Get To Know Today’s Most Expensive Cyberattack in 10 Business Email Compromise Statistics

You may think that your organization’s most damaging phishing risk is ransomware. Although it rightfully takes up a lot of ink in the media, it has yet to be number one. That honour would go to business email compromise (BEC). For the 3rd consecutive year, BEC schemes were the costliest cybercrime reported to The Federal Bureau of Investigation’s Internet Crime Complaint Center (FBI IC3) at an eye-popping 19,369 complaints with an adjusted loss of approximately $1.8 billion. These 10 business email compromise statistics demonstrate the danger hidden within the rising tide of business email compromise risk.

BEC is just a building block in many other complex cybercriminal schemes. The Verizon Data Breach Investigations Report 2022 slotted BEC into its number 2 spot for data breach risks and showcased the rapid rise of brand impersonation. This related cybercrime exploded in 2022, primarily through social networking, clocking in whopping 15 times greater than it did the entire year before. Spoofing is a standard part of cybercrimes that include BEC and a convenient way for cybercriminals to trick your employees or business associates into taking their bait, primarily through whaling attacks. BEC can also be a regular guest star in a supply chain or third-party episode.

Business Email Compromise is just a Nasty Foe.

Are you prepared to see the danger on your own? These 10 business email compromise statistics tell the tale of woe many businesses face, illustrating the threat your business could face from this devastating attack. As we reported in our annual publication, The State of Email Security, just like all cybercrime, BEC attacks also enjoyed a good boost of 14% in 2022. Profit will undoubtedly keep driving this category forward – bad actors wanted payouts in 2022 that have been 30% larger compared to the previous year.

10 Statistics that You Need to See About Business Email Compromise

• Business email compromise rose by 14% overall in 2022 and as much as 80% in a few sectors
• Experts estimate that 65% of organizations faced BEC attacks in 2022
• BEC costs increased rapidly in just one single quarter a year ago, from $54,000 in Q1 2022 to $80,183 in Q2
• The power and infrastructure sector topped the 2022 list with 93% of BEC attacks
• In a current study, one-fifth of the surveyed employees fell for phishing tricks and interacted with spurious emails
• Spoofing, a common technique in BEC, ballooned by significantly more than 220% in 2022.
• An estimated 62% of BEC scams involve cybercriminals seeking gift cards, cash app transfers or money cards.
• The most common type of BEC scam is invoice or payment fraud
• BEC offshoots, like billing scams, skyrocketed by 155% in 2022

The standard amount requested in wire transfer-based BEC attacks nearly doubled in 2022 from $48,000 in the 3rd quarter to $75,000 in the fourth quarter

BEC is More Expensive than Ransomware

Surprised? Ransomware gets most of the press. However, the undercover attack that’ll clean a company’s clock and bank account is a business email compromise. The US Federal Bureau of Investigation (FBI) IC3 Internet Crime Report released just a few days ago gives some sense of the scale of the business enterprise email compromise crisis. The star of the show is the record 69% escalation in reported cybercrime in 2022, a considerable jump confirming the extraordinary cybercrime risks each company has to contend with. BEC schemes led the pack by a solid margin. As it has been doing in prior years, they continued to be the costliest cybercrime reported to IC3, clocking in hot with 19,369 complaints that produced an adjusted loss of approximately $1.8 billion.

BEC Threats Aren’t Slowing Down

The story doesn’t end there. BEC is the nightmare that keeps rolling for any organization unfortunate enough to fall prey to it. Beyond the financial damage it does to your business upfront, BEC can also have far-reaching consequences. It may seriously impact your relationships with other businesses and your reputation. The complexity of mitigating and recovering from an incident like BEC is undoubtedly one of why 60% of companies which can be hit successfully by a cyberattack walk out of business, many in just a year.

BEC is a threat that draws much of its power from social engineering. Uncertainness is one of the most compelling factors that cybercriminals exploit to drive their social engineering schemes. And so the 2022 pandemic scramble, including training failures and remote work complications, created the best conditions for social engineering to flourish. This chaos made employees easy dupes for cybercriminals.

Staging and succeeding in a BEC attack is an ordinary cybercrime operation. Gangs that specialize in BEC threats are, more often than not, experts at crafting sophisticated phishing attacks. That makes BEC threats especially challenging for the typical employee to sniff out. An estimated 34% of respondents in a survey about cybersecurity disasters blamed their company’s phishing woes in the last year on a lack of employee knowledge of what to find to sniff out today’s sophisticated phishing threats.

Why Automated Security Beats Business Email Compromise

Graphic reliably defends your business from cybersecurity risks like phishing 24/7/365. This powerful automated guardian is straightforward to set up and gathers its threat intelligence, eliminating the necessity for human staffers to add threat reports or tinker with settings. Powered by an AI that never stops learning, Graphus learns your communication patterns to tailor your protection perfectly, defending your business from trouble by putting three strong shields between you and the bad guys.

TrustGraph uses over 50 data points to analyze incoming messages before allowing them to pass into employee inboxes. TrustGraph also learns from each analysis it completes, adding that information to its knowledge base to refine your protection and keep learning without human intervention continually.

EmployeeShield adds a bright, noticeable box to messages that may be dangerous, notifying staffers of unexpected communications that could be undesirable and empowering staffers to report that message with one click for administrator inspection.

Phish911 enables employees to report any suspicious message that they receive instantly. When an employee says a challenge, the email involved isn’t just taken from that employee’s inbox — it’s taken from everyone’s inbox and automatically quarantined for administrator review.

SEE OUR 3 SHIELDS EXPLAINED IN AN INFOGRAPHIC

Refrain from throwing bad money after good to prop up old-fashioned manual security solutions. Discover the benefits of affordable AI-powered intelligent automation for your business. Schedule a demo of the Graphic today.