The annual report from the FBI’s Internet Crime Complaint Center (IC3) suggests that cybercrime rose sharply in 2020, in terms of both quantity and cost.
A total of 791,000 complaints were logged by the IC3 last year – this is a notable increase from the 463,000 total complaints raised in 2019.
The victims suffered $4.2bn in damages in 2020, up from $3.5bn in 2019.
Last year, two key themes were prevalent in enterprise cyber security:
- Phishing leveraging COVID-19 topics, targeting both organisations and individuals.
- An increase in the total cost of email account compromise (EAC) and business email compromise (BEC) scams.
Crane Hassold from Agari, an email security vendor, has highlighted the damage caused by BEC.
When the loss from BEC is compared to the loss stemming from ransomware, it is 64 times the size.
In other words, ransomware, as debilitating as it is, comes nowhere close in terms of the impact it has on businesses.
The FBI placed both BEC and AEC into the same category of crime.
It is the only type of cybercrime that costs in excess of $1bn.
Ransomware, for example, costs just $29m in comparison.
The report also shows that the average cost of individual scams has gone up.
According to Hassold, the malicious actors who used to be involved in BEC scams in early 2020 have moved to COVID-19 and unemployment-related fraud due to it being more profitable.
At the same time, Hassold anticipates that these scammers will move back to the BEC sphere as COVID-19 becomes less profitable.
The reason is that until 2020, the number of BEC incident reports received by the FBI was an upward trend.
2020 saw a rise in reported attacks, a 20% increase from 2019.
However, due to underreporting, the numbers may be even bigger.