, stabilized while there was an uptick in business email compromise (BEC) attacks.
This conveys a critical message to cybersecurity professionals and businesses alike: BEC remains a significant and escalating threat.
Understanding BEC
Business Email Compromise (BEC) entails the unauthorized access and fraudulent use of a genuine email account to commit financial fraud and data theft.
This trend reached a new peak in 2024 despite efforts in stymieing ransomware, as reported by insurance provider Coalition.
Data and Statistics
Coalition’s year-end report indicates that 60% of total cyber claims in 2024 were related to BEC and funds transfer fraud (FTF).
Furthermore, among these BEC incidents, consultants found that 29% concluded with FTF.
Interestingly, BEC claims severity saw a 23% year-over-year rise to an average loss of $35,000 per case.
This increase is mainly attributed to a significant spike in cases in the second half of 2024.
Exploring the Challenges
BEC attacks pose various challenges to business security.
They often convincingly impersonate high-level executives or trusted partners, leading employees to perform actions such as transferring funds.
The increased sophistication of these attacks makes them difficult to detect using traditional security systems.
Recommendations
Protecting against BEC attacks requires a layered approach.
Enterprises should prioritize user education, implement resilient email security infrastructure, encourage the use of secure payment procedures, and enforce strict information sharing policies.
It’s also crucial to establish a risk management strategy that involves regular system audits and protocol reviews.
Conclusion
Despite the stabilization of overall cyber claims — including those from ransomware attacks — BEC attacks remain an escalating and significant cybersecurity threat.
Organizations must hold dialogue with their cybersecurity partners and invest in setting up resilient infrastructure to protect against this growing menace.
