Business Email Compromise (BEC) is a rapidly growing threat that has been causing headaches for organizations of all sizes and across various industries. This insidious attack vector involves the impersonation of legitimate companies or top-level executives in order to trick employees into unwittingly divulging sensitive information, transferring funds, or committing other acts that lead to financial losses and reputational damage.

In this blog post, we will dive deep into the alarming world of BEC, presenting critical statistics that you must be aware of to better understand and mitigate the impact of these fraudulent schemes. Prepare to be informed and alarmed, but most importantly, equipped to protect your business from the ever-evolving menace of Business Email Compromise.

The Latest Business Email Compromise Statistics Unveiled

Business Email Compromise accounted for $1.8 billion in losses in 2020.

Undeniably, the staggering figure of $1.8 billion in losses due to Business Email Compromise (BEC) in 2020 conveys the alarming magnitude of this cybersecurity threat. Unraveling this hefty sum demonstrates the significance of understanding BEC’s pervasiveness and impact. As readers delve into the realm of BEC statistics, the colossal cost highlights how vulnerable businesses are to these highly deceptive schemes, making it imperative to strengthen safeguards, enhance employee awareness, and adopt robust security strategies.

Shedding light on this alarming figure, the blog unfolds vital insights for businesses, propelling them to prioritize the mitigation of BEC and ultimately safeguard their financial assets and reputations.

39% of organizations experienced a business email compromise attack in 2020.

In a world increasingly reliant on digital communication, the eye-opening revelation that 39% of organizations fell victim to a business email compromise attack in 2020 highlights the escalating gravity of cybersecurity threats. This chilling percentage, featured in a blog post on Business Email Compromise Statistics, serves as a clarion call for enterprises to implement robust defense mechanisms, emphasize employee training, and adopt preventative measures.

As the digital battleground continues to evolve, awareness and understanding of these alarming trends become indispensable in fortifying an organization’s email ecosystem against malicious infiltrators.

In 2019, the FBI reported that there were over 23,775 BEC incidents.

The staggering figure of 23,775 BEC incidents reported by the FBI in 2019 serves as a blaring alarm for businesses to take heed. This revelation, situated within a blog post on Business Email Compromise Statistics, not only emphasizes the menacing prevalence of BEC scams but also fortifies the need for increased vigilance. It hammers home the message that decision-makers and employees alike must be equipped with robust knowledge, skills, and precautions to shield their organizations from scammers lurking in the digital shadows, waiting to strike at the slightest opportunity.

There has been a 100% increase in identified BEC incidents in the past two years.

In the treacherous landscape of modern cybersecurity, the striking escalation of Business Email Compromise (BEC) incidents serves as a resounding wake-up call. With an alarming 100% surge in identified cases over a mere two-year span, this statistic highlights the urgent need for businesses and individuals to prioritize their defenses against this ever-evolving threat.

The exponential growth in BEC attacks is a testament to their effectiveness and pervasive nature, sending a firm message that now is the time to bolster our cybersecurity measures, stay vigilant, and fortify our digital fortresses against the relentless onslaught of BEC scammers.

51% of emails identified as BEC scams target the C-suite executives.

In the realm of Business Email Compromise (BEC) statistics, one cannot overlook the fact that C-suite executives stand directly in the epicenter of this cyber threat storm. With an astounding 51% of BEC scams targeting these high-ranking officials, it only emphasizes the urgency and gravity with which organizations must address this issue.

This notable figure sheds light on several key elements that are worth discussing in a blog post focusing on BEC statistics. Firstly, it highlights how cybercriminals are well-aware of the influence and decision-making power wielded by C-suite executives, which makes them highly coveted targets. By succeeding in infiltrating a top executive’s email account, the attackers can potentially access sensitive data and convince other employees to divulge crucial financial information, consequently causing significant losses for the organization.

Moreover, this statistic underscores the necessity for companies to prioritize cybersecurity awareness and training for their top-tier executives. Recognizing that a staggering 51% of BEC scams seek to exploit the C-suite, it becomes essential to ensure that these professionals have robust defenses to counter such threats.

Furthermore, noting that BEC scams mostly target high-level executives can inspire organizations to strengthen their overall security infrastructure. Cybercriminals targeting that very apex of the corporate hierarchy is a stark reminder of the need for defense-in-depth strategies that provide multi-layered protection against malicious attacks.

In conclusion, revealing that a majority of BEC scams prey on C-suite executives is a powerful wake-up call to those in key decision-making positions who might have previously underestimated the risk. A dynamic blog post on BEC statistics must emphasize this critical insight, fueling an impactful conversation and igniting a renewed sense of urgency to safeguard organizations from these pervasive cyber threats.

43% of businesses experienced phishing attacks related to payroll invoice scams in 2020.

Delving into the realm of Business Email Compromise (BEC) statistics, one cannot overlook the gripping revelation that, in 2020, a staggering 43% of businesses fell prey to deviously crafted phishing attacks linked with payroll invoice scams. This compelling data point not only echoes the urgency for enterprises worldwide to bolster their cybersecurity measures but also showcases how perpetrators are capitalizing on the vulnerabilities of unsuspecting organizations.

Within the tapestry of the ever-evolving BEC landscape, this statistic serves as a stark reminder to both present and future businesses that a unified front against cyber threats is paramount for safeguarding sensitive financial data and maintaining credibility in the digital realm.

BEC attacks increased by 155% between June 2020 and July 2021.

In the realm of Business Email Compromise (BEC), the astonishing growth of 155% in the frequency of attacks between June 2020 and July 2021 serves as a glaring alarm bell. As a harbinger of potential danger, this impressive spike demonstrates the critical importance of understanding and preparing for BEC in today’s digital age.

The vividness of this figure emphasizes that perpetrators are becoming increasingly cunning in their approaches, bringing with them financial consequences and reputational damage to businesses across the globe. With such a rapid increase, it is imperative that organizations take notice and implement appropriate safeguarding strategies to mitigate the risks associated with BEC attacks.

BEC scams targeting the real estate sector increased by 1,110% between 2015 and 2017.

In the rapidly evolving world of cybercrime, Business Email Compromise (BEC) has emerged as a sinister force, skillfully lurking in the shadows to prey upon unsuspecting organizations. One striking revelation that demands attention, especially in the realm of real estate, is the staggering 1,110% surge in BEC cases between 2015 and 2017. This jaw-dropping escalation not only serves as a clear red flag for real estate professionals but also paints a vivid picture of the increasingly perilous landscape they must navigate.

As the cybercriminals behind these meticulously crafted schemes sharpen their skills, the real estate sector is faced with a formidable adversary. The relentless 1,110% increase in BEC scams provides an alarming snapshot of the gravity of this ever-more brazen threat, illuminating the pressing need for enhanced vigilance, bolstered cybersecurity measures, and a unified front in battling the scourge of BEC fraud. To put it simply, the booming numbers from 2015 to 2017 underscore the high stakes, emphasizing the real estate realm’s vulnerability and leaving little doubt that the war against BEC scams is far from over.

A 2021 Google study found that BEC accounted for 42% of business organizations’ email security threats.

In the realm of business email compromise (BEC) statistics, the eye-opening finding from a recent 2021 Google study becomes a powerful indicator of the cybersecurity challenges faced by organizations today. Discovering that an astonishing 42% of email security threats impacting business organizations are due to BEC showcases the alarming prevalence of this type of cybercrime, as well as the grueling necessity to address and combat these virtual attacks.

By shining a spotlight on the gravity of BEC’s impact, this statistic emphasizes the crucial role that awareness and education around BEC play in fostering a cyber-secure business environment. Such a striking figure leaves no room for complacency, urging businesses of all sizes to prioritize their email security strategies, implement appropriate safeguards, and continuously train their workforce to recognize and fend off these increasingly sophisticated attacks.

Incorporating this statistic within a blog post on business email compromise not only serves as a wake-up call for organizations but also positions the topic at the epicenter of today’s cyber-threat landscape, providing valuable context for readers seeking to understand the magnitude of the problem and the urgency to address it.

94% of BEC attacks in Q4 2020 occurred on weekdays.

In the realm of Business Email Compromise (BEC) statistics, one striking revelation from Q4 2020 emerges like a guiding beacon to businesses worldwide: the formidable 94% of BEC attacks that transpired on weekdays. This eyebrow-raising statistic strategically highlights the predatory tendencies of cybercriminals who cunningly target these vulnerable working days to exploit unsuspecting employees engrossed in the hustle and bustle of daily operations.

By shedding light on this alarming trend, the blog post seeks to raise awareness among organizations and nudge them to adopt robust preventative measures in their BEC defense strategies, focusing their efforts on protecting their virtual fortresses during this five-day window of amplified risk. Moreover, informing readers about this statistic empowers them to mobilize their workforce and ingrain prudent email practices into the company culture, ultimately creating an impenetrable shield against the relentless siege of BEC attacks.

Malicious actors take an average of 12 days to engage with a target before launching a BEC attack.

In the realm of Business Email Compromise (BEC) attacks, time is a crucial element that plays an intriguing role in the modus operandi of malicious actors. When considering the striking average of 12 days taken by these cybercriminals to engage with a target before executing their BEC attack, one cannot help but reflect upon the cunning strategies employed. This striking figure sheds light on the patient approach taken by perpetrators, allowing them to analyze and plan their attacks meticulously while gaining the target’s trust.

Delving deeper into the blog post about Business Email Compromise Statistics, this sly 12-day interval showcases the critical need for businesses to be ever-vigilant during email communication. It emphasizes the significance of education and training for employees, making them aware of the lurking dangers in seemingly harmless email exchanges. This statistic is a stark reminder that cybercriminals are not only skillful in their techniques but also masters of deception, investing time and effort to increase the success rate of their attacks.

In essence, this tantalizing piece of data serves as an eye-opening revelation that strengthens the call for enhanced cybersecurity measures and employee awareness programs in the fight against Business Email Compromise.

BEC scammers primarily use free email services, accounting for 29% of incidents.

Delving into the world of Business Email Compromise (BEC) statistics, one particularly striking revelation underscores the cunning tactics employed by these fraudsters. Astonishingly, they rely heavily on free email services, which constitute 29% of all incidents, a figure worth pondering. This intriguing fact highlights the deceiving simplicity of the scammers’ approach and underscores the importance of even the most basic email security measures.

Therefore, this element of their strategy contributes significantly to the broader understanding of BEC scams, alerting businesses and individuals alike to safeguard themselves against seemingly innocuous, yet potentially devastating, email attacks.

Between 2013-2016, victims of BEC scams lost an average of $140,000.

In the realm of Business Email Compromise (BEC) statistics, one cannot overlook the staggering financial impact experienced by victims between 2013-2016, who found themselves at a loss of a whopping average of $140,000. Shedding light on this crucial figure, it amplifies the urgent need for businesses to recognize and address the potential threat BEC scams pose to their financial stability.

Furthermore, such a perplexing number serves as a clarion call for organizations to invest in robust security measures and cybersecurity education, empowering employees to stay vigilant against these fraudulent schemes. Ultimately, this insightful data point drives home the significance of safeguarding corporate assets and data to ensure the continuity of successful business operations in today’s technologically-driven world.

Nigerian scammers are responsible for over 50% of BEC incidents.

Delving deep into the world of Business Email Compromise (BEC) statistics, one cannot ignore the astounding revelation that Nigerian scammers hold the reins for over half of these incidents. This striking piece of data sheds light on a crucial aspect of the cyber-crime landscape and emphasizes the need for organizations to be even more vigilant in protecting themselves against such deceptive tactics.

With Nigeria as a dominant epicenter of BEC schemes, businesses worldwide must be well-prepared to recognize and counteract the ingenious stratagems employed by scammers hailing from this region. Understanding this statistic empowers organizations to allocate resources effectively for cyber defense and educate employees to identify potential scams originating from the Nigerian cyber-criminal realm.

By acknowledging the significant presence of Nigerian scammers in BEC crimes, this blog post furnishes its readers with invaluable insights for fortifying their cyber security posture and reinforcing their defense mechanisms against this very real and persistent threat.

The manufacturing sector is the most targeted industry, representing 27% of BEC attacks.

Undoubtedly, the alarming revelation that a lion’s share, constituting a whopping 27%, of Business Email Compromise (BEC) attacks menace the manufacturing sector, sheds light on the industry’s vulnerability. Diving into the treacherous world of cybercrime, this blog post offers a gripping insight into BEC statistics, unravelling how no industry remains impervious to these digital onslaughts. With manufacturing at the frontline of these invasions, businesses are urged to bolster their defenses and remain ever-vigilant in safeguarding their sensitive and valuable digital assets.

In 2020, the United States was the largest target of BEC attacks, accounting for 58% of total incidents.

In the vast landscape of cyber threats, Business Email Compromise (BEC) attacks continue to wreak havoc across the globe. A staggering revelation disclosed in a 2020 report underscores the vulnerability of the United States, emerging as the epicenter of this digital menace. With an eye-opening 58% of total incidents targeting the nation, the data paints a vivid picture of the imminent risks to businesses operating in the US.

Delving deeper into the world of BEC statistics via this blog post, one can better comprehend the magnitude and implications of these attacks, empowering businesses to fortify their defenses and safeguard their digital assets from relentless cybercriminals.

The average financial loss per BEC attack in 2020 was $24,439.

In the realm of Business Email Compromise (BEC) attacks, a critical figure to grasp is the staggering average financial loss per attack in 2020, which stood at an eye-opening $24,439. This alarming number not only reinforces the growing severity and potential devastation posed by these nefarious cyber operations, but it also serves as a potent wake-up call for businesses worldwide to fortify their cybersecurity measures and maintain constant vigilance.

By thoroughly understanding the weight of such figures, organizations can grasp the genuine financial impact and urgency in addressing this expanding threat landscape, ultimately setting the stage for more informed decisions, proactive safeguards, and a fortified security culture.

55% of BEC incident communications used invoice-related subject lines in 2020.

Delving into the realm of Business Email Compromise (BEC) statistics, a fascinating observation emerges: in 2020, invoice-related subject lines were the preferred choice in 55% of BEC incident communications. This intriguing piece of data plays a significant role in comprehending the tactics employed by cybercriminals to ensnare their unsuspecting victims.

This crafty strategy capitalizes on the widespread use of invoices in everyday business dealings. By employing invoice-related subject lines, cyber attackers can effectively lure victims into believing the email is legitimate, making it all the more crucial for organizations to be vigilant and educate employees about identifying such deceitful attempts.

In the broader context, this figure serves as a chilling reminder of the relentless evolution of cyber threats, bearing testimony to the necessity of continuous improvement of email security protocols and greater awareness of BEC trends. After all, knowledge is power, and staying informed about the latest statistics bolsters our ability to outsmart the nefarious intentions of cybercriminals lurking in the digital realm.

In the first half of 2020, 410,000 malicious URLs related to BEC attacks were detected.

Highlighting the staggering figure of 410,000 detected malicious URLs related to BEC attacks in merely the initial half of 2020 serves as a potent eye-opener for readers in a blog post about Business Email Compromise Statistics. This numerical revelation underscores the urgency to fortify digital fortresses and adopt robust cybersecurity measures as it exposes the alarming frequency of cybercriminal activities.

Additionally, it accentuates the ever-present threat lurking in business email inboxes, subsequently prompting organizations and individuals to stay vigilant and prioritize the safeguarding of their valuable digital assets.

About 60% of BEC attacks require a human response from the victim.

In the realm of Business Email Compromise (BEC), the intriguing fact that approximately 60% of these sinister attacks hinge on a human response from the unsuspecting victim highlights the pivotal role of human behavior in this digital battlefield. When crafting a blog post that delves into the vivid world of BEC statistics, this powerful figure serves as a compelling reminder that the fight against cybercriminals is not solely a technological challenge, but also an arduous quest to enhance awareness and bolster the digital resilience of every individual employee.

Shedding light on this percentage illuminates the importance of blending cutting-edge security tools with comprehensive staff education in order to create a robust, symbiotic defense against the ever-evolving BEC threat landscape.

In Q4 2020, 83% of BEC attacks spoofed a trusted partner rather than a co-worker.

Delving into the intricacies of Business Email Compromise (BEC) statistics, it’s critical to shed light on an alarming trend from Q4 2020: a staggering 83% of BEC attacks masqueraded as trusted partners instead of fellow employees. This statistic paints a vivid picture of the evolving tactics cybercriminals employ and highlights the urgency for organizations to reconsider their security measures.

By focusing on impersonating trusted partners, attackers aim to exploit a perceived sense of credibility, which could result in increased vulnerability for companies. Evaluating such data steers the conversation toward effective BEC prevention strategies, ultimately empowering businesses to recognize and counteract these malicious strategies.

70% of organizations targeted with BEC scams used multi-factor authentication to mitigate risk.

In the ever-evolving landscape of cybercrime, Business Email Compromise (BEC) scams continue to pose a significant threat to organizations worldwide. When weaving together a comprehensive narrative on BEC, one simply cannot overlook the compelling statistic that 70% of organizations targeted with these scams have employed multi-factor authentication as a crucial line of defense.

This powerful piece of data reinforces the necessity of adopting robust protective measures when safeguarding sensitive data and communications from nefarious actors. Multi-factor authentication acts as an essential security layer, effectively reducing the risk of compromised credentials and unauthorized access to company resources.

Within the broader context of BEC statistics, the prevalence of multi-factor authentication among targeted organizations serves as a testament to the effectiveness of this risk mitigation strategy. By illustrating its widespread adoption, readers are encouraged to follow suit, enhancing their security posture and fostering a safer digital environment for all.

In 2020, only 2% of BEC attacks involved the use of malware.

Highlighting the fact that a mere 2% of BEC attacks involved malware usage in 2020 unveils a significant aspect of these nefarious schemes. This striking data point emphasizes the importance of understanding that BEC attacks primarily exploit human vulnerabilities rather than relying extensively on malicious software.

Consequently, this revelation underscores the urgent need for businesses to focus on strengthening their human-centric cybersecurity measures, such as employee education and awareness, to effectively combat the ever-evolving tactics of cybercriminals targeting corporate communication channels.

31% of organizations increased their employee training on BEC scams in 2020.

Delving into the realm of Business Email Compromise (BEC) statistics, one cannot overlook the compelling fact that a noteworthy 31% of organizations elevated their employee training on BEC scams in 2020. This intriguing revelation highlights the escalating vigilance and proactive measures that businesses are adopting to fortify their defenses against these insidious cyber threats.

Furthermore, this percentage serves as an eye-opening reminder for other organizations to jump on the bandwagon and enhance their internal training programs, ultimately reducing their susceptibility to devastating BEC attacks and contributing to a safer business environment in the digital age.

The average attack loss trebled from $25,000 in 2015 to over $75,000 in 2019.

The staggering escalation in the average attack loss from a mere $25,000 in 2015 to a whopping $75,000 in 2019 serves as a stark red flag for businesses worldwide. This eye-opening revelation in the realm of Business Email Compromise Statistics highlights the heightened financial vulnerability faced by companies as a result of evolving cyber threats. In the grand scope of corporate finances, this exponential growth cannot be ignored, and serves as a catalyst for organizations to bolster their cybersecurity measures and safeguard their valuable data from the clutches of malicious actors.


In conclusion, Business Email Compromise (BEC) remains a significant and evolving threat to businesses across the globe. The statistics discussed in this blog post illustrate the magnitude of the problem, with millions of dollars lost annually and a continued rise in both sophistication and frequency of attacks. It is crucial for organizations to recognize the importance of cybersecurity measures, employee education, and vigilance in safeguarding their digital assets.

By staying informed about the latest BEC trends and employing necessary precautions, businesses can better protect themselves and reduce the risk of falling victim to this ever-growing cyber menace. Remember, a proactive approach to cybersecurity can save your organization from the potentially devastating effects of Business Email Compromise.


0. –

1. –

2. –

3. –

4. –

5. –

6. –

7. –

8. –

9. –

10. –

11. –

12. –

13. –

14. –

15. –