The latest FBI Internet Crime Complaint Center report doesn’t just confirm that cybercrime is growing. It shows that it is scaling, systemically, structurally, and predictably. For partners, this is not a distant trend. It is a direct signal that the operating model for cyber risk has changed.
According to the report, more than 1 million complaints were filed in 2025, with total reported losses exceeding $20.8 billion, a 26% increase year on year. That scale matters. Because at this volume, cybercrime is no longer an exception to manage. It is an expected condition of operating any business.
The shift from attacks to systems
One of the most important takeaways from the report is not just the size of the losses, but the structure behind them. Cyber-enabled fraud now accounts for 85% of total losses, driven by scalable, repeatable techniques that exploit trust, not technical weaknesses.
Phishing and spoofing remain among the highest-volume attack types, with over 190,000 complaints recorded, reinforcing that email continues to be the primary delivery mechanism for cybercrime.
For partners, this reinforces a critical point: Cyber risk is no longer defined by isolated incidents. It is defined by the consistency and repeatability of attack patterns.
Why Business Email Compromise remains the most dangerous threat
While phishing dominates in volume, Business Email Compromise (BEC) continues to drive a disproportionate financial impact. The report attributes over $3 billion in losses to BEC alone, often from single transactions involving significant sums.
What makes BEC particularly challenging is not its sophistication, but its alignment with business processes:
- Payment approvals
- Supplier changes
- Executive requests
- Finance workflows
These are not edge cases. They are everyday operations, which means detection alone is not enough. By the time a BEC attack is identified, the transaction has often already occurred.
For partners, this reframes the conversation with clients: The risk is not just malicious emails. It is legitimate-looking decisions made under pressure.
The economics of cybercrime have changed
The IC3 data highlights another structural shift, cybercrime is becoming more efficient.
Investment fraud alone accounted for over $8.6 billion in losses, the largest category by value. At the same time, AI is increasingly being referenced as a factor in cybercrime activity, lowering the barrier to creating convincing, targeted attacks.
This aligns with broader industry findings, where the time required to generate a phishing email has collapsed from hours to minutes.
For attackers, this means:
- Higher volume
- Greater personalisation
- Lower cost per attack
For defenders, it means:
- More alerts
- More noise
- More reliance on human decision-making
And that is where the real risk now sits.
The human layer is the control point
Across all categories in the report, one theme is consistent. Cybercrime succeeds when a person takes an action. Whether it is:
- Clicking a link
- Approving a payment
- Entering credentials
Once that action is taken, systems behave exactly as designed. This is why the report’s findings matter so much for partners. Because it highlights a growing gap: Organisations are investing in tools, but still relying on people to make perfect decisions at scale. And at the current volume of attacks, that is not a sustainable control.
What this means for partners
For MSPs and resellers, the IC3 report is not just a summary of threats. It's a roadmap for where customers are most exposed.
Three implications stand out:
1. Email remains the primary risk surface
Despite broader investments in security, email continues to be the entry point for the majority of attacks.
2. Speed matters more than detection
Once a user engages with a threat, response becomes recovery. Prevention must happen earlier.
3. Reducing decision burden is critical
The most effective security strategies are not asking users to be more vigilant. They are reducing the number of risky decisions users need to make.
The opportunity for partners
For partners, this shift creates both risk and opportunity. Clients are increasingly aware of cyber risk, but often lack clarity on where to focus.
The IC3 report provides a clear answer:
- Focus on email
- Focus on timing
- Focus on reducing exposure before action is required
Solutions that operate to enhance Microsoft 365 environments, identifying and stopping threats before users engage, are becoming essential, not optional. Because in a high-volume, high-speed threat environment, the difference between prevention and response is measured in seconds.
Final thought
The most important insight from the 2025 IC3 report is this: Cybercrime is no longer defined by how attackers break systems. It is defined by how effectively they replicate trust.
And in modern organisations, trust moves through email. For partners, the question is no longer: “Are our clients protected?” It's: “How many risky emails are still reaching their people?”
Keeping Businesses Safe and Secure
Prevention is always better than a cure, and one of the best defences is to encourage businesses to proactively boost their company’s cyber resilience levels to avoid threats landing in inboxes in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for businesses to fortify.
No one vendor can stop all email threats, so it’s crucial to remind customers that if they are using Microsoft 365 or Google Workspace, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a specialist AI-powered email threat detection solution like MailGuard.
For a few dollars per staff member per month, businesses are protected by MailGuard's specialist, AI-powered zero-day email security. Special Ops for when speed matters! Our real-time zero-day, email threat detection amplifies your client’s intelligence, knowledge, security and defence.
MailGuard provides a range of solutions to keep businesses safe, from email filtering to email continuity and archiving solutions. Speak to your clients today to ensure they’re prepared and get in touch with our team to discuss fortifying your client’s cyber resilience.
Talk to us
MailGuard's partner blog is a forum to share information; we want it to be a dialogue. Reach out to us and tell us what your customers need so we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 2822
UK partners call 0 800 404 8993
