GITNUX REPORT 2024

2021 Business Email Compromise statistics: Attacks surge, costs soar.

BEC attacks surge by 81% in 2021, costing companies $80,000 on average, with alarming tactics.

Author: Jannik Lindner

First published: 7/17/2024

Statistic 1

The average BEC attack takes 4.8 days to complete

Statistic 2

91% of BEC attacks occur on weekdays

Statistic 3

The average BEC attack targets 6 employees within an organization

Statistic 4

The average BEC attack lasts for 3.5 days before being detected

Statistic 5

The average BEC attack targets 3.8 departments within an organization

Statistic 6

The average BEC attack involves 4.7 email exchanges

Statistic 7

The average BEC attack targets 14 employees per 10,000 email users

Statistic 8

The average BEC attack uses 2.8 different email addresses

Statistic 9

The average BEC attack takes 7.3 days to resolve

Statistic 10

The average BEC attack targets 3.7 countries per campaign

Statistic 11

The average BEC attack uses 5.2 different subject lines

Statistic 12

The average BEC attack uses 2.5 different payment methods

Statistic 13

64% of organizations experienced a BEC attack in 2020

Statistic 14

85% of organizations have experienced at least one BEC attack attempt

Statistic 15

74% of organizations have implemented additional security measures to combat BEC attacks

Statistic 16

89% of organizations have implemented employee training to combat BEC attacks

Statistic 17

78% of organizations have implemented multi-factor authentication to prevent BEC attacks

Statistic 18

67% of organizations have implemented DMARC to combat BEC attacks

Statistic 19

83% of organizations have implemented email authentication protocols to prevent BEC attacks

Statistic 20

77% of BEC attacks target employees outside the finance and executive teams

Statistic 21

BEC attacks targeting small businesses increased by 81% in 2020

Statistic 22

The average BEC attack targets employees with 8+ years of tenure

Statistic 23

71% of BEC attacks use display name spoofing

Statistic 24

BEC attacks originating from free webmail accounts increased by 25% in 2020

Statistic 25

BEC attacks targeting cloud-based email services increased by 67% in 2020

Statistic 26

72% of BEC attacks use urgency or pressure tactics

Statistic 27

47% of BEC attacks use domain spoofing techniques

Statistic 28

61% of BEC attacks use social engineering tactics

Statistic 29

BEC attacks targeting cloud-based email services increased by 67% in 2020

Statistic 30

43% of BEC attacks use lookalike domain names

Statistic 31

57% of BEC attacks use email thread hijacking techniques

Statistic 32

The average BEC attack uses 3.2 social engineering tactics

Statistic 33

BEC attacks using AI-generated content increased by 1,200% in 2020

Statistic 34

52% of BEC attacks use language translation tools to target global organizations

Statistic 35

BEC attacks using deepfake technology increased by 400% in 2020

Statistic 36

Business Email Compromise (BEC) attacks increased by 81% from 2020 to 2021

Statistic 37

BEC attacks increased by 15% in Q3 2021 compared to Q2

Statistic 38

65% of organizations report that BEC attacks have become more sophisticated

Statistic 39

BEC attacks increased by 1,300% from 2015 to 2020

Statistic 40

BEC attacks using COVID-19 themes increased by 2,000% in 2020

Statistic 41

68% of organizations report that BEC attacks have become more targeted

Statistic 42

BEC attacks targeting remote workers increased by 71% in 2020

Statistic 43

BEC attacks targeting cloud-based collaboration platforms increased by 200% in 2020

Statistic 44

CEO fraud accounts for 39% of all BEC attacks

Statistic 45

48% of BEC attacks request gift cards as payment

Statistic 46

30% of BEC attacks impersonate the CEO or other C-level executives

Statistic 47

BEC attacks using invoice fraud increased by 155% from 2019 to 2020

Statistic 48

BEC attacks requesting wire transfers increased by 48% in 2020

Statistic 49

BEC attacks requesting payroll diversion increased by 815% from 2018 to 2020

Statistic 50

BEC attacks using vendor email compromise increased by 82% in 2020

Statistic 51

BEC attacks requesting cryptocurrency payments increased by 1,500% in 2020

Statistic 52

63% of organizations have experienced a BEC attack targeting their supply chain

Statistic 53

The average BEC attack costs organizations $80,000

Statistic 54

In 2020, BEC scams accounted for 43% of all cybercrime losses

Statistic 55

The average amount requested in BEC attacks increased by 35% from 2019 to 2020

Statistic 56

53% of organizations have experienced financial losses due to BEC attacks

Statistic 57

The average BEC attack results in $75,000 in losses per incident

Statistic 58

The healthcare industry is the most targeted sector for BEC attacks

Statistic 59

The real estate sector saw a 480% increase in BEC attacks from 2016 to 2019

Statistic 60

The manufacturing industry experienced a 156% increase in BEC attacks in 2020

Statistic 61

The education sector saw a 75% increase in BEC attacks in 2020

Statistic 62

The financial services industry experienced a 130% increase in BEC attacks in 2020

Statistic 63

BEC attacks targeting the energy sector increased by 93% in 2020

Statistic 64

BEC attacks targeting the healthcare sector increased by 300% during the COVID-19 pandemic

Statistic 65

BEC attacks targeting non-profit organizations increased by 75% in 2020

Share:FacebookLinkedIn
Sources

Our Reports have been cited by:

Trust Badges

Summary

  • Business Email Compromise (BEC) attacks increased by 81% from 2020 to 2021
  • The average BEC attack costs organizations $80,000
  • In 2020, BEC scams accounted for 43% of all cybercrime losses
  • 64% of organizations experienced a BEC attack in 2020
  • CEO fraud accounts for 39% of all BEC attacks
  • 71% of BEC attacks use display name spoofing
  • The healthcare industry is the most targeted sector for BEC attacks
  • BEC attacks increased by 15% in Q3 2021 compared to Q2
  • 48% of BEC attacks request gift cards as payment
  • The average amount requested in BEC attacks increased by 35% from 2019 to 2020
  • 77% of BEC attacks target employees outside the finance and executive teams
  • BEC attacks originating from free webmail accounts increased by 25% in 2020
  • The real estate sector saw a 480% increase in BEC attacks from 2016 to 2019
  • 65% of organizations report that BEC attacks have become more sophisticated
  • BEC attacks targeting cloud-based email services increased by 67% in 2020

In the world of cybercrime, where emails can deceive as swiftly as they arrive, Business Email Compromise (BEC) attacks have been flourishing like never before. From the jaw-dropping 81% surge in BEC attacks from 2020 to 2021 to the mind-boggling fact that 43% of all cybercrime losses in 2020 were attributed to BEC scams, its clear that organizations are facing a serious email warfare. As the average BEC attack costs a hefty $80,000 and targets a broad spectrum of sectors with cunning tactics like CEO fraud and display name spoofing, its time to dive into the alarming statistics that paint a vivid picture of this digital battlefield.

Attack Characteristics

  • The average BEC attack takes 4.8 days to complete
  • 91% of BEC attacks occur on weekdays
  • The average BEC attack targets 6 employees within an organization
  • The average BEC attack lasts for 3.5 days before being detected
  • The average BEC attack targets 3.8 departments within an organization
  • The average BEC attack involves 4.7 email exchanges
  • The average BEC attack targets 14 employees per 10,000 email users
  • The average BEC attack uses 2.8 different email addresses
  • The average BEC attack takes 7.3 days to resolve
  • The average BEC attack targets 3.7 countries per campaign
  • The average BEC attack uses 5.2 different subject lines
  • The average BEC attack uses 2.5 different payment methods

Interpretation

In the sophisticated dance of cybercrime, the Business Email Compromise statistics paint a picture of a well-orchestrated symphony of deception. From the intricate web that targets multiple employees and departments within an organization to the elaborate choreography of email exchanges, each move is calculated to perfection. With a touch of irony, one can almost admire the precision and dedication that scammers put into their craft – if only they would channel such talent into honest endeavors. Alas, the average BEC attack remains a cunning maestro, conducting its sinister symphony across borders and currencies, leaving a trail of financial woes in its wake. It's a reminder that in the world of cyber threats, vigilance and a healthy dose of skepticism are the best defense against these digital maestros playing their fraudulent tunes.

Attack Prevalence

  • 64% of organizations experienced a BEC attack in 2020
  • 85% of organizations have experienced at least one BEC attack attempt

Interpretation

In a world where cyber criminals can be more persistent than a telemarketer trying to sell you extended car warranties, the statistics paint a concerning picture - it seems like every organization is fair game for Business Email Compromise attacks. With a whopping 85% of organizations facing at least one attempted attack, it's clear that BEC scammers have better networking skills than most professionals in the corporate world. So, remember to always keep your cybersecurity defenses as sharp as the wit in your email responses - because in this digital age, the only thing pale about your inbox should be the paper it's printed on.

Attack Prevention

  • 74% of organizations have implemented additional security measures to combat BEC attacks
  • 89% of organizations have implemented employee training to combat BEC attacks
  • 78% of organizations have implemented multi-factor authentication to prevent BEC attacks
  • 67% of organizations have implemented DMARC to combat BEC attacks
  • 83% of organizations have implemented email authentication protocols to prevent BEC attacks

Interpretation

In a world where cyber threats lurk around every virtual corner, these statistics paint a picture of organizations arming themselves to the teeth in the battle against Business Email Compromise. It seems the key to staying ahead in this high-stakes game of digital cat and mouse is not just technological prowess, but also a well-trained and vigilant human firewall. With multi-factor authentication, employee training, and email authentication protocols becoming the new digital shields, one thing is abundantly clear – when it comes to BEC attacks, the only acceptable defense is a comprehensive one.

Attack Targets

  • 77% of BEC attacks target employees outside the finance and executive teams
  • BEC attacks targeting small businesses increased by 81% in 2020
  • The average BEC attack targets employees with 8+ years of tenure

Interpretation

These BEC statistics paint a picture of cybercriminals as equal opportunity offenders, showing no mercy even to those outside the ivory towers of finance and upper management. Small businesses might think they fly under the radar, but the alarming 81% spike in attacks should serve as a wake-up call. And the fact that experience doesn't shield employees, with the average target having 8+ years on the job, is a sobering reminder that vigilance against BEC schemes is a prerequisite for professionals at all levels of an organization. Remember, in the cyber world, tenure means little to those phishing for trouble.

Attack Techniques

  • 71% of BEC attacks use display name spoofing
  • BEC attacks originating from free webmail accounts increased by 25% in 2020
  • BEC attacks targeting cloud-based email services increased by 67% in 2020
  • 72% of BEC attacks use urgency or pressure tactics
  • 47% of BEC attacks use domain spoofing techniques
  • 61% of BEC attacks use social engineering tactics
  • BEC attacks targeting cloud-based email services increased by 67% in 2020
  • 43% of BEC attacks use lookalike domain names
  • 57% of BEC attacks use email thread hijacking techniques
  • The average BEC attack uses 3.2 social engineering tactics
  • BEC attacks using AI-generated content increased by 1,200% in 2020
  • 52% of BEC attacks use language translation tools to target global organizations
  • BEC attacks using deepfake technology increased by 400% in 2020

Interpretation

In a world where cybercriminals are stepping up their game faster than a toddler on a sugar rush, it's no surprise that Business Email Compromise (BEC) attacks are getting sneakier by the minute. With stats showing that BEC attacks now come with more bells and whistles than a fancy parade, it's clear that hackers are playing a high-stakes game of cat and mouse with our digital defenses. From email spoofing to social engineering tactics and even throwing in some AI-generated content for good measure, it seems like these cyber villains have taken the phrase "work smarter, not harder" to heart. So, buckle up, folks, because it looks like the wild west of the internet just got a whole lot wilder.

Attack Trends

  • Business Email Compromise (BEC) attacks increased by 81% from 2020 to 2021
  • BEC attacks increased by 15% in Q3 2021 compared to Q2
  • 65% of organizations report that BEC attacks have become more sophisticated
  • BEC attacks increased by 1,300% from 2015 to 2020
  • BEC attacks using COVID-19 themes increased by 2,000% in 2020
  • 68% of organizations report that BEC attacks have become more targeted
  • BEC attacks targeting remote workers increased by 71% in 2020
  • BEC attacks targeting cloud-based collaboration platforms increased by 200% in 2020

Interpretation

In the fast-paced world of cybercrime, Business Email Compromise (BEC) attacks have been on a relentless upward trajectory, with statistics painting a picture that is both alarming and, dare I say, impressively devious. From the mind-boggling 1,300% increase in BEC attacks over the past five years to the cheeky 2,000% spike in COVID-19-themed scams amidst the chaos of 2020, it's clear that scammers are not only prolific but also adapting at a frightening pace. With BEC attacks becoming more sophisticated, targeted, and even honing in on remote workers and cloud platforms, it's no longer just about being cautious—it's about being two steps ahead in this high-stakes game of digital cat and mouse.

Attack Types

  • CEO fraud accounts for 39% of all BEC attacks
  • 48% of BEC attacks request gift cards as payment
  • 30% of BEC attacks impersonate the CEO or other C-level executives
  • BEC attacks using invoice fraud increased by 155% from 2019 to 2020
  • BEC attacks requesting wire transfers increased by 48% in 2020
  • BEC attacks requesting payroll diversion increased by 815% from 2018 to 2020
  • BEC attacks using vendor email compromise increased by 82% in 2020
  • BEC attacks requesting cryptocurrency payments increased by 1,500% in 2020
  • 63% of organizations have experienced a BEC attack targeting their supply chain

Interpretation

In a world where cybercriminals' creativity knows no bounds, the alarming rise in Business Email Compromise (BEC) attacks is both astounding and concerning. From CEO impersonations to gift card ransoms and cryptocurrency demands, these scammers are playing a high-stakes game of digital manipulation. The statistics speak volumes – with BEC attacks evolving and multiplying at an alarming rate, it's clear that businesses must fortify their defenses and educate their employees to navigate this treacherous cyber landscape. After all, in the realm of cyber warfare, vigilance is key, and complacency is not an option.

Financial Impact

  • The average BEC attack costs organizations $80,000
  • In 2020, BEC scams accounted for 43% of all cybercrime losses
  • The average amount requested in BEC attacks increased by 35% from 2019 to 2020
  • 53% of organizations have experienced financial losses due to BEC attacks
  • The average BEC attack results in $75,000 in losses per incident

Interpretation

In the ever-evolving arena of cybercrime, Business Email Compromise has shown a knack for both sophistication and profitability, much to the chagrin of organizations worldwide. With an average attack costing a cool $80,000 and accounting for nearly half of all cybercrime losses in 2020, it's clear that BEC scammers have mastered the art of deception. The fact that the average amount requested in these attacks has increased by 35% within just a year serves as a stark reminder that adaptability is key in defending against such insidious threats. Indeed, with over half of organizations falling victim to financial losses due to BEC attacks and each incident resulting in a hefty $75,000 dent in the pocket, it seems that staying one step ahead of these cyber con artists is no small feat.

Industry Targets

  • The healthcare industry is the most targeted sector for BEC attacks
  • The real estate sector saw a 480% increase in BEC attacks from 2016 to 2019
  • The manufacturing industry experienced a 156% increase in BEC attacks in 2020
  • The education sector saw a 75% increase in BEC attacks in 2020
  • The financial services industry experienced a 130% increase in BEC attacks in 2020
  • BEC attacks targeting the energy sector increased by 93% in 2020
  • BEC attacks targeting the healthcare sector increased by 300% during the COVID-19 pandemic
  • BEC attacks targeting non-profit organizations increased by 75% in 2020

Interpretation

In a world where cybercriminals have diversified their portfolio faster than most of us can change our passwords, the stats on Business Email Compromise attacks read like a thriller screenplay. The healthcare industry, apparently a favorite haunt of these virtual bandits, must feel like the damsel in distress with a target painted on her back. Meanwhile, the real estate sector's 480% surge in attacks is a plot twist that even Hollywood screenwriters would find hard to believe. With the manufacturing, education, financial services, and energy sectors all experiencing their own action-packed increases in BEC attacks, it seems like cybercriminals are playing in every field except, well, cybersecurity. And let's not forget the non-profit organizations, who seem to have unwittingly become the underdog heroes in this cyber saga. As for the healthcare sector's 300% increase during the pandemic, it's safe to say that these cyber attackers are no strangers to kicking someone when they're down. It's a jungle out there, folks. And it looks like BEC attacks are the new wild predators on the hunt.

References