Guy Carpenter, a business of Marsh McLennan focused on global risk and reinsurance, has published a new report entitled Cyber’s Sleeper Threat: Business Email Compromise. In it, the firm advocates for the insurance industry to support businesses in developing risk management frameworks that address cyber risks – including business email compromise (BEC) threats.

Large losses 

They say the financial consequences of a successful BEC are potentially devastating, creating large losses for cyber insurers and reinsurers. Yet because the threat does not garner headlines in the same way ransomware, zero-day vulnerability exploits and cloud service provider outages do, BEC threats are often overlooked, they add.

“An analysis of Marsh’s proprietary claims database over the last five years found more than 550 successful BEC events impacting Marsh clients with either a cyber or crime insurance policy in place. Of these events for which loss data is available, the report reveals the greatest number have a loss around 0.1 per cent of the company revenue. For a company with $1 billion in revenue that amounts to a $1 million loss,” the firm states.

The report adds that Marsh claims data further shows that smaller-revenue companies are far more likely to lose a greater percentage of their revenue in a BEC than a large company could expect.

“By driving awareness of the right cybersecurity measures, we can collectively improve the resilience of organizations against BEC threats and mitigate its impact on underwriting profitability,” says Erica Davis, global co-head of cyber with Guy Carpenter.