← All toolsRisk estimate
BEC Exposure Calculator
Estimate your organization's annual Business Email Compromise exposure. Methodology sourced from FBI IC3, Verizon DBIR, and Coalition annual reports.
$
Fill in all three fields above to see your estimate.
Order-of-magnitude estimate. Monitor DMARC alignment to close the spoofed-sender attack vector.
See plans →Frequently asked questions
What is Business Email Compromise (BEC)?
BEC is a fraud scheme where attackers impersonate a trusted sender — a vendor, executive, or colleague — to trick someone into wiring money or diverting a payment. It is distinct from phishing: the goal is financial transfer, not credential theft. The FBI IC3 reported $2.77 billion in BEC losses in 2024.
What is the average BEC loss per incident?
The FBI IC3 2024 report implies an average of approximately $129,000 per reported incident ($2.77B across 21,442 complaints). Coalition's 2024 Cyber Claims Report puts the insured-firm average at $35,000, with financial transfer fraud averaging $106,000. The wide range reflects differences in sample and methodology.
Does DMARC prevent BEC attacks?
DMARC at p=reject blocks spoofed-sender attacks where an attacker forges your exact domain in the From: header. It does not block attacks using lookalike domains (e.g., dmarcdri.ft.com) or attacks from a legitimately compromised account. The FBI estimates DMARC enforcement eliminates the attack vector used in the majority of BEC incidents.
How often do businesses get targeted by BEC?
Coalition's 2024 Cyber Claims Report found approximately 0.44% of insured businesses experienced a BEC claim in any given year. Frequency scales with company size and industry — financial services firms in the $25M–$100M revenue band saw a 390% increase in BEC frequency between 2023 and 2024.