Half of All UK Firms Targeted by Fraudsters Impersonating Senior Bosses, As Executives’ Personal Lives Become Increasingly Exposed Online

Senior executives are more visible, identifiable and exposed than ever before and criminals are exploiting this exposure, with half of UK businesses targeted by fraudsters impersonating senior leaders in the past year, according to new research from global insurance broking and risk management firm, Gallagher.

From LinkedIn profiles and company websites to social media posts and public speaking engagements, senior leaders' roles, movements and personal details are now widely accessible online, giving fraudsters the information they need to convincingly impersonate executives, manipulate employees and target organisations directly.

This growing visibility is fuelling a surge in executive impersonation, extortion and digital deception, with average incident costs exceeding £758,000. In the most serious cases, the damage is far greater, with organisations reporting losses of £1.1 million to £5 million from a single incident.

Just over half (50%) of organisations experienced at least one executive impersonation or deception attempt in the past year, while 56% of business leaders say the frequency of these incidents has increased, indicating the threat has become a mainstream business risk.

Criminals are increasingly exploiting the public profile and authority of senior leaders. Fraudsters pose as CEOs, CFOs or senior colleagues using fake email addresses, cloned voices, or AI-generated video, pressuring employees into authorising payments, sharing sensitive information or bypassing internal controls.

These attacks succeed because they exploit trust and authority. Employees are far more likely to act quickly when a request appears to come from a senior executive, especially when combined with urgency, time pressure or the impression that the executive is travelling or unavailable.

Deepfake attacks

AI-enabled deception is the number one concern for directors, cited by 51% of senior leaders, overtaking more traditional digital and physical security risks. Organisations remain most concerned about digital threats:

• 45% say they are highly exposed to phishing and social engineering, where fraudsters send fake emails or messages designed to trick people into sharing information or making payments.
• 40% report high exposure to deepfake scams, where technology is used to mimic someone's voice, image or writing style to make the deception seem genuine.
• 38% say virtual extortion or impersonation is a major risk, where fraudsters pretend to be a senior leader or a trusted contact to pressure someone into urgently sending money or sensitive information.

Alongside digital extortion physical threats remain an issue

The research also shows that threats to employees is not just via screens and inboxes as 21% report travel-related security risks, such as traveling to an area with a higher risk of physical attacks, and 13% say kidnap-for-ransom exposure remains a concern. Senior executives are more visible and easier to identify and track in an online age, where roles, travel and personal details are often publicly available through company websites, social media and professional profiles.

Kidnap for ransom is a particular issue for firms that work internationally, with the threat of this being prevalent for those working in sectors such as marine, military and natural resources and for companies that work in emerging and developing economies.

Beyond the financial fallout

These incidents don't just create monetary damage, they affect how the business fundamentally operates and its people, shaking confidence across an organisation. Specifically:

• 48% of organisations report increased staff anxiety following an extortion attempt
• 46% say the incident caused operational disruption
• 38% suffered reputational damage or loss of client trust
• 39% had to take legal advice or had to report the incident to their industry regulator because it could trigger legal reporting obligations, expose the organisation to regulatory scrutiny or involve potential breaches of data protection, financial conduct or governance requirements

Jonathan Rae, executive director, Crisis Management at Gallagher, said: "Senior leaders have never been more visible, and that visibility is creating new opportunities for criminals. Public profiles, online activity and digital communications give fraudsters the information they need to convincingly impersonate executives and exploit the trust placed in them.

"Executive risk is no longer confined to physical threats. Today's attacks are just as likely to happen through inboxes, phone calls or video, using AI and publicly available information to manipulate employees and bypass controls. As the line between digital and physical threats continues to blur, organisations must recognise that executive exposure has increased significantly, and ensure their protection keeps pace."