Business Email Compromise Driving Rising Costs for Enterprises Worldwide
According to Dark Reading, business email compromise (BEC) and fund transfer fraud (FTF) were dominant threats in 2024, accounting for 60% of all cyber insurance claims filed with Coalition, according to the company’s newly released 2025 Cyber Claims Report.
BEC attacks alone saw a 23% increase in claims severity, with average losses reaching $35,000 per incident. While less costly than ransomware, which averaged $292,000 in damages, BEC was far more common and frequently led to additional losses. Nearly a third of BEC cases also resulted in FTF incidents, with combined average losses totaling $106,000.
Despite the surge in BEC-related expenses, there were some encouraging trends in other areas. FTF claim severity dropped sharply by 46%, bringing the average loss down to $185,000. Ransomware also showed modest improvement, with a 7% decline in severity and a 3% drop in claims frequency. Overall, Coalition described its claims data as demonstrating year-over-year stability, even amid a threat landscape characterized by increasingly sophisticated attackers.
The report attributed the growing cost of BEC incidents in part to rising expenses across legal services, incident response, data mining, and recovery efforts. While the frequency of these claims held steady, the growing complexity and cost of mitigating them drove the spike in financial impact.
Protecting Your Organization Against BEC & FTF Attacks
To reduce the risk of falling victim to email-based threats like BEC and FTF, organizations are advised to take a layered approach that includes several steps.
Enforce Multi-Factor Authentication (MFA): Require MFA across all email and financial systems to prevent unauthorized access and reduce the risk of account compromise.
Deliver Role-Specific Security Training: Provide ongoing, tailored security training to help employees recognize phishing attempts and social engineering tactics targeting their specific responsibilities.
Implement Financial Verification Protocols: Establish strict procedures for all financial transactions, including verifying wire transfer requests via out-of-band communications and restricting access to authorized personnel only.
Strengthen Access Controls: Limit the ability to initiate or approve high-value transactions to a small group of authorized users, reducing the risk of internal misuse or external compromise.
Effectively mitigating BEC and FTF threats requires a coordinated strategy built on prevention, real-time monitoring, and fast, decisive response. As attackers improve their tactics, organizations must stay one step ahead with layered defenses, clear internal protocols, and tightly managed access.
