Businesses urged to plan now to avoid summer cyber fraud – Everywhen

Everywhen says clear escalation routes are the key defence, as SME cyber uptake remains a focus for brokers

Businesses urged to plan now to avoid summer cyber fraud – Everywhen

Cyber

By Josh Recamara

The annual leave season creates a predictable window of elevated cyber fraud exposure - and for brokers advising clients on cyber cover, it raises two specific questions that go beyond operational security advice: whether clients' BEC and funds transfer fraud sub-limits are adequate for the losses the current threat environment can produce, and whether the vishing trend accelerating through AI is reflected in how social engineering risk is being underwritten.

The coverage adequacy question

Funds transfer fraud and business email compromise cover in the UK is typically written as a sub-limit rather than up to the full policy limit. That gap between headline sum insured and actual BEC coverage matters most precisely during the periods when BEC attacks are most likely to succeed - and the summer months are one of them. Marsh's 2026 UK cyber outlook found vishing, or voice phishing, attacks doubled over the past year as social engineering campaigns became more personalised, a trend Marsh expects AI to accelerate through more convincing phishing content and deepfake impersonation. The UK cyber market remains soft, with rising insurer capacity keeping premiums relatively low despite the sharpening threat - which means coverage terms rather than pricing are the primary lever brokers should be reviewing with clients before the summer period peaks.

SME uptake remains a parallel concern. Speaking at a BIBA conference this year, a UK government minister acknowledged that cost, complexity and low awareness continue to hold back cyber insurance uptake among smaller firms, noting that few SMEs find information from insurers or brokers very clear. The Department for Science, Innovation and Technology is working with BIBA to help brokers explain cyber risk more effectively - a signal that the distribution gap, not just the coverage gap, is receiving regulatory attention.

Why summer creates the exposure window

Specialist insurer Everywhen, which issued the seasonal warning, makes the case that the elevated summer exposure is not a function of weaker technology defences but of changed human behaviour - which is precisely why it maps onto BEC and social engineering rather than technical intrusion. With decision-makers on annual leave, payment approvals delegated to covering colleagues, and out-of-office messages handing criminals intelligence about who is away and who has assumed their responsibilities, the informal verification checks that normally catch suspicious requests become less accessible.

Analysis from security vendor Abnormal Security found BEC and vendor email compromise attacks climbed steadily through the year in both the US and Europe, with sharp European spikes in August linked to the region's summer holiday culture and distracted employees checking email on mobile devices. The North East Business Resilience Centre has urged firms to verify payment detail changes by phone rather than email during the holiday period, and the National Cyber Security Centre has issued guidance on disrupting BEC attacks targeting executives and budget holders.

Neil D'Mello, client director at Everywhen, framed the mechanism precisely: "The majority of successful cyber fraud doesn't begin with sophisticated hacking. It begins with someone receiving what appears to be a legitimate request and making a perfectly understandable decision, based on the information available to them. Summer simply creates more of those moments."

He added: "Businesses don't need to introduce complicated new controls every summer, but they should review how critical decisions will be made while colleagues are away. Clear approval processes, simple escalation routes and ensuring employees know which controls should never be bypassed can significantly reduce the opportunity for fraudsters."

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!