While any business can be targeted, certain industries and company types face higher risk.
According to the UK Government's Economic Crime Survey 2024, fake invoice fraud was most prevalent among:
Information and Communications - 19% experienced invoice fraud (vs 11% overall)
Utilities and Production - 18%
Administration businesses - 15%
70% weekly probability of at least one BEC attack attempt
42% of fraud cases in small businesses were caused by lack of controls (vs 25% in larger organisations)
Small businesses lose an average of 5% of annual revenue to fraud
Nearly half don't recover fully from fraud incidents
Process enough payments to be worth targeting
Often lack enterprise-grade security tools
May have limited internal anti-fraud controls
Trust supplier relationships and may not verify every change
Businesses using cloud accounting software like Xero (typically 50-5,000 employees) are prime targets because:
Bank details are stored digitally and can be changed remotely
Multiple users may have access to update supplier records
Changes may not require multi-person approval by default
Payment redirection fraud is a global problem affecting:
Australia - $91.6 million in losses (2023)
United Kingdom - 26% of fraud cases are billing/invoice related
United States - BEC accounts for 73% of cyber incidents
Ireland - 26% increase in fraudulent payments
Data from UK Economic Crime Survey 2024, ACFE, FBI IC3, and ACCC Scamwatch.
