Business Email Compromise on the Rise

Hilary Tuttle


May 1, 2019

business email compromiseAccording to the 2019 Breach Briefing, Beazley Breach Response Services saw a 133% increase last year in business email compromise—social engineering attacks that involve using either a compromised email account or a spoofed address to get an employee to transfer funds or sensitive data.

A quarter of all incidents reported to the firm last year were BEC cases, driving a 10% overall rise in the proportion of losses from hacking or malware (47%) as opposed to cases involving accidental disclosure (20%) or a malicious insider (9%). Half of the hacking/malware incidents were due to BEC, in addition to continued attacks involving ransomware and banking Trojans.

The average cost of a BEC-related claim was $70,960, with the highest of the year costing over $2.5 million in legal fees, forensic costs, document review, notification, call center operation and credit monitoring.

“Unfortunately, we see these threats globally across all sectors and we strongly believe that education about the risks and preparedness are as important as IT security measures for protecting individuals and assets from cyberattacks,” said Katherine Keefe, global head of BBR Services at Beazley.

Hilary Tuttle is managing editor of Risk Management.