Business Email Compromise (BEC) accounted for 21% of successful cyber attacks, surpassing ransomware at 16%.

31% of leaders at financial services firms say they are unprepared to recover effectively from a Business Email Compromise.

In 2022, 64% of respondents from healthcare organizations said their organizations were very or highly vulnerable to BEC/spoofing/impersonation attacks.

52% of healthcare organizations were vulnerable or highly vulnerable to a BEC/spoofing/impersonation incident in 2024.

53% of healthcare organizations believe their organizations are vulnerable or highly vulnerable to a BEC/spoofing/impersonation incident.

56% of organizations noted preparedness for business email compromise.

Swedish and Norwegian targets comprise a combined 19% of BEC targets.

For Business Email Compromise (BEC) attacks, English-speaking executives remain the most targeted at 42%.

A significant portion of BEC targets are Danish, at 38%.

Swedish language use in BEC scams is 3.8%.

Norwegian language use in BEC scams is 1.5%.

After CEOs and executives, the remaining BEC impersonation efforts are aimed at directors and managers (9%), HR personnel (4%), IT staff (3%), and school heads (2%).

The strategic use of Danish language in BEC scams is 11.9%.

Impersonation is the most common technique in BEC scams, with 82% of attempts targeting CEOs and executives.

Non-Business Email Compromise (BEC) incidents rose by 214%.

Conversely, EMEA organisations show the highest reporting rate for BEC, at 4.22%

Repeat engagement with VEC in EMEA is the highest of any region, over twice that of BEC.

Email-based BEC attacks surged 70% year-over-year.

The majority of 2024 cyber insurance claims (60%) originated from business email compromise (BEC) and funds transfer fraud (FTF) incidents.

29% of BEC events resulted in funds transfer fraud in 2024.