Notifications
Clear all
Topic starter
27/06/2026 1:22 pm
TL;DR: Business email compromise produced $2.4 billion in losses last year and continues to outpace awareness programs and security tooling, according to Abnormal Security. Email impersonation still succeeds because trust, approval, and payment workflows remain easier to subvert than to harden.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
A: Use awareness training as a support control, not the primary defence.
Q: Why do business email compromise attacks still succeed in mature organisations?
A: They succeed because they target trust, routine, and urgency rather than technical weakness alone.
Practitioner guidance
- Remove email-only approval paths Require out-of-band confirmation for payment changes, beneficiary updates, and privileged requests so a forged message cannot complete the transaction on its own.
- Harden help desk verification Treat password resets, MFA resets, and account recovery as high-risk identity events and verify requesters using independent channels and documented callback rules.
- Map BEC-prone workflows Identify every process that can be triggered by email, then rank them by financial impact, privilege exposure, and likelihood of social engineering.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- Threat-intelligence examples of how attackers change language and timing to bypass user judgement
- Discussion of why business email compromise keeps succeeding across email and adjacent communication channels
- Operational guidance on what organisations should change in inbox, approval, and verification workflows
- The recording and CPE-credit details for teams that want the original presentation context
👉 Watch Abnormal AI's webinar on why business email compromise keeps succeeding →
Business email compromise: what should IAM teams actually do?
Explore further
27/06/2026 2:43 pm
Business email compromise is an identity governance failure, not just a mail-security problem. The attack succeeds when organisations let identity proof collapse into message appearance, sender reputation, or internal familiarity. That is a control design flaw across IAM, finance approvals, and help desk workflows. Practitioners should treat any email-mediated business action as an identity decision, not a communications issue.
A few things that frame the scale:
- 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
- Lack of credential rotation is cited as the top cause of NHI-related attacks by 45% of organisations, followed by inadequate monitoring and logging at 37% and over-privileged accounts at 37%.
A question worth separating out:
Q: Who should own BEC prevention when the attack spans email, IAM, and finance?
A: Ownership should be shared, but accountability must be explicit. Security teams own detection and control design, IAM owns identity verification steps, and finance or operations owns approval workflow enforcement. If no single team is responsible for the end-to-end request path, impersonation attacks will keep exploiting the gaps between functions.
👉 Read our full editorial: Business email compromise keeps outpacing enterprise defences
