Financial fraud has been identified as the primary source of cyberinsurance claims, with a staggering 83% attributed to email-based attacks. These attacks utilize various deceptive tactics, including fund transfers to fraudulent accounts, AI-generated emails, impersonation of executives and vendors, and business email compromise scams.
The recent At-Bay Cyber Insurance Claims Report sheds light on the prevalence of financial fraud in the cyber insurance industry. According to the report, email serves as the main entry point for cybercriminals, particularly targeting mid-sized businesses. In fact, financial fraud accounted for nearly a third of all cyber incidents among At-Bay’s insured clients in 2024.
While email was implicated in only 6% of ransomware attacks, it played a pivotal role in 43% of all cyberinsurance claims. This stark contrast highlights the vulnerability posed by fraudulent emails, which can easily bypass traditional email security measures. Cybercriminals have shifted their focus from malware to social engineering tactics, exploiting human vulnerabilities to orchestrate scams.
Experts emphasize the importance of employee security awareness training, particularly for finance and HR teams. Additionally, the implementation of multifactor authentication and email authentication protocols such as DMARC, SPF, and DKIM is now deemed essential by cyberinsurance companies. Failure to adhere to these security measures may lead to denial of coverage, as revealed in a study by Coalition’s Cyber Insurance Claims Report.
Financial and insurance companies, along with sectors like construction, professional services, and manufacturing, have suffered significant losses due to financial fraud. The average loss per incident in these sectors exceeds $500,000, underscoring the financial impact of cyber fraud.
In response to the escalating threat of BEC scams, countries are introducing legal measures to mitigate losses. The U.K.’s Payment Systems Regulator has implemented a mandatory reimbursement rule to address authorized scams, including BEC, which caused nearly £500 million in losses last year. Similarly, the FS-ISAC has introduced a Cyber Fraud Prevention Framework to help financial institutions enhance their fraud prevention and mitigation efforts.
Overall, the prevalence of financial fraud underscores the critical need for organizations to bolster their cybersecurity defenses and remain vigilant against evolving cyber threats. By addressing vulnerabilities in digital communication and adopting comprehensive security measures, businesses can mitigate the risk of falling victim to email-based attacks and safeguard their financial assets.