Business email compromise (BEC) became the most common incident in cyber insurance claims in 2018 (23% of all claims), overtaking ransomware and data breaches, according to AIG. In BEC schemes, an attacker sends the victim a phishing email that usually either contains a malicious link or attachment that allows the attacker to access the victim’s inbox or download malware, or imitates a fellow employee (often in the finance department or management) asking the victim to conduct a business transaction, most likely a money transfer to the attacker’s account.
The number of BEC-related cyber insurance claims has risen 11% since 2017, which reflects the need to more effectively train staff to recognize social engineering scams. “We’re still seeing a surprisingly high level of these forms of fraud being perpetrated and some are affecting quite large and sophisticated clients,” said Mark Camillo, head of cyber for Europe, Middle East & Africa at AIG. “You may think that every CFO at a large company would know about this by now, but it’s still happening.”