27 Feb The Alarming Rise of Business Email Compromise and the Vital Role of Cyber Insurance

In today’s rapidly evolving cyber threat landscape, cybercriminals are constantly seeking new ways to exploit vulnerabilities. One emerging trend is the use of Generative Artificial Intelligence (AI) to create sophisticated and personalised attacks. In this article we will explore the growing threat of AI assisted attacks which leads to the continued prevalence of email scams.

Steadfast Group’s Chief Information Security Officer, Alexander Moskvin, sheds light on this topic. He comments, “Artificial intelligence can enable even ‘junior hackers’ to create sophisticated social engineering campaigns, featuring fake voice and video. Even the smartest and most sceptical of targets can potentially be taken in.”

The Australian Signals Directorate (ASD)’S Annual Cyber Threat Report 2022–23, identifies email compromise, business email compromise, and online banking fraud as the top three cybercrime threats faced by businesses.

Business email compromise (BEC) is a form of email fraud

Cybercriminals target organisations and try to scam them out of money or goods by attempting to trick employees into revealing important business information, often by impersonating trusted senders. BEC can also involve a cybercriminal gaining access to a business email address and then sending out spear phishing emails to clients and customers for information or payment. The difference between email compromise and BEC fraud is there is a financial loss recorded with BEC fraud.

In 2022–23, the total self-reported BEC losses to ReportCyber was almost $80 million. There were over 2,000 reports made to law enforcement through ReportCyber of BEC that led to a financial loss. On average, the financial loss from each BEC incident was over $39,000.

The ASD has created an article on Protecting Against Business Email Compromise, which includes establishing a clear and consistent business process for workers to verify and validate requests for payment and sensitive information. Ensure workers are aware of following warning signs:

• an unexpected change of bank details
• an urgent payment request or threats of serious consequences if payment isn’t made
• unexpected payment requests from someone in a position of authority, particularly if payment requests are unusual from this person
• an email address that doesn’t look quite right, such as the domain name not exactly matching the supplier’s company name.

Don’t Be Caught Off Guard: How Cyber Insurance Helps Your Business Recover

A major cyber-attack or data breach can be disruptive and expensive. Cyber insurance is there to help your business bounce back and rebuild, should the worst occur.  Cyber insurance is not the first line of defence; it is designed to protect a business when it’s IT security, policies and procedures fail to stop an attack.

Cyber Insurance Underwriter, Emergence, has provided the following claim scenario of Business Email Compromise:

Claim Scenario: The CFO received a fraudulent email from the CEO, whose e-mail account had been compromised due to a Cyber Event, requesting the transfer of a large sum of money. The email convinced the CFO to transfer money to a third-party bank account. Later its determined that the email was not authored by the CEO, but it’s too late for the bank to stop the transfer.

Emergence Cyber Event Protection will cover forensic investigation of the crime as well as response costs to remove the threat and secure the e-mail system. If Cyber Theft coverage is applicable, the direct financial loss the insured suffered will be covered as well.

Don’t wait until it’s too late – click here to obtain a Cyber Insurance quote online.

Stay Informed – Connect with us on LinkedIn

© Commonwealth of Australia 2023, Australian Signals Directorate, 2022–23 ASD Cyber Threat Report.

IMPORTANT NOTICE

Disclaimer: The Emergence claim scenario illustrate the potential scope of coverage provided under Emergence’s EME CEP-004 Cyber Event Protection policy wording. Each claim is different and outcomes may vary on a case-by-case basis depending upon the facts and details of the particular situation.

All information in this article is of a general nature only.  This article does not take into account your specific objectives, financial situation or needs. Deductibles, exclusions and limits apply. You should consider the Product Disclosure Statement in deciding whether to buy or renew cyber insurance.  Various insurers issue this type of insurance. Cover can differ between insurers.

Disclaimer:  Terms, conditions, limits, deductibles and exclusions apply to the products referred to above. Any advice in this article is general advice only and has been prepared without taking into account your objectives, financial situation or needs. Before making a decision to acquire any product(s) or to continue to hold any product, we recommend that you consider whether it is appropriate for your circumstances and read the relevant Product Disclosure Statement (‘PDS’), Financial Services Guide (‘FSG’) and the Target Market Determination (‘TMD’) which can be obtained by contacting CRM Brokers.

This article provides information rather than financial product or other advice. The content of this article, including any information contained in it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.

Information is current as at the date the article is written as specified within it but is subject to change. CRM Brokers, Steadfast Group Ltd and Steadfast Network Brokers make no representation as to the accuracy or completeness of the information. Various third parties have contributed to the production of this content. All information is subject to copyright and may not be reproduced without the prior written consent.