Cyber’s Sleeper Threat: Business Email Compromise

Hero image

We are pleased to share our latest cyber research study, Cyber’s Sleeper Threat: Business Email Compromise.

This report is the result of joint research between Guy Carpenter’s Cyber Center of Excellence and Marsh McLennan’s Cyber Risk Intelligence Center. It discusses the threats of business email compromise (BEC), how different types of businesses could be affected, and methods companies can adopt to mitigate the risk of this type of event.

Key takeaways include:

  • BEC, a sophisticated form of phishing that involves attackers manipulating individuals into unwittingly facilitating fraudulent activities, is considered one of the most financially damaging cyber threats.
  • BEC can impact companies regardless of industry or revenue, bringing with it potentially devastating financial impacts.
  • Marsh claims data has shown smaller-revenue companies are far more likely to lose a greater percentage of their revenue in a BEC event than a large-revenue company could expect.
  • Analysis of the Marsh Cyber Self-Assessment (CSA) data indicates using multifactor authentication (MFA) and cybersecurity awareness programs are the top 2 controls for the prevention of BEC events.
  • The cyber (re)insurance industry has a collective interest in monitoring the escalating BEC threat and supporting organizations to improve their resilience against BEC attacks.

Cyber's Sleeper Threat: Business Email Compromise

The report explores the financial damage business email compromise attacks can cause and how cyber models view that risk. It also discusses tactics cybercriminals use, as well as steps companies can take to avert the damage.