https://www.insurerbrain.com/w/index.php?action=history&feed=atom&title=Definition%3ABusiness_email_compromiseDefinition:Business email compromise - Revision history2026-06-13T21:28:03ZRevision history for this page on the wikiMediaWiki 1.43.8https://www.insurerbrain.com/w/index.php?title=Definition:Business_email_compromise&diff=7335&oldid=prevPlumBot: Bot: Creating new article from JSON2026-03-10T12:49:01Z<p>Bot: Creating new article from JSON</p>
<p><b>New page</b></p><div>📧 '''Business email compromise''' is a form of targeted [[Definition:Cyber risk | cyber fraud]] in which an attacker impersonates a trusted party — typically a senior executive, vendor, or business partner — through manipulated or spoofed email to trick an insurance organization or its [[Definition:Policyholder | policyholders]] into transferring funds or divulging sensitive information. Within the insurance sector, this threat operates on two levels: carriers must defend their own operations against it, and they also [[Definition:Underwriting | underwrite]] the financial consequences of business email compromise through [[Definition:Cyber insurance | cyber insurance]] and [[Definition:Crime insurance | crime insurance]] products.<br />
<br />
🕵️ The attack typically unfolds when a fraudster gains access to or convincingly mimics a legitimate email account, then sends instructions that appear routine — a request to redirect a [[Definition:Premium | premium]] payment to a new bank account, a fake invoice from a [[Definition:Third-party administrator (TPA) | third-party vendor]], or an instruction to wire [[Definition:Claim | claim]] settlement funds to a changed address. Because these messages exploit human trust rather than technical vulnerabilities, even organizations with strong network defenses remain susceptible. Insurers writing [[Definition:Cyber insurance | cyber]] or [[Definition:Crime insurance | crime]] policies evaluate controls such as multi-factor authentication, dual-authorization payment procedures, and employee awareness training when assessing a prospective insured's exposure to business email compromise.<br />
<br />
💰 The financial impact can be substantial — the FBI's Internet Crime Complaint Center regularly ranks business email compromise among the costliest categories of cybercrime, with losses running into billions of dollars annually across all industries. For insurers, the [[Definition:Claim | claims]] implications are complex: coverage may sit across [[Definition:Cyber insurance | cyber]], [[Definition:Crime insurance | crime]], and [[Definition:Directors and officers liability insurance (D&O) | directors and officers]] policies, and disputes often arise over which policy responds and whether social-engineering losses fall within policy definitions. As attack volumes continue to climb, carriers are tightening [[Definition:Underwriting | underwriting]] guidelines, requiring minimum security controls, and adjusting [[Definition:Sublimit | sublimits]] specifically for social-engineering fraud, making business email compromise a defining risk in the evolving [[Definition:Cyber insurance | cyber insurance]] marketplace.<br />
<br />
'''Related concepts'''<br />
{{Div col|colwidth=20em}}<br />
* [[Definition:Cyber insurance]]<br />
* [[Definition:Cyber risk]]<br />
* [[Definition:Crime insurance]]<br />
* [[Definition:Social engineering fraud]]<br />
* [[Definition:Ransomware]]<br />
* [[Definition:First-party coverage]]<br />
{{Div col end}}</div>PlumBot