When I sat down to write my first blog post of the new year, I wanted to come up with some fresh perspectives for a ‘year in review’ type piece. And candidly, I wanted it to be positive.
However, after reviewing our Security Incident Response data for the past year, and staring at the screen for half an hour desperately wanting to highlight how better businesses have become at protecting themselves, I realized that was an impossible task. The reason is fairly straightforward and is based on two simple factors; criminals are continuously improving their attack tools and techniques via AI & automated malicious software enhancements, and our government is doing absolutely nothing to stop it or actively defend us.
Yep, it’s that simple. Criminals are continuously getting better and richer without any concern for enforcement or retaliation – it’s a risk/reward formula that is extremely compelling if you are a criminal.
For the period 2019 through 2023 (we don’t have 2024 yet, but I know it will be bigger than last year), the FBI received reports of losses of $37 billion dollars to cyber-crime. That figure is ONLY reported losses (we know that figure is actually much higher as many victims do not report their losses to the FBI). Along with that figure, we have almost no reporting for overseas cyber-criminal arrests and convictions. Why is that? Because there are almost none.
So, what’s my positive update for 2025 for our clients who are concerned about ransom and wire fraud attacks? You must be even more vigilant in 2025 than you were in 2024. If your firm received a report with cybersecurity recommendations – please make you review and implement them. A report with security recommendations that collects dust on a shelf does not stop criminals. I’ve seen that one many times and the outcome is always the same (and not good). Relatedly, make sure your cash management policy is updated to explicitly address AI-driven wire fraud via Business Email Compromise (BEC) (leveraging caller ID spoofing and/or deep fake authentication). If you don’t know EXACTLY what I’m referring to – get in touch with me immediately.
Lastly, pressure needs to be put on our elected representatives at the Department of Homeland Security to do something about this epidemic of crime in which over $37 billion is going to overseas criminals.
These criminals, by the way, are often connected to international terrorism. That’s a LOT of money that could be used to significantly hurt America and Americans. Shockingly, at present, there is no law or congressional line-item funding to mandate any federal agency to help you or take proactive actions on your behalf due to a cyber-attack. Nothing. Basically, you must hope and pray that out of all the claims resulting in over $37 billion in losses, your loss is going to get attention. The odds that your hopes and prayers will be answered are extremely low.
This must change or my 2026 report will be the same…
Michael Brice
President
BW Cyber, LLC
