Explore the new cyber crime threats facing organisations, from AI-enabled fraud and deepfakes to invoice manipulation – and learn how Costero’s Crime Connect insurance solution can help insurers, brokers, MGAs and InsurTechs protect business clients.
Cyber crime is no longer only about hackers breaking into systems. For many organisations, the more immediate and significant threat is financial fraud using deceptive emails, manipulated invoices, fake payment instructions, cloned voices, deepfake video calls and impersonation of trusted executives, suppliers or clients. These attacks are becoming more frequent, more believable and more costly. In this article, we highlight five of the most important cyber crime threats facing organisations today, explain why standard cyber insurance may not be enough, and show how working with a specialist Lloyd’s broker such as Costero Brokers can help you build more effective cyber crime protection.
Cyber crime today is more than just malicious hacking
Cyber security remains a board-level priority for organisations. Ransomware, data breaches, remote access compromise and system downtime continue to be serious threats. The UK Government’s 2025/26 Cyber Security Breaches Survey found that 43% of UK companies identified a cyber breach or attack in the previous 12 months, affecting an estimated 612,000 businesses. (Source: UK Government)
But the cyber risk landscape is evolving. Criminals do not always need to defeat your firewall if they can persuade a member of your finance team to make a real payment to the wrong account. Business email compromise, invoice manipulation, supplier impersonation and fund transfer fraud exploit the normal flow of business. They target trust, urgency and routine.
The FBI’s 2025 Internet Crime Report showed cyber-enabled crimes defrauded US victims of nearly USD $21 billion, with AI-enabled incidents among the costliest at almost USD $893 million. The FBI also highlighted compromised corporate emails, voice clones, fake credentials and believable videos as part of the modern fraud toolkit. (Source: FBI)
For organisations today, this is the uncomfortable reality: the weakest point may not be your technology, but the moment a busy employee receives a credible-looking request from someone they think they know and trust.
The top 5 cyber crime threats facing organisations today
-
AI-enabled social engineering
Social engineering is the use of deception to manipulate people into revealing information, changing details, making payments or taking other actions that benefit the criminal.
The technique is not new, but artificial intelligence (AI) has made it more scalable and persuasive. AI can also reduce the obvious red flags – poor grammar, awkward phrasing or inconsistent tone – that once helped staff spot suspicious emails.
Criminals can now generate polished fake emails, translate them accurately, imitate writing styles and produce more convincing lures at volume. They are increasingly using technology to make impersonation more effective, including cloned voices, video deepfakes and executive impersonation.
Social engineering can bypass many traditional controls. A payment instruction may appear to come from a trusted email account. The language may sound normal. The timing may fit a genuine transaction. By the time the fraud is spotted, the money may already have moved through several accounts or jurisdictions.
-
Deepfake executive impersonation
The best-known recent deepfake fraud example remains the 2024 case in Hong Kong, where an employee of global engineering firm Arup was reportedly deceived into transferring HKD $200 million, around USD $25 million, after attending what appeared to be a video call with senior executive colleagues. Arup confirmed that fake voices and images were used and said its internal systems were not compromised. (Source: The Guardian)
This was not simply a systems breach – it was a sophisticated deception that exploited trust, hierarchy and normal approval behaviour. The employee believed the instruction was legitimate because the people on the call appeared to be real executives of the business.
For organisations with international finance teams, multiple offices, remote working, high-value payments or decentralised approval processes, this creates a serious exposure. Criminals can scrape public video, podcasts, webinars, social media and conference appearances to build more convincing impersonations of executives, clients or suppliers.
-
Business email compromise and fund transfer fraud
Business email compromise (BEC) remains one of the most damaging forms of cyber-enabled financial crime. The UK Government’s Fraud Strategy 2026-2029 defines business email compromise as fraud where criminals impersonate a trusted contact by email to divert payments or steal sensitive business data. (Source: UK Government)
A 2026 cyber claims study found that business email compromise and funds transfer fraud together accounted for 58% of claims analysed, while 71% of funds transfer fraud claims were directly linked to social engineering. (Source: Coalition)
Typical scenarios include:
- Criminals impersonate suppliers and ask for bank details to be changed.
- Finance teams receive convincing emails from compromised executive accounts.
- Client or vendor accounts are taken over and used to redirect legitimate payments.
- Fraudsters insert themselves into genuine transactions and manipulate payment instructions.
These risks are now becoming daily business exposures for all kinds and sizes of organisation.
-
Invoice manipulation and supplier impersonation
Invoice manipulation is especially dangerous because it hides inside normal commercial processes. Businesses in sectors such as construction, manufacturing, real estate and professional services often deal with large invoices, multiple parties and frequent payment changes. That gives fraudsters room to manoeuvre.
A 2026 cyber claims report found financial fraud is now the most common incident type, representing around 30% of claims for the third consecutive year. Average stolen funds reached USD $285,000 per incident in 2025, up 16% year on year. The largest single financial fraud loss in that analysis reached USD $9.7 million. (Source: Help Net Security)
The most dangerous invoice frauds often look boring. That is exactly why they work. A payment update, a changed account number or a slightly altered invoice may not trigger alarm if it appears to come from a known supplier at the right point in a transaction.
-
Abuse of trusted platforms and cloud infrastructure
Cyber criminals increasingly hide inside tools that businesses already trust. Instead of relying only on suspicious domains or obvious malware links, attackers route malicious content through legitimate services, cloud platforms and collaboration tools.
The 2026 InsurSec Report suggested that attackers are using services such as Microsoft Exchange Online, Cloudflare, Canva, TikTok and Dropbox to make fraudulent emails look more legitimate and harder for legacy email filters to block. It also found that email was the initial entry vector in 82% of financial fraud claims. (Source: At-Bay)
This is a major challenge for organisations because employees are trained to trust familiar platforms. A link that appears to come through a recognised service may not feel suspicious. Yet it can still lead to credential theft, email account compromise and fraudulent payment instructions.
How organisations can defend themselves
Strong controls still reduce cyber risk. Organisations should review their payment processes, train employees to recognise fraud, and strengthen identity and access controls. Practical steps for organisations include:
- Require call-back verification for new bank details and urgent payment changes, using trusted contact details – not those newly supplied.
- Use multi-person approval for high-value transfers.
- Apply multi-factor authentication across email, finance and remote access systems.
- Train staff on deepfake, voice cloning and supplier impersonation risks.
- Segregate payment authority so that no single person can approve and release large transfers.
- Consider a short cooling-off period for first payments to new accounts or urgent changes to supplier bank details.
- Escalate suspected fraud immediately, including prompt notification to banks, law enforcement and insurers where appropriate.
However, no cyber security measures can guarantee total protection. People make mistakes. Supplier accounts get compromised. AI-generated impersonations are becoming more believable. That is why cyber insurance must be part of the wider resilience strategy, not an afterthought.
Why standard cyber insurance may not be enough
Many conventional cyber policies were designed primarily around risks from data breaches, ransomware, system compromise, privacy liability and business interruption. Those covers remain valuable, but they may not respond adequately to large financial fraud losses.
If covered at all, risks such as social engineering, invoice manipulation and fund transfer fraud may be subject to low sublimits, often around USD $250,000.
That may be nowhere near enough if a fraudster diverts a seven-figure payment. A business can have cyber insurance and still discover that the relevant fraud cover is only a fraction of the loss.
How specialist cyber crime cover can help close the gap
To address this protection gap, Costero Brokers has developed a specialist cyber crime insurance solution – Costero Crime Connect. The product is proprietary to Costero and has been developed in partnership with Lloyd’s of London syndicates to provide standalone or excess limits for e-crime cover up to USD $10 million.
Costero Crime Connect can help organisations access higher limits for key cyber crime exposures, including:
- Social engineering
- Invoice manipulation
- Fund transfer fraud
The capacity can be structured in several ways, including excess of sublimits within an existing cyber policy, standalone e-crime coverages, or standalone e-crime coverages alongside traditional crime insuring agreements.
For insurers, brokers, MGAs and InsurTechs, that flexibility is a real advantage. Some client organisations may need to top up low sublimits in an existing cyber programme – while others may need a dedicated e-crime solution because their payment flows, client base, industry sector or transaction values create a larger exposure.
Building protection around evolving cyber crime risks
Cyber criminals are not waiting for insurance policies to catch up. They are already using AI, deepfakes, compromised emails, supplier impersonation and trusted digital platforms to target organisations and their staff.
Costero Brokers can help insurers, brokers, MGAs and InsurTechs protect clients against these growing cyber crime risks – and can also work directly with larger organisations. We can review where current cyber and crime insurance arrangements may leave gaps, assess whether fraud limits match real-world exposure, and access specialist Lloyd’s capacity for cyber crime risks.
To learn more about Costero Crime Connect and discuss your cyber crime insurance challenges, get in touch with Costero Brokers and speak to our expert, Jonathan Olley, Divisional Director – Cyber, Media & Technology.
