Commissioned by IRONSCALES

Published March 2023

Executive Summary

In our research last year on the business cost of phishing, commissioned by IRONSCALES, we found that IT and security teams spent an average of 27.5 minutes dealing with a single phishing email. In this research, also commissioned by IRONSCALES, we dug deeper into business email compromise (BEC), an extremely costly type of phishing attack. We found that organizations see BEC as twice the problem of phishing in general, and among large organizations, concern with BEC attacks will increase by 43.3% over the next 12 months. Many organizations are over-reliant on technologies with questionable efficacy at addressing the threat of BEC attacks. Confidence in the ability of executives and employees to detect BEC attacks remains low, and new channels are being used as precursors to BEC attacks—increasing the risk footprint. Organizations must re-examine their anti-BEC approach, re-balance their technology strategy, and leverage better signals on BEC threats to target training at the most frequently attacked people and groups.