10 Must-Know Email Attack Stats for Cybersecurity Awareness Month

Stay secure by staying informed during the 20th anniversary of Cybersecurity Awareness Month. Explore 10 eye-opening statistics about advanced email attacks.
October 2, 2023

With new cyber threats emerging almost daily, being proactive is crucial—as is keeping up-to-date on email attack trends. Staying informed helps make your organization less vulnerable to attacks that can have costly consequences.

This is why Cybersecurity Awareness Month is so important.

This year marks the 20th annual Cybersecurity Awareness Month. Established in 2004 by the National Cybersecurity Alliance and the Department of Homeland Security, October is dedicated to raising awareness about the importance of cybersecurity. And there’s plenty for organizations to be aware of.

Here are 10 email attack statistics to keep in mind this October.

Business Email Compromise Attacks Increased 55% Year-over-Year

By impersonating trusted sources, business email compromise (BEC) attacks deceive employees into completing fraudulent financial requests or sharing sensitive information with threat actors.

Between 2022 and 2023, the number of sophisticated BEC emails rose by 55%. This is especially concerning since BEC is already one of the most financially devastating threats to organizations. From 2013 to 2022, the FBI Internet Crime Complaint Center (IC3) identified $51 billion in exposed losses due to BEC.

Further, organizations with more than 5,000 mailboxes face a 90% chance of receiving at least one BEC attack each week.

74% of All Data Breaches Involve the Human Element

Threat actors are always looking for opportunities to exploit vulnerabilities in an organization’s security. Unfortunately, the weakest link in an enterprise’s cybersecurity chain is often employees, and, as a result, 74% of all breaches involve the human element.

Human error, privilege misconfigurations, and weak sign-in credentials all provide incursion points for attackers. Threat actors also leverage social engineering as part of their attacks, preying on the natural human tendency to obey authority to convince targets to engage with malicious emails.

15% of Employees Respond to BEC Attacks

From July to December 2022, text-based BEC attacks had a median open rate of nearly 28%. Even more concerning? Of the malicious emails that were read, an average of 15% received replies from employees.

Cybercriminals strive for engagement from their targets. What the figures underscore is how important it is for security teams to not only provide proactive and ongoing security awareness training but also implement tools to prevent emails from being delivered in the first place.

48% of Organizations Have Received One VEC Attack This Year

By co-opting the goodwill shared between organizations and their vendors, cybercriminals can use spoofed email accounts (or legitimate compromised email accounts) to deceive contacts into paying bogus invoices or updating payment details. These attacks, known as vendor email compromise or VEC, can be especially expensive.

The average VEC attack transfer request is usually less than $150,000. However, some attacks can request significant sums—like a $36 million VEC attack detected and stopped by Abnormal.

Between January and June of 2023, nearly half of all organizations received at least one VEC attack. Advertising and marketing agencies are particularly susceptible to VEC attacks, with 77% being targeted by a VEC attack in this same period.

AI-Powered Phishing Attacks Have Increased by 47%

Generative AI has sparked new concerns regarding cybersecurity. Grammatical errors, misspellings, and inappropriate tone have long been telltale signs of cyber scams. However, the wide availability of generative AI tools (including ChatGPT and its more nefarious cousins, WormGPT and FraudGPT), is helping the bad guys produce more convincing emails. This makes for more devastating social engineering and phishing attacks.

Cybercriminals seem to be early adopters of generative AI, with a 47% surge in phishing attacks leveraging AI in the last year. Additionally, a whopping 91% of cybersecurity professionals report experiencing AI-powered cyberattacks.

Adapting for Today, Tomorrow, and Beyond

It’s been 20 years since the inaugural Cybersecurity Awareness Month, and in that time, organizations have made significant strides to improve training and upgrade defenses. But that doesn’t mean the bad guys haven’t evolved too.

With BEC and VEC attacks on the rise and the opportunity for threat actors to improve the quality of their social engineering tactics with generative AI, it is vital that organizations prioritize more robust forms of education and cybersecurity technology. Examples include training to identify potential AI-generated messages, review best practices regarding sensitive information, and explore what steps to take before initiating a financial transfer.

Of course, it’s better to stop malicious emails before they reach employees in the first place. That’s where Abnormal comes in. Abnormal’s behavioral AI-based security platform stops sophisticated inbound email attacks and dangerous email platform attacks that evade traditional solutions. This includes BEC, VEC, malware, and even phishing and social engineering emails written by generative AI.

For valuable information and tools that can help you maximize the impact of Cybersecurity Awareness Month in your organization, download our resource kit.

Get the Kit

And to see how you can take your email security to the next level and keep your end users safe all year long, schedule a demo of Abnormal.

Schedule a Demo
10 Must-Know Email Attack Stats for Cybersecurity Awareness Month

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

Integrates Insights Reporting 09 08 22

Related Posts

B Complex Case of Account Compromise Blog
Discover how Abnormal helped one organization detect the sophisticated tactics an attacker used to compromise an employee's email account.
Read More
B Cross Platform Account Takeover
Discover the dangers of cross-platform account takeover, the challenges of detecting this attack, and how to implement proactive protection against ATO.
Read More
B 5 17 24 Legal
Learn how cybercriminals use superficial disclaimers to deceive others while facilitating illegal activity on cybercrime forums.
Read More
B Cybersecurity Influencers Blog 2024
Stay up to date on the latest cybersecurity trends, industry news, and best practices by following these 15 innovative and influential thought leaders on social media.
Read More
B 5 13 24 Docusign
Cybercriminals are abusing Docusign by selling customizable phishing templates on cybercrime forums, allowing attackers to steal credentials for phishing and business email compromise (BEC) scams.
Read More
Abnormal employees honored as CRN 2024 Women of the Channel for their influential leadership in the tech industry.
Read More