Deepfake-Enabled BEC: The Claim Trend Underwriters Cannot Ignore

Business email compromise has been the most financially devastating category of cybercrime for years. Now deepfakes are supercharging that dynamic, and the claims data is starting to reflect it.

Business email compromise has been the most financially devastating category of cybercrime for years. Now deepfakes are supercharging that dynamic, and the claims data is starting to reflect it.

Business email compromise has been the most financially devastating category of cybercrime for years. The FBI’s Internet Crime Complaint Center recorded 21,442 BEC complaints in 2024 — far fewer than phishing — but the losses hit $2.77 billion. BEC has always punched above its weight because it targets trust, not technology. Now deepfakes are supercharging that dynamic, and the claims data is starting to reflect it.

This is not a theoretical risk. Deepfake fraud losses have reached $12 billion globally, and Deloitte projects that figure could hit $40 billion within two years. Deepfake incidents have surged over 1,500% in the last two years alone. For underwriters and brokers, the question is no longer whether deepfake-enabled BEC will affect your book — it is how fast.

The BEC Problem

Traditional BEC attacks rely on social engineering: compromised email accounts, lookalike domains, or impersonation of executives. The attacker convinces someone in finance to wire money to a fraudulent account. The average loss per BEC incident exceeds $125,000.

These attacks work because they exploit human trust. The victim believes they are responding to a legitimate request from a real person they know. Verification procedures help, but determined attackers find ways around them.

How Deepfakes Change the Equation

Deepfake technology has democratized rapidly. What once required Hollywood-budget resources can now be produced with open-source tools and a few minutes of sample audio or video. For BEC attackers, this opens new attack vectors:

  • Voice cloning: Attackers can impersonate a CEO’s voice from just a few seconds of sample audio, then call the finance team to “confirm” a wire transfer request.
  • Video impersonation: Real-time deepfake video can make an attacker appear to be a known executive during a video call.
  • Hybrid attacks: Combining traditional email compromise with deepfake “verification” creates attacks that bypass standard anti-fraud controls.

Claims Implications

For cyber insurers, deepfake-enabled BEC creates several challenges:

  1. Higher loss severity: Deepfake “verification” can convince victims to transfer larger amounts than email-only attacks.
  2. Coverage questions: Is a deepfake-enabled loss a “social engineering” loss (often sublimited) or a traditional fraud loss?
  3. Due diligence expectations: What verification procedures should policyholders be expected to implement?
  4. Aggregation risk: A single deepfake campaign could hit multiple insureds simultaneously.

What Underwriters Should Do

  1. Update underwriting questionnaires: Ask specifically about voice and video verification procedures for high-value transfers.
  2. Review social engineering sublimits: Consider whether current limits adequately reflect the increased severity risk from deepfakes.
  3. Monitor claims data: Track whether deepfake-related claims are emerging in your book.
  4. Educate brokers: Help distribution partners understand this evolving risk so they can advise insureds appropriately.

For Brokers

Your clients may not realize how quickly this threat is evolving. A brief conversation about deepfake risks and simple controls (callback procedures, out-of-band verification for high-value transfers) can differentiate your service and potentially prevent a major claim.


For related analysis, see Cloud Outages, AI Fraud, and Supply Chain Attacks: The New Cyber Claims Frontier.

For related analysis, see The Five Toxic Powers of Agentic AI — What Underwriters Need to Know.

For related analysis, see Agentic Security: What Underwriters Need to Know in 2026.

This article is for informational purposes only and does not constitute underwriting, legal, or coverage advice.

Michael Guiao Michael Guiao founded Resiliently AI and writes Resiliently. He has CISM, CCSP, CISA, and DPO certifications — but let them lapse, because in the age of AI, knowledge is cheap. What matters is judgment, and that comes from eight years of hands-on work at Zurich, Sompo, AXA, and PwC.

Get the full picture with premium access

In-depth reports, assessment tools, and weekly risk intelligence for cyber professionals.

Starter

€199 /month

Unlimited scans, submission packets, PDF downloads, NIS2/DORA

View Plans →
Best Value

Professional

€490 /month

Full platform — continuous monitoring, API access, white-label reports

Everything in Starter plus professional tools

Upgrade Now →
30-day money-back
Secure via Stripe
Cancel anytime

Free NIS2 Compliance Checklist

Get the free 15-point PDF checklist + NIS2 compliance tips in your inbox.

No spam. Unsubscribe anytime. Privacy Policy

blog.featured

WordPress Plugin Flaw CVE-2023-4213 Exposes 10K+ Sites to Cyber Claims

Cyber Risk ·

6 min read

WordPress Plugin XSS Vulnerability Exposes Cyber Insurance Portfolios to Persistent Web Risks

Cyber Risk ·

5 min read

WordPress Security Plugin Flaw Exposes Organizations to Cyber Claims

Cyber Risk ·

6 min read

WordPress Plugin Flaw Exposes Cyber Insurance Portfolios to SQL Injection Risks

Cyber Risk ·

6 min read

Premium Report

2026 Cyber Risk Landscape Report

24 pages of threat analysis, claims data, and underwriting implications for European cyber insurance.

View Reports →

Related posts

Abandoned WordPress Plugin Exposes 12,000+ Sites to Cyber Risk
Cyber Risk · · 5 min read

Abandoned WordPress Plugin Exposes 12,000+ Sites to Cyber Risk

CVE-2023-5336 in iPanorama 360 plugin creates systemic risk for small businesses. SQL injection vulnerability affects unpatched WordPress sites, highlighting third-party component gaps in cyber insurance coverage.

Acronis CVE-2022-46869: How Consumer Software Creates Enterprise Risk
Cyber Risk · · 5 min read

Acronis CVE-2022-46869: How Consumer Software Creates Enterprise Risk

Local privilege escalation vulnerability in Acronis backup software highlights underwriting risks from consumer-grade tools and patch management gaps.

Acronis Privilege Escalation Flaw Exposes Endpoint Security Gaps
Cyber Risk · · 5 min read

Acronis Privilege Escalation Flaw Exposes Endpoint Security Gaps

CVE-2023-41743 highlights critical endpoint protection weaknesses that expand attack surfaces and increase cyber insurance risk exposure for organizations.