BEC Volumes and Ransomware Costs Double in a Year

Written by

The number of recorded business email compromise (BEC) attacks doubled over the past year, with the threat comprising nearly 60% of social engineering incidents studied by Verizon for its 2023 Data Breach Investigations Report.

The much-anticipated annual report was this year based on analysis of 16,312 security incidents and 5199 breaches over the past year.

The category of “pretexting,” or BEC, is now more common than phishing in social engineering incidents, although the latter is still more prevalent in breaches, the report noted. The median amount stolen in pretexting attacks now stands at $50,000.

Read more on BEC: BEC Attacks Surge 81% in 2022

The success of these social engineering tactics is also a big reason why the human element is now present in 74% of breaches, according to the report.

Chris Novak, managing director of cybersecurity consulting at Verizon Business, argued that senior leadership is especially exposed to social engineering.

“Not only do they possess an organization’s most sensitive information, they are often among the least protected, as many organizations make security protocol exceptions for them,” he added.

“With the growth and increasing sophistication of social engineering, organizations must enhance the protection of their senior leadership now to avoid expensive system intrusions.”

Elsewhere, Verizon revealed that ransomware is a factor in a quarter (24%) of breaches, only a slight increase on last year’s report. However, median cost per incident doubled from last year to this, with 95% of ransomware incidents that experienced a loss costing between $1m and $2.25m.

Email, desktop sharing software and web applications remain the top vectors for ransomware attacks, while stolen credentials (49%), phishing (12%) and exploiting vulnerabilities (5%) are the main ways threat actors gain entry into organizations.

Regarding the latter, the Log4j bug had an immediate and major impact on the threat landscape, with a third (32%) of vulnerability scanning for the utility occurring in the first 30 days after it was made public.

Verizon argued that this highlights the speed with which threat actors can now move from proof of concept to mass exploitation.

The vast majority of attacks (97%) over the past year were motivated by financial gain rather than espionage, Verizon said.

Editorial image credit: JHVEPhoto /

What’s hot on Infosecurity Magazine?