10 Essential Business Email Compromise Statistics

August 06, 2021
business email compromise statistics represented by a transparent image of US dollars stacked over an invoice in shades of blue and purple.

Get To Know Today’s Most Expensive Cyberattack in 10 Business Email Compromise Statistics

You may think that the most damaging phishing-related risk that your organization faces is ransomware. Although it rightfully soaks up a lot of ink in the media, it’s never been number one. That honor goes to business email compromise (BEC). For the third consecutive year, BEC schemes were the costliest cybercrime reported to The Federal Bureau of Investigation’s Internet Crime Complaint Center (FBI IC3) at an eye-popping 19,369 complaints with an adjusted loss of approximately $1.8 billion. These 10 business email compromise statistics demonstrate the danger hidden within the rising tide of business email compromise risk.  

BEC is a building block in many other complex cybercriminal schemes. The Verizon Data Breach Investigations Report 2021 slotted BEC into its number 2 spot for data breach risks and showcased the rapid rise of brand impersonation, a related cybercrime that exploded in 2020, especially through social media, clocking in whopping 15 times higher than it did the year before. Spoofing is a common component of cybercrimes that include BEC and a handy way for cybercriminals to trick your employees or your business associates into taking their bait, especially through whaling attacks. BEC is also a frequent guest star in a supply chain or third-party attack.

See how to avoid cybercriminal sharks in Phishing 101. DOWNLOAD IT>>

Busines Email Compromise is a Nasty Foe

Ready to see the danger for yourself? These 10 business email compromise statistics tell the tale of woe that many businesses face illustrating the danger that your business could face from this devastating attack. As we reported in our annual publication The State of Email Security, just like all cybercrime, BEC attacks also enjoyed a solid boost of 14% in 2020.  Profit will undoubtedly keep driving this category forward – bad actors enjoyed payouts in 2020 that were 30% larger than the previous year.  

10 Statistics that You Need to See About Business Email Compromise

  1. Business email compromise rose by 14% overall in 2020 and up to 80% in some sectors 
  1. Experts estimate that 65% of organizations faced BEC attacks in 2020 
  1.  BEC costs increased rapidly in just one quarter last year, from $54,000 in Q1 2020 to $80,183 in Q2 
  1. The energy and infrastructure sector topped the 2020 list with 93% of BEC attacks 
  1.   In a recent study, one-fifth of the surveyed employees fell for phishing tricks and interacted with spurious emails
  1.  Spoofing, a frequent technique in BEC, ballooned by more than 220% in 2020.
  1. An estimated 62% of BEC scams involve the cybercriminal asking for gift cards, cash app transfers or money cards. 
  1. The most common type of BEC scam is invoice or payment fraud 
  1. BEC offshoots like billing scams skyrocketed by 155%, in 2020 
  1. The average amount requested in wire transfer based BEC attacks nearly doubled in 2020 from $48,000 in the third quarter to $75,000 in the fourth quarter 

Learn how to add to your security team without adding to your headcount. FREE EBOOK>>

BEC is More Expensive than Ransomware

Surprised? Ransomware gets all the press, but the undercover attack that will really clean a company’s clock and its bank account is business email compromise. The US Federal Bureau of Investigation (FBI) IC3 Internet Crime Report that was released just a short time ago gives some sense of the scale of the business email compromise crisis. The star of the show is the record 69% increase in reported cybercrime in 2020, a massive jump that confirms the extraordinary cybercrime risks that every company has to contend with. BEC schemes led the pack by a solid margin and continued to be the costliest cybercrime reported to IC3 as it has been in prior years, clocking in hot with 19,369 complaints that produced an adjusted loss of approximately $1.8 billion.

BEC Threats Aren’t Slowing Down

The story doesn’t end there. BEC is the nightmare that just keeps on rolling for any company unfortunate enough to fall prey to it. Beyond the financial damage that it does to your business upfront, BEC can also have far-reaching consequences. It can seriously impact your relationships with other businesses and your reputation. The complexity of mitigating and recovering from an incident like BEC is one of the reasons why 60% of companies that are hit successfully by a cyberattack go out of business, many within a year. 

BEC is a threat that draws a great deal of its power from social engineering. One of the most compelling factors that cybercriminals exploit to drive their social engineering schemes is uncertainty. So the 2020 pandemic scramble including training failures and remote work complications created the ideal conditions for social engineering to flourish because all of that chaos made employees easy dupes for cybercriminals. 

Staging and succeeding in a BEC attack is definitely not a novice cybercrime operation. Gangs that specialize in BEC threats are almost always experts at crafting sophisticated phishing attacks. That makes BEC threats especially challenging for the average employee to sniff out. An estimated 34% of respondents in a survey about cybersecurity disasters blamed their company’s phishing woes in the last year on a lack of employee understanding of what to look for to sniff out today’s sophisticated phishing threats.  

What’s next in phishing? Find out in the 2021 State of Email Security Report! GET IT NOW>>

Why Automated Security Beats Business Email Compromise 

Graphus reliably defends your business from cybersecurity risks like phishing 24/7/365. This powerful automated guardian is easy to set up and gathers its own threat intelligence, eliminating the need for human staffers to add threat reports or tinker with settings. Powered by an AI that never stops learning, Graphus learns your communication patterns to tailor your protection perfectly, defending your business from trouble by putting three strong shields between you and the bad guys. 

  • TrustGraph uses more than 50 separate data points to analyze incoming messages completely before allowing them to pass into employee inboxes. TrustGraph also learns from each analysis it completes, adding that information to its knowledge base to continually refine your protection and keep learning without human intervention. 
  • EmployeeShield adds a bright, noticeable box to messages that could be dangerous, notifying staffers of unexpected communications that may be undesirable and empowering staffers to report that message with one click for administrator inspection. 
  • Phish911 enables employees to instantly report any suspicious message that they receive. When an employee reports a problem, the email in question isn’t just removed from that employee’s inbox — it is removed from everyone’s inbox and automatically quarantined for administrator review. 

Don’t keep throwing bad money after good to prop up old-fashioned manual security solutions. Discover the benefits of affordable AI-powered smart automation for your business. Schedule a demo of Graphus today. 

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus