A new report from the Identity Theft Research Center discusses which cybersecurity attacks will be most impactful next year as part of the ITRC’s 2021 predictions.

It’s a pivotal moment with an organization primarily focused on helping individuals with identity theft bothers to say that cybercriminals are less focused on making the consumer a victim and more interested in attacking organizations. When they say it, you should be listening.

And that’s exactly what was reported in this year’s ITRC 2021 predictions. According to the ITRC, cybercriminals are generating more revenue through ransomware attacks and business email compromise (BEC) via phishing schemes than they are via individual consumer scams or consumer behavior.

According to the report:

“Cybercriminals are focusing on cyberattacks that require logins and passwords to get access to corporate networks for ransomware or Business Email Compromise (BEC) scams. These attacks require less effort, are largely automated, the risk of getting caught is less, and the payouts are much higher than taking over an individuals’ account. The average ransomware payouts for all businesses have grown from less than $10,000 in Q3 2018 to more than $178,000 per event by the end of Q2 2020. Large enterprises are making average ransomware payments of over $1 million. BEC scams cost businesses more than $1.8 billion in 2019.”

And because a consumer-focused organization is saying this, it’s even more imperative that you take note and do something about it. The use of phishing is a constant in both BEC and ransomware scams. Teaching users not to engage with such malicious content via Security Awareness Training is a critical part of a strong security defense that stops attacks before they gain a foothold within your organization.