Abnormal AI Report Highlights Employee Vulnerability to Vendor Email Compromise

Abnormal AI has released a new threat intelligence report titled "Read, Replied, Compromised: Employee Engagement Trends Across VEC Attacks," announced in a press release. The report, based on data from over 1,400 organizations globally, uncovers that employees in large enterprises engage with malicious vendor emails 72% of the time after reading them.

The report highlights that attackers have attempted to steal more than $300 million through vendor email compromise (VEC) in just 12 months. Despite the high engagement rates, the overall reporting rate for these advanced email threats remains low at 1.46%, indicating a significant visibility gap for security teams.

The telecommunications industry showed the highest VEC engagement rate at 71.3%, followed by the energy/utilities sector at 56%. Sales roles, particularly entry-level positions, were identified as the most vulnerable, with junior sales staff engaging with VEC attacks at a rate of 86%.

Abnormal AI emphasizes the need for organizations to adopt proactive defenses to block threats before they reach employees' inboxes, as traditional defenses often fail to detect these sophisticated, socially-engineered attacks. The report underscores the importance of moving beyond reactive training to prevent costly human errors.