chat
expand_more

10 Must-Know Email Attack Stats for Cybersecurity Awareness Month

Stay secure by staying informed during the 20th anniversary of Cybersecurity Awareness Month. Explore 10 eye-opening statistics about advanced email attacks.
October 2, 2023

With new cyber threats emerging almost daily, being proactive is crucial—as is keeping up-to-date on email attack trends. Staying informed helps make your organization less vulnerable to attacks that can have costly consequences.

This is why Cybersecurity Awareness Month is so important.

This year marks the 20th annual Cybersecurity Awareness Month. Established in 2004 by the National Cybersecurity Alliance and the Department of Homeland Security, October is dedicated to raising awareness about the importance of cybersecurity. And there’s plenty for organizations to be aware of.

Here are 10 email attack statistics to keep in mind this October.

Business Email Compromise Attacks Increased 55% Year-over-Year

By impersonating trusted sources, business email compromise (BEC) attacks deceive employees into completing fraudulent financial requests or sharing sensitive information with threat actors.

Between 2022 and 2023, the number of sophisticated BEC emails rose by 55%. This is especially concerning since BEC is already one of the most financially devastating threats to organizations. From 2013 to 2022, the FBI Internet Crime Complaint Center (IC3) identified $51 billion in exposed losses due to BEC.

Further, organizations with more than 5,000 mailboxes face a 90% chance of receiving at least one BEC attack each week.

74% of All Data Breaches Involve the Human Element

Threat actors are always looking for opportunities to exploit vulnerabilities in an organization’s security. Unfortunately, the weakest link in an enterprise’s cybersecurity chain is often employees, and, as a result, 74% of all breaches involve the human element.

Human error, privilege misconfigurations, and weak sign-in credentials all provide incursion points for attackers. Threat actors also leverage social engineering as part of their attacks, preying on the natural human tendency to obey authority to convince targets to engage with malicious emails.

15% of Employees Respond to BEC Attacks

From July to December 2022, text-based BEC attacks had a median open rate of nearly 28%. Even more concerning? Of the malicious emails that were read, an average of 15% received replies from employees.

Cybercriminals strive for engagement from their targets. What the figures underscore is how important it is for security teams to not only provide proactive and ongoing security awareness training but also implement tools to prevent emails from being delivered in the first place.

48% of Organizations Have Received One VEC Attack This Year

By co-opting the goodwill shared between organizations and their vendors, cybercriminals can use spoofed email accounts (or legitimate compromised email accounts) to deceive contacts into paying bogus invoices or updating payment details. These attacks, known as vendor email compromise or VEC, can be especially expensive.

The average VEC attack transfer request is usually less than $150,000. However, some attacks can request significant sums—like a $36 million VEC attack detected and stopped by Abnormal.

Between January and June of 2023, nearly half of all organizations received at least one VEC attack. Advertising and marketing agencies are particularly susceptible to VEC attacks, with 77% being targeted by a VEC attack in this same period.

AI-Powered Phishing Attacks Have Increased by 47%

Generative AI has sparked new concerns regarding cybersecurity. Grammatical errors, misspellings, and inappropriate tone have long been telltale signs of cyber scams. However, the wide availability of generative AI tools (including ChatGPT and its more nefarious cousins, WormGPT and FraudGPT), is helping the bad guys produce more convincing emails. This makes for more devastating social engineering and phishing attacks.

Cybercriminals seem to be early adopters of generative AI, with a 47% surge in phishing attacks leveraging AI in the last year. Additionally, a whopping 91% of cybersecurity professionals report experiencing AI-powered cyberattacks.

Adapting for Today, Tomorrow, and Beyond

It’s been 20 years since the inaugural Cybersecurity Awareness Month, and in that time, organizations have made significant strides to improve training and upgrade defenses. But that doesn’t mean the bad guys haven’t evolved too.

With BEC and VEC attacks on the rise and the opportunity for threat actors to improve the quality of their social engineering tactics with generative AI, it is vital that organizations prioritize more robust forms of education and cybersecurity technology. Examples include training to identify potential AI-generated messages, review best practices regarding sensitive information, and explore what steps to take before initiating a financial transfer.

Of course, it’s better to stop malicious emails before they reach employees in the first place. That’s where Abnormal comes in. Abnormal’s behavioral AI-based security platform stops sophisticated inbound email attacks and dangerous email platform attacks that evade traditional solutions. This includes BEC, VEC, malware, and even phishing and social engineering emails written by generative AI.


For valuable information and tools that can help you maximize the impact of Cybersecurity Awareness Month in your organization, download our resource kit.

Get the Kit

And to see how you can take your email security to the next level and keep your end users safe all year long, schedule a demo of Abnormal.

Schedule a Demo
10 Must-Know Email Attack Stats for Cybersecurity Awareness Month

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B AISOC
Discover how AI is transforming security operation centers by reducing noise, enhancing clarity, and empowering analysts with enriched data for faster threat detection and response.
Read More
B Microsoft Blog
Explore the latest cybersecurity insights from Microsoft’s 2024 Digital Defense Report. Discover next-gen security strategies, AI-driven defenses, and critical approaches to counter evolving threats and safeguard your organization.
Read More
B Osterman Blog
Explore five key insights from Osterman Research on how AI-driven tools are revolutionizing defensive cybersecurity by enhancing threat detection, boosting security team efficiency, and countering sophisticated cyberattacks.
Read More
B AI Native Vendors
Explore how AI-native security like Abnormal fights back against AI-powered cyberattacks, protecting your organization from human-targeted threats.
Read More
B 2024 ISC2 Cybersecurity Workforce Study Recap
Explore key findings from the 2024 ISC2 Cybersecurity Workforce Study and find out how SOC teams can adapt and thrive amidst modern challenges.
Read More
B Reg AI
There are ways to protect the public from the potential dangers of AI without stifling innovation—and the Europeans have already shown us how.
Read More