Business Email Compromise (BEC) attacks have surged dramatically this year, accounting for 73% of all reported cyber incidents in 2024 — a sharp increase from 44% in 2023, according to research conducted by Eye Security based on its client data. This alarming 64% rise underscores the growing cyber threat landscape and its impact on businesses, including a significant escalation in cyber insurance claims and premiums.
The Impact of BEC Attacks
Business Email Compromise (BEC) attacks are among the most damaging forms of cybercrime. They not only cause financial losses but also disrupt business operations and harm customer relationships. Recovering from the loss of confidential data and manipulated payments can take months, while reputational damage can have lasting consequences for companies.
Data from Eye Security shows that sectors such as transport and logistics, retail and manufacturing, and real estate and construction are particularly vulnerable. Their reliance on digital platforms and complex, interconnected supply chains makes these sectors an attractive target for cybercriminals.
MFA Alone Isn’t Enough
Business Email Compromise is a targeted cyberattack where criminals impersonate trusted parties via email to trick employees into sharing sensitive information or transferring money. These attacks exploit human trust, bypassing traditional security measures, and are among the costliest threats businesses face today.
BEC attacks specifically exploit gaps in current defenses, such as an over-reliance on Multi-Factor Authentication (MFA), which attackers have learned to bypass using social engineering and cloud-specific vulnerabilities.
“Imagine this: a seemingly routine email notification through Microsoft Teams. A click. A login prompt. Without realizing it, an employee opens the door to attackers. This scenario is far from hypothetical,” says Job Kuijpers, CEO of Eye Security. “At first glance, MFA feels like a fortress, but attackers have adapted, proving that identity security alone isn’t enough. Businesses need continuous monitoring and proactive defense across their entire environment to stay ahead.”
Insurance Premiums Will Climb as Risks Escalate
After the hefty premium correction in 2021, the cyber insurance market stabilized in 2022 and saw reductions in premiums through 2024. However, these reductions are expected to halt as the industry faces rising threats like BEC and ransomware. Only recently German insurance supervisor BaFin issued a warning about profitability challenges in insuring SMEs against cyber threats.
For SMEs, balancing these rising costs with proactive investments in cybersecurity is becoming a critical challenge. The growing recognition of comprehensive cyber insurance solutions to mitigate risks is highlighted as a major trend by a 2024 survey from Munich Re.
“Insurance is more than a safety net—it’s a barometer of risk,” says Arjan Halma, Managing Director of Eye Underwriting. “To manage premiums effectively, businesses must demonstrate readiness for modern threats. This means adopting comprehensive monitoring and incident response capabilities, not just relying on compliance.”
How Businesses Can Adapt
Eye Security expects to see BEC incidents to rise further in 2025, amplifying the need for robust, proactive cybersecurity measures. Companies that invest in monitoring, detection, and response not only mitigate risks but also position themselves as resilient and trustworthy partners in an interconnected economy.
For actionable advice on reducing the risk of BEC attacks, visit Eye Security’s blog on 15 Steps to Mitigate the Risk of Business Email Compromise.
