Notifications
Clear all
Topic starter
27/06/2026 1:23 pm
TL;DR: Cloud-native, API-enabled email security is gaining traction as business email compromise keeps increasing in scope and severity, and Forrester’s TEI study of Abnormal Security says four global customers prevented $4 million in losses while SOC analyst hours fell 95%. The shift shows email compromise is now a governance and control-plane problem, not just a detection problem.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- SOC analyst hours spent on email security tasks dropped by 95% after deploying Abnormal Security.
Questions worth separating out
Q: How should security teams govern cloud-native email security in BEC-heavy environments?
A: They should govern it as part of identity and privileged access management, not as a standalone message-filtering problem.
Q: Why do legacy email security controls struggle against modern BEC attacks?
A: Legacy controls were built to inspect message flow, but modern BEC often exploits trusted identity paths, delegated mailbox actions, and reply-chain abuse.
Practitioner guidance
- Inventory mailbox and security API permissions Document which systems can read, move, quarantine, or remediate mail, and identify every delegated integration that can act on behalf of a user or administrator.
- Classify email security integrations as privileged identities Assign ownership, business purpose, and offboarding steps for every API-backed email control.
- Test for identity abuse, not only malicious content Build detection scenarios for thread hijacking, impersonation, reply-chain abuse, and suspicious mailbox actions after delivery.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- Forrester TEI framing behind the financial-benefit claims and how the analysis was structured
- Customer-level context for the four global organisations cited in the webinar
- Operational examples of how the API-based platform reduced analyst workload in practice
- Market discussion of why cloud-native email security is being positioned against legacy providers
👉 Watch Abnormal AI's webinar on Forrester's TEI study of BEC and cloud email security →
Cloud email and BEC risk: what IAM teams need to act on?
Explore further
27/06/2026 2:43 pm
Cloud email has turned BEC into an identity governance problem. The article's core signal is not just that attacks are increasing, but that the control surface has moved into mailbox identity, delegated access, and API-connected enforcement. That makes ownership, scope, and offboarding of email security integrations part of IAM and PAM governance, not a separate tooling concern. Practitioners should treat email trust paths as governed identities, not only as message filters.
A few things that frame the scale:
- 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: What signals show that cloud email security is reducing risk rather than just workload?
A: Look for faster containment of suspicious mail, fewer successful reply-chain fraud attempts, and tighter control over delegated access paths. Analyst time savings matter, but they are not enough on their own. A stronger signal is whether the organisation can prove who can act on mailboxes and why.
👉 Read our full editorial: Cloud email and BEC risk are outpacing legacy security models
