New data from the FBI’s Internet Crime Complaint Center (IC3) shows a massive increase in the cost of internet crimes, with phishing and BEC topping the list.

The IC3’s recently-released annual Internet Crime Report gives us a broad picture of what kinds of cybercrimes are being perpetrated across the U.S. every year. This year saw increases in the number of reported cases – 847,376 (a 7% increase), and the amount of losses hitting nearly $7 billion!

From the case data, the IC3 helps us focus in on two specific concerns for businesses. First, is phishing/social engineering scams; the 323,972 cases made up 38% of all reported cases in 2021 and represent a 34% increase in case counts. The second is Business Email Compromise, which was responsible for nearly $2.4 billion in losses, but only slightly less than 20,000 cases. This equates to an average loss of $120,000 per case.

Ransomware cases were notably low on the spectrum – with only 3,729 cases and $49.2 million in losses. With ransomware being considered the number of cyber threat today, I’m guessing the IC3 simply isn’t being contacted in most cases. Even so, the healthcare sector dominated the list of victims by industry, with financial services, information technology, and manufacturing following in the list.

Phishing, BEC, and Ransomware are serious cybercrimes with even more serious repercussions. All tie back to the use of social engineering tactics to fool victims. Security Awareness Training is key in stopping these kinds of attacks at the common juncture point – when threat actors require corporate users to act in order for the attack to continue. Those users that take the training are more apt to spot an attack and stop it in its tracks.