Skip to main content
HomeTopicsBEC

BEC

We've curated 37 cybersecurity statistics about BEC to help you understand how business email compromise tactics are becoming increasingly sophisticated in 2025, targeting organizations through deceptive emails that trick employees into revealing confidential information.

Showing 1-20 of 37 results

Billing account update requests have a 26.5% compromise rate.

Abnormal AI5/27/2026
Billing FraudFinancial Fraud

Vendor email compromise accounts for 61% of all business email compromise attacks.

Abnormal AI5/27/2026
Vendor Email CompromiseEmail Security

33% of all business email compromise in higher education is lateral.

Abnormal AI5/27/2026
Higher EducationInternal Threats

Routine invoice inquiries have a compromise rate of less than 1%.

Abnormal AI5/27/2026
Invoice FraudFinancial Fraud

Confirmed business email compromise (BEC) losses range from $140,000 to $1.5 million, compared to an average of roughly $40,000 in early 2025.

Guardz5/27/2026
SMBFinancial Losses

10% of intrusions investigated involved Business Email Compromise (BEC), with actors targeting banking details for wire and deposit fraud.

Google Cloud5/27/2026

Diversion tactics (fraudulent invoices, fake payroll requests) accounted for 18% of BEC incidents in Q4 2025.

VIPRE Security Group2/9/2026
Business Email CompromiseFraud

Impersonation made up 82% of all BEC incidents in Q4 2025.

VIPRE Security Group2/9/2026
ImpersonationBusiness Email Compromise

In Q4 2025, CEOs and senior executives accounted for 50% of impersonation-based BEC emails and 41% of total BEC incidents.

VIPRE Security Group2/9/2026
Executive TargetingImpersonation

In Q4 2025, Business Email Compromise accounted for 51% of all email fraud cases.

VIPRE Security Group2/9/2026
Business Email CompromiseEmail Fraud

31% of leaders at financial services firms say they are unprepared to recover effectively from a Business Email Compromise.

Omega Systems10/15/2025
Financial services Recovery

53% of healthcare organizations believe their organizations are vulnerable or highly vulnerable to a BEC/spoofing/impersonation incident.

Proofpoint10/8/2025
HealthcareSpoofing

In 2022, 64% of respondents from healthcare organizations said their organizations were very or highly vulnerable to BEC/spoofing/impersonation attacks.

Proofpoint10/8/2025
HealthcareSpoofing

52% of healthcare organizations were vulnerable or highly vulnerable to a BEC/spoofing/impersonation incident in 2024.

Proofpoint10/8/2025
HealthcareSpoofing

56% of organizations noted preparedness for business email compromise.

LevelBlue8/27/2025

Swedish and Norwegian targets comprise a combined 19% of BEC targets.

VIPRE8/4/2025
EmailPhishing

A significant portion of BEC targets are Danish, at 38%.

VIPRE8/4/2025
EmailPhishing

The strategic use of Danish language in BEC scams is 11.9%.

VIPRE8/4/2025
EmailPhishing

After CEOs and executives, the remaining BEC impersonation efforts are aimed at directors and managers (9%), HR personnel (4%), IT staff (3%), and school heads (2%).

VIPRE8/4/2025
EmailPhishing

Swedish language use in BEC scams is 3.8%.

VIPRE8/4/2025
EmailPhishing