Half of UK businesses say they were targeted by fraudsters impersonating senior leaders in the past year, according to new research from Gallagher, which argues that growing executive visibility online is creating a larger attack surface for criminals using deception, extortion, and AI-enabled fraud.
The insurance broking and risk management company said public exposure across LinkedIn, company websites, social media, and speaking appearances is giving attackers more material to work with. The result, it said, is a sharp rise in attempts to imitate senior executives convincingly enough to pressure staff into making payments, sharing sensitive information, or bypassing internal controls.
Gallagher’s research found that just over half of organisations experienced at least one executive impersonation or deception attempt in the past year, while 56% of business leaders said the frequency of incidents had increased. The average cost of a confirmed case was put at more than £758,000. In the most serious cases, organisations reported losses ranging from £1.1 million to £5 million from a single incident.
AI-enabled deception now ranks as the number one concern for directors, cited by 51% of senior leaders. Among the main digital threats identified, 45% of respondents said they were highly exposed to phishing and social engineering, 40% reported high exposure to deepfake scams, and 38% said virtual extortion or impersonation was a major risk. Gallagher said these attacks work because they exploit trust, authority, urgency, and the assumption that a senior executive may be travelling or temporarily unavailable.
The research also pointed to continuing physical security concerns alongside digital ones. More than a third of organisations said they had faced serious kidnap, extortion, or impersonation threats. Separately, 21% reported travel-related security risks and 13% said kidnap-for-ransom exposure remained a concern, particularly for businesses operating internationally or in sectors including marine, military, and natural resources.
The consequences extend beyond the immediate financial loss. Gallagher said 48% of organisations reported increased staff anxiety after an extortion attempt, 46% experienced operational disruption, and 38% suffered reputational damage or loss of client trust. A further 39% said they had to take legal advice or report an incident to a regulator because of potential reporting obligations or exposure under data protection, financial conduct, or governance rules.
Jonathan Rae, Executive Director, Crisis Management at Gallagher, said: “Senior leaders have never been more visible, and that visibility is creating new opportunities for criminals. Public profiles, online activity and digital communications give fraudsters the information they need to convincingly impersonate executives and exploit the trust placed in them.
“Executive risk is no longer confined to physical threats. Today’s attacks are just as likely to happen through inboxes, phone calls or video, using AI and publicly available information to manipulate employees and bypass controls. As the line between digital and physical threats continues to blur, organisations must recognise that executive exposure has increased significantly, and ensure their protection keeps pace.”
For boards and risk teams, the message from the data is operational as much as technical: executive exposure now sits across cyber controls, staff training, travel security, and crisis response planning rather than within a single function.
