Close this search box.

Top Cyber Threat: BEC Attacks Overtake Ransomware in 2022


BEC Emerged as the Top Cyber Threat to Organisations in 2022 

A new report from Secureworks has revealed a worrying trend in the cybersecurity landscape – the number of Business Email Compromise (BEC) attacks doubled in 2022, surpassing ransomware as the most common cyber threat to organisations.  

Phishing and Vulnerability Exploits: Key Factors Driving the Growth of BEC Attacks 

The growth in BEC attacks can be attributed to a surge in phishing campaigns, which accounted for 33% of incidents where the initial access vector (IAV) could be established, a near three-fold increase compared to 2021. Additionally, cybercriminals are exploiting vulnerabilities in internet-facing systems, which represented a third of incidents where IAV could be established. 

The report also notes that BEC attacks require little to no technical skills, but they can be highly profitable. Attackers can phish multiple organisations simultaneously without needing to employ advanced skills or operate complicated affiliate models. 

The Decline of Ransomware and the Rise of State-Sponsored Activity 

The report also revealed a decline in ransomware incidents by 57%, while highlighting that it remains a “core” threat. The reduction could be due to a change in tactics or a decrease in the level of the threat following increased law enforcement activity around high-profile attacks. 

However, the report also suggests that gangs may be targeting smaller organisations that are less likely to engage with incident responders, meaning they would fall outside the scope of the report. Furthermore, the report found that hostile state-sponsored activity increased to 9% in 2022, up from 6% in 2021, with 90% of the incidents attributed to threat actors affiliated with China. 

Key Thoughts 

According to Secureworks, their data shows that successful cyber attacks are often traced back to less sophisticated methods, despite the prevalence of discussions around advanced AI-driven threats in the security landscape. In fact, they characterised the current situation as being “more Chad in IT” than ChatGPT.  

Although the report from Secureworks focuses on data from US organisations, the findings have implications for businesses and individuals around the world, including Australia. As cyber threats continue to become more sophisticated and interconnected, the risks faced by organisations in one country can quickly spread to others.  

The sharp increase in BEC attacks serves as a sobering reminder that threat actors are constantly evolving their tactics and exploiting new vulnerabilities. Although the reduction in ransomware incidents is a positive sign, it is still a serious threat that must not be overlooked.

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235


Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →



Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution



A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →