chat
expand_more

10 Must-Know Email Attack Stats for Cybersecurity Awareness Month

Stay secure by staying informed during the 20th anniversary of Cybersecurity Awareness Month. Explore 10 eye-opening statistics about advanced email attacks.
October 2, 2023

With new cyber threats emerging almost daily, being proactive is crucial—as is keeping up-to-date on email attack trends. Staying informed helps make your organization less vulnerable to attacks that can have costly consequences.

This is why Cybersecurity Awareness Month is so important.

This year marks the 20th annual Cybersecurity Awareness Month. Established in 2004 by the National Cybersecurity Alliance and the Department of Homeland Security, October is dedicated to raising awareness about the importance of cybersecurity. And there’s plenty for organizations to be aware of.

Here are 10 email attack statistics to keep in mind this October.

Business Email Compromise Attacks Increased 55% Year-over-Year

By impersonating trusted sources, business email compromise (BEC) attacks deceive employees into completing fraudulent financial requests or sharing sensitive information with threat actors.

Between 2022 and 2023, the number of sophisticated BEC emails rose by 55%. This is especially concerning since BEC is already one of the most financially devastating threats to organizations. From 2013 to 2022, the FBI Internet Crime Complaint Center (IC3) identified $51 billion in exposed losses due to BEC.

Further, organizations with more than 5,000 mailboxes face a 90% chance of receiving at least one BEC attack each week.

74% of All Data Breaches Involve the Human Element

Threat actors are always looking for opportunities to exploit vulnerabilities in an organization’s security. Unfortunately, the weakest link in an enterprise’s cybersecurity chain is often employees, and, as a result, 74% of all breaches involve the human element.

Human error, privilege misconfigurations, and weak sign-in credentials all provide incursion points for attackers. Threat actors also leverage social engineering as part of their attacks, preying on the natural human tendency to obey authority to convince targets to engage with malicious emails.

15% of Employees Respond to BEC Attacks

From July to December 2022, text-based BEC attacks had a median open rate of nearly 28%. Even more concerning? Of the malicious emails that were read, an average of 15% received replies from employees.

Cybercriminals strive for engagement from their targets. What the figures underscore is how important it is for security teams to not only provide proactive and ongoing security awareness training but also implement tools to prevent emails from being delivered in the first place.

48% of Organizations Have Received One VEC Attack This Year

By co-opting the goodwill shared between organizations and their vendors, cybercriminals can use spoofed email accounts (or legitimate compromised email accounts) to deceive contacts into paying bogus invoices or updating payment details. These attacks, known as vendor email compromise or VEC, can be especially expensive.

The average VEC attack transfer request is usually less than $150,000. However, some attacks can request significant sums—like a $36 million VEC attack detected and stopped by Abnormal.

Between January and June of 2023, nearly half of all organizations received at least one VEC attack. Advertising and marketing agencies are particularly susceptible to VEC attacks, with 77% being targeted by a VEC attack in this same period.

AI-Powered Phishing Attacks Have Increased by 47%

Generative AI has sparked new concerns regarding cybersecurity. Grammatical errors, misspellings, and inappropriate tone have long been telltale signs of cyber scams. However, the wide availability of generative AI tools (including ChatGPT and its more nefarious cousins, WormGPT and FraudGPT), is helping the bad guys produce more convincing emails. This makes for more devastating social engineering and phishing attacks.

Cybercriminals seem to be early adopters of generative AI, with a 47% surge in phishing attacks leveraging AI in the last year. Additionally, a whopping 91% of cybersecurity professionals report experiencing AI-powered cyberattacks.

Adapting for Today, Tomorrow, and Beyond

It’s been 20 years since the inaugural Cybersecurity Awareness Month, and in that time, organizations have made significant strides to improve training and upgrade defenses. But that doesn’t mean the bad guys haven’t evolved too.

With BEC and VEC attacks on the rise and the opportunity for threat actors to improve the quality of their social engineering tactics with generative AI, it is vital that organizations prioritize more robust forms of education and cybersecurity technology. Examples include training to identify potential AI-generated messages, review best practices regarding sensitive information, and explore what steps to take before initiating a financial transfer.

Of course, it’s better to stop malicious emails before they reach employees in the first place. That’s where Abnormal comes in. Abnormal’s behavioral AI-based security platform stops sophisticated inbound email attacks and dangerous email platform attacks that evade traditional solutions. This includes BEC, VEC, malware, and even phishing and social engineering emails written by generative AI.


For valuable information and tools that can help you maximize the impact of Cybersecurity Awareness Month in your organization, download our resource kit.

Get the Kit

And to see how you can take your email security to the next level and keep your end users safe all year long, schedule a demo of Abnormal.

Schedule a Demo
10 Must-Know Email Attack Stats for Cybersecurity Awareness Month

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Offensive AI 12 16 24
Learn how AI is used in cybersecurity, what defensive AI vs. offensive AI means, and how to use defensive AI to combat offensive AI.
Read More
B Proofpoint Customer Story Blog 7
See how Abnormal's AI helped a Fortune 500 insurance provider detect 27,847 threats missed by Proofpoint and save 6,600+ hours in employee productivity.
Read More
B Cyberattack Forecast Emerging Threats Blog
Uncover the latest email threats and strategies to strengthen your cybersecurity and prepare for 2025.
Read More
B How Phishing Kits Work Blog
Learn how phishing kits provide pre-packaged tools for stealing credentials, bypassing MFA, and targeting platforms like Gmail and Microsoft 365.
Read More
ABN Innovate Blog 1 L1 R1
Join Abnormal Security for a one-day virtual conference featuring the best insights from cybersecurity experts and AI leaders.
Read More
B Partners2024
Discover how strategic investments, global collaboration, and cutting-edge initiatives have empowered our partners to thrive and set the stage for even greater success in 2025.
Read More