71% - Organizations were targeted by Business Email Compromise fraud. 
40% - Organizations experienced a financial loss due to Business Email Compromise fraud.
Source: 2023 AFP® Payments Fraud and Control Report 


It Can and Does Happen to Organizations Like Yours.

As you know, all institutions need to be on the lookout and proactive in avoiding cybercriminals. The threat grows larger every day and will likely never go away. Establishing a cybersecurity awareness program is only the first step. Your entire organization should be educated and aware of how to stay vigilant in the battle against fraud.

It is important that you continue to stay up to date on the Department of Labor’s (DOL) guidance on cybersecurity for plan sponsors, fiduciaries, plan participants and beneficiaries. We will continue to share information about the DOL's recommended best practices with you. In addition, you can follow the industry-leading cybersecurity practices outlined below. Protecting your organization from cyberattacks is a top priority, but it doesn't have to be intimidating.


  • Understand every step of your business process

o   Determine where there may be risks, and develop controls to mitigate them

  • Create procedures that are well-defined, repeatable, and testable

o   Include testing of the controls


  • Follow your tested procedures

o   Do not deviate unless there is a valid reason; deviations should have secondary review and the nature and reason documented

  • Consider rewriting your procedures if there are frequent deviations


  • Understand current and emerging threats including malware, phishing, social engineering, etc. and best practices to protect against them
  • Train employees to recognize red flags within emails and text messages, and understand the escalation process in the event one appears


  • Give your employees the ability to question when something doesn’t seem right (e.g., when an employee suddenly begins receiving emails from the CEO)
  • Make it convenient and comfortable for employees to speak up when they have questions

Evolve and Enhance

  • Be mindful of the consistently changing threat landscape

o   Criminals are evolving to elude security efforts too

  • Monitor and modify your procedures to align against the changing threat environment as often as possible
  • Review, test and modify procedures and continuity plans on a predetermined schedule – do not deviate from the schedule

Ready to Help

PNC Institutional Asset Management® assists institutions in understanding the identification of red flags and communicating cyber hygiene best practices. If your organization would like assistance, please reach out to your PNC Representative or submit this Contact Us Form