BEC
We've curated 37 cybersecurity statistics about BEC to help you understand how business email compromise tactics are becoming increasingly sophisticated in 2025, targeting organizations through deceptive emails that trick employees into revealing confidential information.
Showing 1-20 of 37 results
Billing account update requests have a 26.5% compromise rate.
Vendor email compromise accounts for 61% of all business email compromise attacks.
33% of all business email compromise in higher education is lateral.
Routine invoice inquiries have a compromise rate of less than 1%.
Confirmed business email compromise (BEC) losses range from $140,000 to $1.5 million, compared to an average of roughly $40,000 in early 2025.
10% of intrusions investigated involved Business Email Compromise (BEC), with actors targeting banking details for wire and deposit fraud.
Diversion tactics (fraudulent invoices, fake payroll requests) accounted for 18% of BEC incidents in Q4 2025.
Impersonation made up 82% of all BEC incidents in Q4 2025.
In Q4 2025, CEOs and senior executives accounted for 50% of impersonation-based BEC emails and 41% of total BEC incidents.
In Q4 2025, Business Email Compromise accounted for 51% of all email fraud cases.
31% of leaders at financial services firms say they are unprepared to recover effectively from a Business Email Compromise.
53% of healthcare organizations believe their organizations are vulnerable or highly vulnerable to a BEC/spoofing/impersonation incident.
In 2022, 64% of respondents from healthcare organizations said their organizations were very or highly vulnerable to BEC/spoofing/impersonation attacks.
52% of healthcare organizations were vulnerable or highly vulnerable to a BEC/spoofing/impersonation incident in 2024.
56% of organizations noted preparedness for business email compromise.
Swedish and Norwegian targets comprise a combined 19% of BEC targets.
A significant portion of BEC targets are Danish, at 38%.
The strategic use of Danish language in BEC scams is 11.9%.
After CEOs and executives, the remaining BEC impersonation efforts are aimed at directors and managers (9%), HR personnel (4%), IT staff (3%), and school heads (2%).
Swedish language use in BEC scams is 3.8%.