The report, “New Cyber Risk Forecast: AI Is Eroding BEC Controls and Driving Non-Linear Financial Loss,” finds that AI-driven strategy increases likelihood of attack slightly but it’s the financial exposure that can increases dramatically, as much as nine times under typical conditions.

The report identifies a shift to a hybrid “spray-to-target” attack model. In this approach, threat actors begin with broad outreach and escalate to targeted interactions after a recipient engages. Once that transition occurs, attacks move from pattern-based detection to conversation-based manipulation, reducing the effectiveness of traditional email security measures.

This increased effectiveness is possible because in recent years, cybercriminals have used public data to map organizational processes that allow them to develop transaction-focused scenarios tied to real workflows.

The report also highlights a key structural change in how risk develops. While attack likelihood may increase gradually, financial exposure grows more rapidly due to a combination of reduced control effectiveness and the potential for multiple financial actions within normal business operations.

These conditions can allow a single compromise to result in multiple payments or transactions, increasing total losses.