As per the recent Coalition 2025 Cyber Claims Report, business email compromise-based attacks (BEC) and fund transfer frauds (FTF) have led to a steep surge in the number of cyber insurance claims in 2024. Businesses around the world have been facing sophisticated BEC and FTF attacks that are affecting them financially, operationally, as well as emotionally. Threat actors are working hard to refine and revamp their social engineering tactics, thereby leading to financial and reputational damages to organizations.
The cyber insurance provider company, Coalition, suggests that BEC and FTF attacks have been the main cyber incidents for the past 3 years, leading to increased cyber insurance claims. The report focuses on the persistent threat that such attacks pose to global organizations.
The pervasive threat of BEC and FTF attacks!
Email communications, being one of the most commonly used methodologies to interact, continue to be the favorite choice of threat actors. Business email compromise attacks accounted for 73% of all reported cyber incidents in 2024, and the average expenditure per BEC attack costs upto $4.89 million. These BEC attacks involve gaining unauthorized access to official business email IDs, thereby conducting data theft. Further, the threat actors may attempt additional account compromises and try to carry out other related malicious activities. What’s worse is that about 29% of these BEC attacks led to fund transfers from the victims’ accounts to those of cyberattackers.
The increasing complexity of these email attacks, such as spoofed emails and compromised vendor accounts, further highlights the significance of cybersecurity awareness and a swift attack response system.
The cause behind the increasing BEC expenses
The overall cyber insurance claims frequency was comparatively stable in 2024. However, BEC attacks related expenses spiked up because of the increase in the forensic, legal, and data recovery costs. The below-mentioned activities also add to the overall BEC expenses:
- Data mining and breach investigation
- Legal consultation and compliance expenditure
- End-user notification and post-attack support
- Incident response team deployment
Another major cause of increased BEC expenses can be the complex nature of digital footprint analysis and the delayed assessment of the extent of damage. The more an organization takes time for damage mitigation, the higher the overall expenses tend to be.
Why are email attacks so convincingly real?
The human-first approach of every BEC and FTF attack makes them highly convincing and credible. Each email content is designed keeping in mind human psychology. These emails seem too real to be ignored. Cyberattackers send out convincing emails from spoofed domains or pose as trusted contacts, which trap naive employees into making wire transfers or even sharing sensitive information.
Generative AI tools have made it even easier for threat actors. These easily accessible generative AI tools enable cyberattackers to come up with email content that looks flawless. Artificial Intelligence helps threat actors create email content that contains zero grammatical errors and spelling mistakes. As a result, these emails look polished and real.
That’s exactly why we must understand that cybersecurity mechanisms go far beyond just antivirus software and firewalls. It also includes robust email security protocols such as DMARC, DKIM, and SPF, as well as an emphasis on human awareness, vigilance, and behavioral analysis.
What should organizations do in the wake of increased BEC and FTF attacks?
In order to steer clear of BEC and FTF attacks, organizations must embrace the following security tactics:
Track digital exposure closely
Use relevant tools for digital footprint analysis and online risk evaluation. This will help you anticipate any kind of vulnerabilities and prepare well ahead of time to combat them.
Enable MFA
MFA or Multi Factor Authentication System adds an extra layer of security, making it difficult for threat attackers to penetrate your system even if your credentials have already been compromised.
Carry out security awareness training sessions
Train your employees from time to time and help them tell apart the fake emails from the genuine ones. Spread awareness around AI-generated emails, phishing, and spoofing attacks.
Look out for dark web activity
It is a good practice to hire dark web surveillance and darknet monitoring services. This keeps you informed in case sensitive company data is being shared or sold online.
Establish a fast incident response protocol
In case of a BEC or FTF attack, every moment of delay will add to your expenditure. It is therefore important to have a fast incident response system. This will help you bring down the extent of damage and relevant expenses.
The organizations that managed to avoid BEC and FTF attacks in 2024 are the ones that chose to stay proactive and alert against threat attacks. They had a foolproof plan in place, which they followed with precision, thereby averting any kind of cyber mishap.
If you are losing your sleep over the steep surge in BEC and FTF attacks, start working on a solid cybersecurity mechanism today.
