Social engineering fraud

Our Risk & Resilience report ‘Spotlight on Cyber Threats and Tech Advances 2026’ looks at the new cyber reality.

Watch the video to learn how a key threat – social engineering scams – work and how organisations can strengthen their defences. 

Social engineering fraud continues to evolve as criminals exploit trust, urgency and increasingly sophisticated technology to deceive employees into transferring money, securities or sensitive business information.

Impersonation is now multi-channel

AI-generated voice and video impersonation has made these schemes harder to detect. A single attack may combine an urgent email, a cloned voice message and a deepfake video call, creating the impression that an employee is speaking with a trusted executive, colleague, client or vendor.

Human safeguards matter

Although technology plays a growing role, these losses often still turn on human decision-making, which is why clear procedures, employee training and strong payment verification controls remain critical. Businesses should ensure that requests to transfer funds, change payment instructions or release sensitive information are independently verified through a trusted channel, particularly when the request is urgent, unusual or involved senior leadership.

Controls and covers are crucial

Voice and video impersonations are no longer an emerging risk; it’s a present-day cyber-enabled fraud threat. Businesses need strong controls to prevent fraudulent transfers and appropriate insurance protection for losses resulting from fraud and deception.