chat
expand_more

10 Must-Know Email Attack Stats for Cybersecurity Awareness Month

Stay secure by staying informed during the 20th anniversary of Cybersecurity Awareness Month. Explore 10 eye-opening statistics about advanced email attacks.
October 2, 2023

With new cyber threats emerging almost daily, being proactive is crucial—as is keeping up-to-date on email attack trends. Staying informed helps make your organization less vulnerable to attacks that can have costly consequences.

This is why Cybersecurity Awareness Month is so important.

This year marks the 20th annual Cybersecurity Awareness Month. Established in 2004 by the National Cybersecurity Alliance and the Department of Homeland Security, October is dedicated to raising awareness about the importance of cybersecurity. And there’s plenty for organizations to be aware of.

Here are 10 email attack statistics to keep in mind this October.

Business Email Compromise Attacks Increased 55% Year-over-Year

By impersonating trusted sources, business email compromise (BEC) attacks deceive employees into completing fraudulent financial requests or sharing sensitive information with threat actors.

Between 2022 and 2023, the number of sophisticated BEC emails rose by 55%. This is especially concerning since BEC is already one of the most financially devastating threats to organizations. From 2013 to 2022, the FBI Internet Crime Complaint Center (IC3) identified $51 billion in exposed losses due to BEC.

Further, organizations with more than 5,000 mailboxes face a 90% chance of receiving at least one BEC attack each week.

74% of All Data Breaches Involve the Human Element

Threat actors are always looking for opportunities to exploit vulnerabilities in an organization’s security. Unfortunately, the weakest link in an enterprise’s cybersecurity chain is often employees, and, as a result, 74% of all breaches involve the human element.

Human error, privilege misconfigurations, and weak sign-in credentials all provide incursion points for attackers. Threat actors also leverage social engineering as part of their attacks, preying on the natural human tendency to obey authority to convince targets to engage with malicious emails.

15% of Employees Respond to BEC Attacks

From July to December 2022, text-based BEC attacks had a median open rate of nearly 28%. Even more concerning? Of the malicious emails that were read, an average of 15% received replies from employees.

Cybercriminals strive for engagement from their targets. What the figures underscore is how important it is for security teams to not only provide proactive and ongoing security awareness training but also implement tools to prevent emails from being delivered in the first place.

48% of Organizations Have Received One VEC Attack This Year

By co-opting the goodwill shared between organizations and their vendors, cybercriminals can use spoofed email accounts (or legitimate compromised email accounts) to deceive contacts into paying bogus invoices or updating payment details. These attacks, known as vendor email compromise or VEC, can be especially expensive.

The average VEC attack transfer request is usually less than $150,000. However, some attacks can request significant sums—like a $36 million VEC attack detected and stopped by Abnormal.

Between January and June of 2023, nearly half of all organizations received at least one VEC attack. Advertising and marketing agencies are particularly susceptible to VEC attacks, with 77% being targeted by a VEC attack in this same period.

AI-Powered Phishing Attacks Have Increased by 47%

Generative AI has sparked new concerns regarding cybersecurity. Grammatical errors, misspellings, and inappropriate tone have long been telltale signs of cyber scams. However, the wide availability of generative AI tools (including ChatGPT and its more nefarious cousins, WormGPT and FraudGPT), is helping the bad guys produce more convincing emails. This makes for more devastating social engineering and phishing attacks.

Cybercriminals seem to be early adopters of generative AI, with a 47% surge in phishing attacks leveraging AI in the last year. Additionally, a whopping 91% of cybersecurity professionals report experiencing AI-powered cyberattacks.

Adapting for Today, Tomorrow, and Beyond

It’s been 20 years since the inaugural Cybersecurity Awareness Month, and in that time, organizations have made significant strides to improve training and upgrade defenses. But that doesn’t mean the bad guys haven’t evolved too.

With BEC and VEC attacks on the rise and the opportunity for threat actors to improve the quality of their social engineering tactics with generative AI, it is vital that organizations prioritize more robust forms of education and cybersecurity technology. Examples include training to identify potential AI-generated messages, review best practices regarding sensitive information, and explore what steps to take before initiating a financial transfer.

Of course, it’s better to stop malicious emails before they reach employees in the first place. That’s where Abnormal comes in. Abnormal’s behavioral AI-based security platform stops sophisticated inbound email attacks and dangerous email platform attacks that evade traditional solutions. This includes BEC, VEC, malware, and even phishing and social engineering emails written by generative AI.


For valuable information and tools that can help you maximize the impact of Cybersecurity Awareness Month in your organization, download our resource kit.

Get the Kit

And to see how you can take your email security to the next level and keep your end users safe all year long, schedule a demo of Abnormal.

Schedule a Demo
10 Must-Know Email Attack Stats for Cybersecurity Awareness Month

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B SOC Prod
Learn how AI-driven automation boosts SOC productivity by reducing false positives, addressing skills gaps, and enhancing threat detection. Discover strategies to future-proof your SOC and strengthen cybersecurity defenses.
Read More
B Proofpoint Customer Story F500 Insurance Provider
A Fortune 500 insurance provider blocked 6,454 missed attacks and saved 341 SOC hours per month by adding Abnormal to address gaps left by Proofpoint.
Read More
B Malicious AI Platforms Blog
What happened to WormGPT? Discover how AI tools like WormGPT changed cybercrime, why they vanished, and what cybercriminals are using now.
Read More
B MKT748 Open Graph Images for Cyber Savvy 7
Explore insights from Brian Markham, CISO at EAB, as he discusses cybersecurity challenges, building trust in education, adapting to AI threats, and his goals for the future. Learn how he and his team are working to make education smarter while prioritizing data security.
Read More
B Manufacturing Industry Attack Trends Blog
New data shows a surge in advanced email attacks on manufacturing organizations. Explore our research on this alarming trend.
Read More
B Dropbox Open Enrollment Attack Blog
Discover how Dropbox was exploited in a sophisticated phishing attack that leveraged AiTM tactics to steal credentials during the open enrollment period.
Read More