Earlier this year, the FBI released its latest report on online criminal activity. The annual Internet Crime Complaint Center (IC3) Report documents internet-facilitated criminal activity reported to government law enforcement. The report is often a good gauge for new cyber crime trends, and can be helpful illustrating how risks change over the years.
Back in 2019, we highlighted the IC3 Report’s key findings and their impact on businesses. A lot has happened since then. More than 800,000 complaints were submitted last year, with business losses alone estimated at $2.7 billion. In this article, we look at what’s changed and how businesses can better protect themselves from current cyber crime trends.
IC3 Data Shows Rising Costs, Complaints and Losses
In the new IC3 report, the number of cyber attack complaints received is high and the cost of illegal internet scams are up. In the last five years, the IC3 has fielded more than 3.2 million complaints.
- 2018—351,937 complaints received
- 2019—467,361 complaints received
- 2020—791,790 complaints received
- 2021—847,376 complaints received
- 2022—800,944 complaints received
When we last looked at the report in 2019, the IC3 office had handled just 1.7 million complaints in the previous five years (an 88% difference). Annual complaints are also 71% higher today.
According to the new report, losses suffered by victims of cyber crime also continue to rise exponentially. Over the last five years, the figure has topped $27 billion.
- 2018 losses totaled $2.7 billion
- 2019 losses totaled $3.5 billion
- 2020 losses totaled $4.2 billion
- 2021 losses totaled $6.9 billion
- 2022 losses totaled $10.3 billion
In the old report, losses from 2015 through 2019 totaled just $10.2 billion, while 2022 losses alone topped $10.3 billion. Annual cost increases of cyber crime now range from 20% to as much as 40%.
Business Email Compromise Scams Are Evolving
For organizations, business email compromise (BEC) scams continue to be one of the greatest threats posed by cyber criminals. According to the IC3 report, businesses reported more than 21,000 BEC scam cyber incidents, with losses of more than $2.7 billion.
BEC scams target businesses or individuals performing a transfer of funds facilitated via business email communications. In the past, the scam’s attack methods often involved:
- Compromised personal email accounts
- Compromised vendor email accounts
- Spoofed lawyer email accounts
- Requests for W-2 information
- Diversion of payroll funds
However, the scams now increasingly employ spoofed phone numbers. Reports have included statements from victims claiming a known phone number of a title company, realtor, lawyer or bank appearing in an email was redirected to a fraudster’s phone number. Whether for payroll, benefits, vendor invoices or business transactions, the purpose is to convince the victim to redirect funds to a fraudulent account where they can be stolen.
Ransomware Targeting Critical Infrastructure
Ransomware was another key area impacting businesses. The IC3 reports it received 2,345 complaints involving ransomware in 2022, with total adjusted losses of $34.3 million. Of these attacks, 870 were directed at organizations designated as belonging to a critical infrastructure sector.
Of the 14 affected sectors:
- Healthcare and public health suffered 210 ransomware attacks
- Critical manufacturing suffered 157 ransomware attacks
- Government facilities suffered 115 ransomware attacks
- Information technology suffered 107 ransomware attacks
- Financial services suffered 88 ransomware attacks
- Commercial facilities suffered 58 ransomware attacks
- Food and agriculture suffered 48 ransomware attacks
- Transportation suffered 32 ransomware attacks
- Communications suffered 17 ransomware attacks
- Energy suffered 15 ransomware attacks
- Chemical suffered 9 ransomware attacks
- Emergency services suffered 9 ransomware attacks
- Water and wastewater systems suffered 3 ransomware attacks
- Defense industrial base suffered 1 ransomware attack
Only the nuclear and dams critical infrastructure sectors reported no ransomware attacks last year.
Cyber Attack Risks Can Vary
While BEC and ransomware cyber attacks present a risk for direct losses for businesses and organizations, these attacks represent only a couple categories of crime. The data does not include the cost to businesses of thousands of other varieties of attacks, such as phishing, non-payment, non-delivery, data breach and more. The data is also limited to only those attacks reported to the FBI.
Indirect costs of a cyber attack can also be substantial, and may include:
- Loss of income
- Litigation expenses
- Regulatory fines and penalties
- Privacy breach notification expenses
A separate report finds the impact to a small business can be significant, with the average cyber attack now costing over $1 million.
Cyber Liability Insurance Protects Your Business
Each year, the threat of a cyber attack increases, but you can protect your business with coverage from CyberLock Defense. With Cyber Liability Insurance from CyberLock Defense, you receive broad coverage protection, flexible limits with no policy sublimits and access to your full policy limits. Protection extends to protect you from regulatory proceeding costs, voluntary notification expenses, business interruption, data restoration, public relations costs, IT forensics and legal expenses.
Lockton Affinity developed CyberLock Defense to protect you against cyber risks. With increasing BEC scams, ransomware and other threats, the type of Cyber Liability coverage you choose for your business matters.
Discover more benefits of Cyber Liability for your business today.