Half of UK businesses have been targeted by fraudsters impersonating senior leaders in the past year, as the increasing visibility of senior executives online is making them more vulnerable.
According to new research from global insurance broking and risk management firm Gallagher, senior leaders’ roles, movements and personal details are giving fraudsters the information they need to convincingly impersonate executives, manipulate employees, and target organisations directly.
LinkedIn profiles, company websites, social media posts and public speaking engagements all give criminals a way in to committing fraud, found the study.
This growing visibility is fuelling a surge in executive impersonation, extortion and digital deception, with average incident costs exceeding £758,000. In the most serious cases, the damage is far greater, with organisations reporting losses of £1.1 million to £5 million from a single incident.
Just over half of organisations experienced at least one executive impersonation or deception attempt in the past year, while 56% of business leaders said the frequency of these incidents has increased, indicating the threat has become a mainstream business risk.
The study found that criminals were increasingly exploiting the public profile and authority of senior leaders.
Fraudsters posed as CEOs, CFOs or senior colleagues using fake email addresses, cloned voices, or AI-generated video, pressuring employees into authorising payments, sharing sensitive information, or bypassing internal controls.
These attacks succeeded because they exploited trust and authority, said the report. Employees were far more likely to act quickly when a request appeared to come from a senior executive, especially when combined with urgency, time pressure, or the impression that the executive is travelling or unavailable.
AI-enabled deception was the number one concern for directors surveyed, cited by 51% of senior leaders, overtaking more traditional digital and physical security risks.
Executive risk is no longer confined to physical threats. Today’s attacks are just as likely to happen through inboxes, phone calls or video, using AI” – Jonathan Rae, Gallagher
Organisations also told researchers they were increasingly exposed on a number of fronts: 45% said they were highly exposed to phishing and social engineering and 40% reported high exposure to deepfake scams, where technology is used to mimic someone’s voice, image or writing style to make the deception seem genuine.
A similar proportion of those firms surveyed said virtual extortion or impersonation was a major risk, where fraudsters pretend to be a senior leader or a trusted contact to pressure someone into urgently sending money or sensitive information.
Alongside digital extortion physical threats were an issue, particularly where travel was involved, with 13% saying kidnap-for-ransom exposure was a concern. Senior executives are more visible and easier to identify and track in an online age, were roles, travel and personal details are often publicly available through company websites, social media and professional profiles, said the research.
The knock-on effects of these risks shook confidence across an organisation. For example, 48% of organisations reported increased staff anxiety following an extortion attempt and 38% suffered reputational damage or loss of client trust.
One in three organisations surveyed had had to take legal advice or had to report an incident to their industry regulator to avoid exposing the organisation to regulatory scrutiny, or involve potential breaches of data protection, financial conduct, or governance requirements.
Jonathan Rae, executive director, crisis management at Gallagher, said: “Senior leaders have never been more visible, and that visibility is creating new opportunities for criminals. Public profiles, online activity and digital communications give fraudsters the information they need to convincingly impersonate executives and exploit the trust placed in them.
“Executive risk is no longer confined to physical threats. Today’s attacks are just as likely to happen through inboxes, phone calls or video, using AI and publicly available information to manipulate employees and bypass controls. As the line between digital and physical threats continues to blur, organisations must recognise that executive exposure has increased significantly, and ensure their protection keeps pace.”
Latest HR job opportunities on Personnel Today
Sign up to our weekly round-up of HR news and guidance
Receive the Personnel Today Direct e-newsletter every Wednesday
Browse more human resources jobs
Click Here For The Original Source.
