Rapid7 is warning that senior executives’ publicly available digital footprints are becoming a primary entry point for targeted cyberattacks, with new research showing how easily surface-web data can be weaponised against organisations.
Drawing on hundreds of incident response and advisory engagements across 2024–2025, the company found that attackers are increasingly combining open-source intelligence — including social media activity, corporate biographies, public records and breached credentials — to build detailed profiles of senior leaders. These profiles are then used to support social engineering, impersonation campaigns and business email compromise (BEC).
In many cases, Rapid7 found that roughly 60% of an executive’s overall exposure could be identified through simple online searches, without the need for dark web access or advanced tooling. Additional risk stems from credentials circulating in criminal forums, where previously breached usernames and passwords can be paired with publicly available contextual data to increase the credibility of phishing or impersonation attempts.
The research underscores how executive targeting has evolved beyond opportunistic phishing. Threat actors are increasingly investing time in reconnaissance, mapping relationships, travel patterns, speaking engagements and personal interests to craft convincing pretexts. For critical risk leaders (CRLs) and security teams, this shifts the defensive challenge from purely technical controls to broader digital footprint management.
Rapid7 introduces an “Exposure Prevention Score” as part of the research, designed to quantify executive risk across categories such as social media visibility, data broker listings, public records and leaked credentials. While the methodology is vendor-developed, the concept reflects a growing industry focus on measurable executive exposure management as a component of enterprise risk.
The report also identifies variations by industry and geography. U.S.-based executives were generally found to have higher levels of public exposure than European counterparts, likely reflecting differences in data privacy regimes and public records accessibility. Although the research does not provide Australia-specific data, the patterns are relevant in an environment where local organisations face rising BEC losses and increasingly sophisticated impersonation attacks.
For boards and executive teams, the findings reinforce the need to treat personal digital hygiene as part of corporate risk management. Controls such as phishing-resistant multi-factor authentication, credential monitoring, executive threat intelligence and data broker removal services are becoming standard components of protective security programs. Equally important is coordination between cybersecurity and physical security teams, particularly where online reconnaissance can be used to enable real-world targeting or harassment.
The broader implication is that executive visibility — once considered primarily a brand or communications asset — now carries quantifiable cyber risk. As attackers continue to blend open-source intelligence with breached data sets, reducing the attack surface at the individual leadership level is becoming an essential layer in organisational resilience strategies.
You can read the full report here.
