Skip to main content
Top Button
FBI Data Shows Cyber-Crime Reports Escalating as Online Fraud Accelerates FBI Data Shows Cyber-Crime Reports Escalating as Online Fraud Accelerates

FBI Data Shows Cyber-Crime Reports Escalating as Online Fraud Accelerates

The number, as well as the severity, of hacks and cyber-crimes has continued to increase, according to an annual FBI collection of data from reported and investigated incidents. The FBI’s Internet Crime Complaint Center (IC3) recently released its annual report with statistics and information on internet-facilitated criminal activity reported through IC3.[i] We consider the numbers themselves as less important than the trend lines, which are quite worrying. The data broadly reinforces the serious financial impact online criminals are exacting on companies and the urgent need for more effective cybersecurity measures for small and mid-sized firms, in particular through training and risk assessments.
 
From 2015 to 2019, internet scams and crimes reported to the FBI increased by three times from $1.1 billion to $3.5 billon—other estimates of total cyber-crime put these figures many magnitudes greater.
 
The FBI’s statistics broadly mirror our own experience in working with many clients. Business Email Compromise / Email Compromise Attacks (BEC/ECA) represent more than half the reported incidents, and this trend is accelerating. The attacks take many forms, from masquerading as a CEO with a fraudulent request for W-2 tax documents to targeting real estate transactions to make off with escrowed fund transfers. In 2019, there was an uptick in the number of payroll scams, in which employee salary direct deposits are redirected to the hacker’s accounts. The FBI’s report notes that when an incident is reported quickly, the FBI, working with the company, may be able to recover funds within a short time span. In 2019, the FBI was able to reach a 79 percent recovery rate for reported incidents (but most are not reported).
 
Ransomware is another cyber-crime epidemic cited in the FBI report. The FBI received over two thousand complaints with losses close to $9 million. While these numbers are up from past years, this represents a tiny sliver of total ransomware attacks. Based on our experience, these numbers do not capture the majority of business losses due to interruption and lost business or, in some cases, complete loss of data and systems.
 
The FBI data, which may be skewed in part by single incidents of high magnitude and by how familiar law enforcement is with the reporting process, points to California as having the largest number of victims, followed by Texas, Florida, New York, Virginia, Pennsylvania, Illinois, Washington, Maryland, and Indiana in the next tier. 
 
The risk of damaging cyber-crimes—BEC and ransomware to name a few—can be mitigated in large part through an intelligent assessment of a company’s risk profile and tailoring basic measures, including financial controls, to prevent social engineering attacks in which employees are fooled into making mistakes. We strongly recommend undertaking such steps and pairing these with comprehensive employee training to prevent attacks.
 
Our Data Security and Privacy Team has extensive experience counseling clients in creating preventative cyber-security programs, as well as incident response after a security incident occurs. For additional information, please contact Guillermo Christensen, Rachel Spiker, or another member of our Data Security and Privacy Team. Guillermo, a former CIA intelligence officer and a diplomat with the U.S. Department of State, is a partner in Ice Miller’s Data Security and Privacy Group. Rachel is an associate in Ice Miller’s Data Security and Privacy Group.

This publication is intended for general information purposes only and does not and is not intended to constitute legal advice. The reader should consult with legal counsel to determine how laws or decisions discussed herein apply to the reader’s specific circumstances.
 
[i] The FBI IC3’s 2019 Internet Crime Report can be accessed via the following link https://pdf.ic3.gov/2019_IC3Report.pdf
View Full Site View Mobile Optimized