Notifications
Clear all
Topic starter
27/06/2026 1:19 pm
TL;DR: Exposed losses from business email compromise reached $44 billion over five years, the average data breach cost hit $9.44 million, and phishing attacks rose 35% last year, according to Abnormal AI. The underlying problem is not that prevention failed once, but that many security programmes still assume attackers are static while the threat landscape keeps changing.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- $44 billion in exposed losses to business email compromise over the past five years.
- The cost of a data breach is now $9.44 million.
- There was a 35% increase in phishing attacks last year.
Questions worth separating out
Q: How should security teams reduce business email compromise risk in high-trust workflows?
A: Start by identifying workflows where an email alone can trigger payments, account changes, or data movement.
Q: Why do phishing attacks still succeed in well-defended environments?
A: They succeed because many environments protect the mailbox but not the business process behind it.
Practitioner guidance
- Audit email-triggered high-risk workflows Identify payment, vendor change, and account reset flows that still trust an inbound email as sufficient authority.
- Map trust inheritance across identity paths Trace where a verified human action or authenticated session is allowed to carry authority into downstream systems without re-checking intent.
- Tighten detection for post-phishing identity abuse Look for abnormal login geographies, impossible travel, mailbox forwarding changes, and unexpected access to finance or admin systems after a lure.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- The threat landscape discussion for 2023 and the attacker behaviours driving change.
- The specific cybersecurity myths the webinar says practitioners commonly believe.
- The webinar format and CPE claim details for teams that need continuing-education credit.
- The source presentation's additional guidance on how to prepare for evolving attack patterns.
👉 Watch Abnormal AI's webinar on changing cyber threats and security myths →
Cybersecurity myths and breach losses: what teams need to do now?
Explore further
27/06/2026 2:38 pm
Static prevention assumptions are failing because attackers do not attack on a fixed schedule. Security models that assume one control layer can hold back every intrusion were built for a slower threat environment. Phishing, impersonation, and workflow abuse now adapt faster than many review cycles, so the discipline has to shift from 'did the control exist?' to 'did it still match the current attack pattern?'. Practitioner conclusion: treat resilience as continuous validation, not a one-time design state.
A few things that frame the scale:
- 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: Who should own response when email-based fraud crosses into identity abuse?
A: Ownership should sit with security, IAM, fraud, and business process leaders together. Email compromise becomes an identity issue when the attacker uses trusted access to change accounts, approve actions, or move laterally. That requires joint containment and a shared incident path.
👉 Read our full editorial: Cybersecurity myths are failing as breach and phishing losses rise
