Gartner® BEC attacks: How to Protect Organizations Against Business Email Compromise Phishing
Gartner® BEC attacks: BEC attacks use targeted social engineering to succeed and maximize payout to attackers, making them a fast-growing threat to organizations. This research guides security and risk management leaders in upgrading their existing technologies and processes to protect against this threat.
Key takeaways:
- Endpoint protection platform (EPP) and endpoint detection and response (EDR) solutions do not protect against business email compromise (BEC) attacks.
- BEC phishing is commonly combined with account takeover (ATO) of the sender’s account.
- Human errors account for approximately 74% of all security breaches.
- Upgrade to an AI-based secure email solution.
SRM leaders should implement DMARC in particular, as it will help to prevent exact domain name spoofing. Organizations should seek out vendors and suppliers with active DMARC policies.
"Gartner, BEC attacks: How to Protect Organizations Against Business Email Compromise Phishing, Franz Hinner, 28 March 2025"
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
SRM leaders should implement DMARC in particular, as it will help to prevent exact domain name spoofing. Organizations should seek out vendors and suppliers with active DMARC policies.