Business Email Compromise (BEC) is a growing threat to businesses of all sizes. As the sophistication of cybercriminals continues to increase, so does the potential for financial losses from BEC attacks.
In this blog post, we will take a look at the latest statistics on BEC attacks and discuss what businesses can do to protect themselves from this growing threat. We will also discuss the importance of employee education and awareness when it comes to preventing BEC attacks. Finally, we will explore the potential for using technology to detect and prevent BEC attacks.
Business Email Compromise: Most Important Statistics
In May 2022, external, third-party impersonation made up 52% of all Business Email Compromise (BEC) attacks seen by Abnormal, while internal impersonation fell to 48% of all attacks, a 30% year over year increase.
The Business Email Compromise (BEC) Market size is expected to grow from USD 1.1 billion in 2022 to USD 2.8 billion by 2027, at a CAGR of 19.4%.
Business Email Compromise: Statistics Overview
BEC attacks increased 14% in 2020 and resulted in payouts that were 30% larger than the previous year, with 65% of organizations facing BEC attacks and costs rising from $54,000 to $80,183 in one quarter. The energy and infrastructure sector was the most targeted with 93% of BEC attacks.
BEC attacks are on the rise and becoming more profitable for bad actors, making it an increasingly attractive form of cybercrime.
On average, there are 15,208 business email compromises per year from 2013 to 2021, costing an estimated $8.6 billion per year and $43 billion between 2016 and 2021. Reports of BEC attacks have increased by 65% between July 2019 and December 2021, making it a serious issue for businesses to be aware of.
This highlights the prevalence and cost of BEC attacks, making it essential for businesses to take the necessary steps to protect themselves.
Phishing is a major and growing threat, with employees receiving an average of 14 malicious emails per year, and retail workers receiving an average of 49. 86% of organizations have had at least one person click a phishing link, and phishing accounts for around 90% of data breaches.
This is a major concern for businesses, as it can lead to Business Email Compromise (BEC) scams, which can result in significant financial losses.
In May 2022, external, third-party impersonation made up 52% of all Business Email Compromise (BEC) attacks seen by Abnormal, while internal impersonation fell to 48% of all attacks, a 30% year over year increase.
This shows the increasing sophistication of modern email threats and how cybercriminals are adapting their strategies to bypass traditional BEC attacks that rely on executive impersonation.
This is concerning because, according to the FBI, BEC attacks have exposed organizations to $43 billion in losses over the past six years, and real losses continue to grow year over year, making up 35% of all losses to cybercrime in 2021 alone.
Business Email Compromise has resulted in $26 billion in losses since July 2016, with little to no recovery options available.
This highlights the severity of Business Email Compromise and the lack of options available to victims to recover their losses. It also highlights the need for businesses to be aware of the risks associated with this type of fraud and to take steps to protect themselves.
Between June 2016 and December 2021, there were 241,206 reported incidents of internet crime resulting in a total exposed loss of $43,312,749,946.
This highlights the prevalence and financial impact of internet crime. It also shows that U.S. victims are particularly vulnerable to BEC scams, with close to $15 billion in exposed losses reported.
The Business Email Compromise (BEC) Market size is expected to grow from USD 1.1 billion in 2022 to USD 2.8 billion by 2027, at a CAGR of 19.4%.
This shows the rapid growth of BEC crimes and the financial losses associated with them. It also highlights the need for stringent regulatory standards and data privacy compliances to protect businesses from these attacks.
The global Business Email Compromise (BEC) market size is expected to reach USD 4.79 Billion at a steady revenue CAGR of 19.4% in 2030.
This demonstrates the growing scale of BEC scams and spear phishing attacks, which is driving market revenue growth. This highlights the importance of understanding the risks associated with BEC and taking steps to protect against them.
BEC attacks are the most profitable form of cybercrime in 2019, despite being fewer in number than other attacks, and have been used by the Nigerian hacking group SilverTerrier to target organizations critical to COVID-19 response efforts.
This highlights the potential financial damage of BEC attacks and the need for organizations to be aware of the risks and take steps to protect themselves.
Fraudsters are using COVID-19 as an excuse to request fraudulent payment changes, with one case involving a $1 million payment.
Fraudsters are taking advantage of the current pandemic to try and steal money from unsuspecting victims. This highlights the need for businesses to remain vigilant and take extra precautions to protect themselves from these types of scams.
Supplementary Statistics
Business Email Compromise (BEC) attacks increased by 15% in 2020 compared to 2019.
With a 15% increase in attacks compared to 2019, it is clear that organizations need to be more vigilant in protecting their data and systems from these malicious actors. This statistic serves as a call to action for organizations to take the necessary steps to protect themselves from BEC attacks.
In 2020, the total global losses due to BEC scams exceeded $1.8 billion.
It serves as a wake-up call to businesses of all sizes to take the necessary steps to protect themselves from these malicious attacks. The sheer magnitude of the losses incurred is a testament to the need for increased vigilance and security measures to protect against BEC scams.
50% of organizations have experienced a BEC incident in 2019.
This highlights the need for organizations to be aware of the risks posed by BEC and to take steps to protect themselves from such attacks. It also serves as a warning to organizations that have yet to experience a BEC incident that they may be vulnerable to such attacks in the future.
BEC attacks have increased at a rate of 58% per year between 2016 and 2019.
Businesses need to be aware of the risks posed by BEC and to take steps to protect themselves from these attacks. With the rate of BEC attacks increasing by 58% each year, it is clear that businesses must remain vigilant and take proactive measures to protect their data and systems.
The construction industry alone accounted for 22% of BEC victims in 2020.
Thus, there is a need for construction companies to be extra vigilant when it comes to protecting their email accounts and data from malicious actors. It also serves as a warning to other industries that may be vulnerable to BEC attacks, as it demonstrates the potential for significant financial losses if they are not adequately prepared.
In Q3 2021, 57% of all reported cyberattacks were BEC.
Organizations should be vigilant in their security measures and to take proactive steps to protect themselves from this type of attack. It also serves as a warning to individuals to be aware of the risks associated with BEC and to take steps to protect their personal information.
The average BEC attack costs companies $178,000.
49% of BEC attacks used display name deception to impersonate authoritative figures in the recipient’s organization.
Even the most seemingly authoritative figures in an organization may not be who they appear to be, and extra caution should be taken when dealing with emails from unknown sources.
In 2019, BEC attacks accounted for more than $26 billion in adjusted losses globally.
The $26 billion in adjusted losses is a staggering amount that highlights the importance of staying vigilant and taking proactive measures to protect against BEC attacks.
Between 2016 and 2019, BEC attacks targeting the US real estate sector increased by 1100%.
This is a stark reminder of the alarming rate at which Business Email Compromise (BEC) attacks have been targeting the US real estate sector in recent years. It is a clear indication that the sector is particularly vulnerable to such attacks, and that steps must be taken to ensure that it is adequately protected.
The average wire transfer amount in BEC scams doubled from $54,000 to $120,000 in the first six months of 2021 compared to the same period in 2020.
Criminals are becoming increasingly sophisticated in their tactics, and businesses need to be more vigilant in order to protect themselves from these scams. The doubling of the average wire transfer amount in BEC scams in the first six months of 2021 compared to the same period in 2020 is a clear indication that businesses need to take steps to protect themselves from these scams.
In Q1 2020, the average amount lost in a BEC scam was $80,000.
Therefore, businesses to be vigilant and take steps to protect themselves from these types of attacks. With an average loss of $80,000, it is clear that BEC scams can have a devastating impact on businesses of all sizes.
In 2019, BEC attacks were the top source of cybersecurity insurance claims in North America, representing 23% of all claims.
The FBI’s Internet Crime Complaint Center IC3 received 24,849 BEC-related complaints in 2020.
It highlights the need for businesses to be aware of the risks posed by BEC and to take steps to protect themselves from this type of cybercrime. It also serves as a warning to individuals to be vigilant when it comes to their online activities and to be aware of the potential for BEC-related scams.
Conclusion
Business Email Compromise (BEC) is a growing threat to businesses of all sizes. The statistics show that the number of BEC attacks is increasing, and the financial losses associated with them are staggering. Businesses need to be aware of the risks associated with BEC and take steps to protect themselves.
This includes implementing strong security measures, such as two-factor authentication, and training employees to recognize and respond to suspicious emails. By taking proactive steps to protect their data, businesses can reduce their risk of becoming a victim of BEC.
References
1 – https://www.graphus.ai/blog/10-essential-business-email-compromise-statistics/
2 – https://www.businessdit.com/business-email-compromise-statistics/
3 – https://www.tessian.com/blog/phishing-statistics-2020/
4 – https://www.businesswire.com/news/home/20220622005249/en/New-Trend-in-Business-Email-Compromise-Emerges-as-Vendor-Impersonation-Overtakes-CEO-Fraud
5 – https://www.cnbc.com/2019/09/11/email-wire-fraud-cost-26-billion-since-2016-says-fbi.html#:~:text=A%20type%20of%20wire%20fraud%20called%20business%20email,one%20of%20the%20costliest%20cyber%20crimes%20against%20corporations.
6 – https://www.techrepublic.com/article/fbi-43-billion-losses-are-business-email-compromise-fraud-between-2016-2021/
7 – https://www.globenewswire.com/news-release/2022/08/25/2504795/0/en/Business-Email-Compromise-BEC-Market-Worth-2-8-Billion-By-2027-Exclusive-Report-by-MarketsandMarkets.html
8 – https://www.emergenresearch.com/press-release/global-business-email-compromise-market
9 – https://www.techrepublic.com/article/businesses-beware-of-covid-19-email-compromise-scams/
10 – https://www.bankinfosecurity.com/fbi-covid-19-themed-bec-scams-are-on-rise-a-14076
11 – https://www.proofpoint.com
12 – https://www.ic3.gov
13 – https://www.aig.com
14 – https://www.trendmicro.com
15 – https://www.agari.com
16 – https://www.agcs.allianz.com
17 – https://www.fbi.gov
18 – https://www.acfe.com
