Business email compromise continues to be overlooked as a major cyber threat – Guy Carpenter

Business email compromise continues to be overlooked as a major cyber threat – Guy Carpenter

Business email compromise continues to be overlooked as a major cyber threat – Guy Carpenter | Insurance Business Canada

Reinsurance

Business email compromise continues to be overlooked as a major cyber threat – Guy Carpenter

Reinsurance broker highlights the consequences of ignoring this risk

Reinsurance

By
Kenneth Araullo

A new report from reinsurance specialist Guy Carpenter highlights the significant financial impact of business email compromise (BEC) claims, which are often categorized as attritional and frequency-driven within the cyber insurance market.

The report, titled “Cyber’s Sleeper Threat: Business Email Compromise” examines the threat and impact of BEC attacks, a sophisticated form of phishing that targets human vulnerabilities rather than technical ones.

In these attacks, perpetrators impersonate trusted entities to deceive employees into transferring funds, evading traditional security measures.

According to an analysis of Marsh’s proprietary claims database over the past five years, more than 550 successful BEC events affected Marsh clients with either cyber or crime insurance policies.

The report notes that the majority of these events resulted in losses around 0.1% of company revenue. For a company with $1 billion in revenue, this translates to a $1 million loss.

Despite the financial threat posed by BEC, the report states that cyber vendor models vary in their approach to accounting for BEC claims in their catastrophe event catalogs. Only one leading industry vendor has explicitly included BEC as a cyber peril in its models.

Erica Davis (pictured above), global co-head of cyber at Guy Carpenter, said that while cyber threats like ransomware attacks, zero-day vulnerability exploits, and cloud service provider outages often dominate headlines, the consequences of a successful BEC can be greater.

See also  Looking back – top cyber insurance providers in Australia for 2023

“The consequences of a successful BEC attack, however, can also be devastating for an organization and create large losses for cyber re/insurers. By driving awareness of the right cybersecurity measures, we can collectively improve the resilience of organizations against BEC threats and mitigate its impact on underwriting profitability,” Davis said.

What are your thoughts on this story? Please feel free to share your comments below.

Keep up with the latest news and events

Join our mailing list, it’s free!