Understanding the source of Business email compromise is only the first step. The next challenge is quantifying the risk to an enterprise when employee email accounts appear in one, two, or even multiple breaches. A single exposure might reveal basic credentials, but repeated compromises across different platforms often provide attackers with a fuller picture—combining passwords, recovery details, and personal identifiers. This layering effect greatly increases the likelihood of account takeover and targeted attacks such as BEC, credential stuffing, or spear phishing. By measuring how risk escalates with each additional breach, organizations can better prioritize remediation efforts, enforce stronger authentication, and design policies that address not just isolated leaks but the cumulative exposure of their workforce.
Here we provide a work-in-progress framework for this:
Now, given a sample of 50K emails, we try to see how many emails fall into each of the above category/frequency matrix.
