Close Menu

    Cyber Crime Statistics 2025: Costly Mistakes to Avoid

    SupriyaBy 16 Mins ReadNo Comments General
    Cyber Crime Statistics

    Introduction

    Cybercrime is escalating into a global risk that both businesses and governments can no longer ignore. Recent data show the financial and operational impact growing year over year, from ransomware demands to sophisticated phishing schemes. In the healthcare sector, cyber attacks have disrupted patient services and led to costly compliance fines; in manufacturing, supply‑chain hacks have halted production and rippled across continents.

    Editor’s Choice

    • Global cybercrime costs are projected to hit US$10.5 trillion annually by 2025.
    • The average cost of a data breach worldwide reached approximately US $4.88 million in 2024, a ~10 % increase from 2023.
    • 72 % of senior executives in surveyed organisations say cyber‑risks have increased in the past year.
    • Forecasts show cyber‑crime rising by about 15% annually leading up to 2025.
    • One report projects that by 2027, cyber‑crime costs could exceed US$23 trillion.
    • Losses from business email compromise (BEC) scams exceeded US $55 billion in over 300,000 incidents (Oct 2013, Dec 2023).
    • In the U.S., reported cyber‑crime losses in 2024 surpassed US$16 billion, marking a ~33 % increase year‑on‑year.

    Recent Developments

    • In the 2025 edition of the Global Cybersecurity Outlook, analysts point to increased cyber‑risk due to geopolitical tensions and interdependent digital ecosystems.
    • Organisations cite supply‑chain vulnerabilities as a major escalation vector in 2025.
    • Use of generative AI and synthetic‑media tools for phishing and impersonation is on the rise among criminal groups.
    • The number of reported complaints to the U.S. Federal Bureau of Investigation (IC3) climbed sharply, with low‑tech scams such as investment fraud and romance schemes driving increases.
    • Cyber‑insurance claims and premiums are rising rapidly as losses mount and business exposure increases.
    • Smaller organisations face disproportionate risk; SMBs (small‑ and medium-sized businesses) collectively lost an estimated US $4.3 billion in cyber incidents in 2025.
    • Inadequate resource allocation has created “cyber inequity”; organisations with limited defences are falling further behind.

    Global Cyber Crime Overview

    • Cybercrime will cost the world approximately US $10.5 trillion per year by 2025, up from much smaller figures in prior years.
    • The global cost growth rate is estimated at ~15 % annually leading into 2025.
    • The proportion of organisations reporting increased cyber‑risk (72 %) indicates a worsening global threat environment.
    • Multiple forecasts diverge; some mention potential costs of US $12 trillion by 2025.
    • Many incidents go unreported or undisclosed, meaning actual global volumes may be significantly higher.
    • Business downtime and productivity losses now contribute a major share of the economic burden beyond direct ransom or theft.
    • The global surface area of cyber‑attack (devices, IoT, cloud, supply‑chain) has expanded rapidly, increasing exposure across nations and industries.
    • Emerging economies are facing disproportionately rapid growth of cyber‑crime, as digitalisation outpaces cybersecurity maturity.

    Cost of Cyber Crime Worldwide

    • The average global cost of a data breach reached US$4.88 million in 2024.
    • In 2022, cyber‑crime’s cost to the global economy was estimated at around US $7 trillion, rising towards the 2025 forecasts.
    • Cyber‑crime damage costs are expected to climb from ~US $10.5 trillion in 2025 to potentially US $23 trillion by 2027.
    • For a single incident, business downtime due to an attack can average US$560,000 in 2025 in some sectors.
    • In the healthcare sector, breaches are expected to cost US$12.4 billion globally in 2025, the highest among sectors.
    • Over a 10‑year period (Oct 2013, Dec 2023), losses from BEC scams exceeded US $55 billion across 305,033 incidents.
    • Cyber‑insurance claims are rising by ~48 % in 2025, with premiums increasing roughly 33 % due to heightened risk.
    • Organisations in industrial sectors report average breach costs increasing by approximately US$830,000 year‑on‑year.
    Cost Of Cyber Crime 1

    Cyber Crime Trends and Growth

    • Global cybercrime damage costs are projected to reach US$10.5 trillion annually by 2025, up from much smaller figures in prior years.
    • The global cost growth rate is estimated at ~15 % annually leading into 2025.
    • More than 30,000 vulnerabilities were disclosed last year, a 17 % increase from prior figures, reflecting the steady rise in cyber risks.
    • Digital transformation and cloud adoption have broadened exposure, with endpoints and data flows becoming attractive attack targets.
    • The number of exploited zero‑day vulnerabilities has surged, underscoring the rising threat of proactive attacks.
    • Multichannel attacks—combining email, SMS, voice and web interface—are increasing rapidly, making detection more difficult.
    • Supply‑chain risk has emerged as a leading threat, with smaller vendors causing cascading breaches in 2024‑25.
    • Organisations reporting increased cyber‑risk rose to 72 % in a 2025 survey, marking an upward trend in threat perception.
    • Average cost of a data breach rose to US $4.88 million in recent years, underscoring the financial impact of growth in cybercrime.
    • Emerging economies are now experiencing faster growth in cybercrime rates as digitalisation outpaces cybersecurity maturity.

    Most Common Types of Cyber Crime

    • Phishing and spoofing top the complaint list to the U.S. Internet Crime Complaint Centre, followed by extortion and personal data breaches.
    • Ransomware becomes more targeted and destructive, often including a data‑exfiltration component rather than just encryption.
    • Malware‑based incidents account for a large share of “action on objective” attacks, combining ransomware, backdoors and web‑shells.
    • Business Email Compromise (BEC) remains a major vector, frequently ranking among the costliest cyber‑crime types.
    • Supply‑chain and third‑party‑vendor attacks are rising fast, turning peripheral players into central risk nodes.
    • Credential abuse and account takeover incidents are rapidly increasing, with credential leaks and social‑engineering leading the way.
    • Deepfakes‑ and AI‑powered attacks, including voice cloning and automated phishing, are becoming significant in volume.
    • Online fraud and financial theft mirror cyber‑crime trends: consumer scams, impersonation, gift‑card fraud and investment fraud dominate.
    • Cloud mis‑configurations and identity‑based attacks form a fast‑rising category as more workloads shift to cloud environments.
    • Smaller organisations face disproportionate risk: companies with fewer than 100 employees receive more than 350 % more social‑engineering attacks than larger enterprises.

    Cybercrime Predicted Losses: Sector-Wise Financial Impact

    • Total predicted losses: Estimated at ₹20,000 crore across all major sectors by 2025.
    • Banking & Financial Services will face the highest losses, projected at ₹8,200 crore, indicating the sector’s continued vulnerability to sophisticated cyberattacks.
    • Retail & E-commerce is expected to lose around ₹5,800 crore, reflecting growing threats from data breaches, phishing scams, and online payment frauds.
    • Government Services could incur losses of about ₹3,400 crore, largely due to data theft, ransomware attacks, and system breaches targeting public databases.
    • Other sectors collectively account for ₹2,600 crore in predicted losses, showing that no industry is immune to cybercrime risks.
    • The data underscores an urgent need for stronger cybersecurity frameworks, real-time threat monitoring, and awareness initiatives across industries.
    • Source: CloudSEK report, as cited by India Today.
    Cybercrime Predicted Losses
    Reference: India Today

    Ransomware Statistics

    • In the first quarter of 2025, the number of publicly listed ransomware victims hit 2,314, representing a 213 % increase from the 1,086 victims in Q1 2024.
    • About 76 % of organizations worldwide are projected to suffer at least one ransomware attack per year by 2025.
    • In the first six months of 2025, 50 % of ransomware incidents targeted critical sectors such as manufacturing, healthcare, energy, transportation and financial services.
    • On average, ransomware attacks now launch within 6.11 days after initial compromise in 77 % of cases.
    • Median ransom‑demand values have climbed; estimates for 2025 place average costs between US $5.5 million and US $6 million per incident.
    • A study found 63 % of organisations hit by ransomware attributed the root cause to exploited vulnerabilities.
    • In Q2 2025, there were 65 active ransomware groups, and for 1H 2025 the overall count reached 96 unique groups, up from 68 in 1H 2024.
    • Despite increased attacks, 27 % of organisations in 2024 reported not paying a ransom, and 25 % of that group said they recovered data anyway.
    • One tracking service logged 470 victims worldwide of disclosed ransomware incidents in April 2025 alone.

    Phishing and Social Engineering Attacks

    • In the first quarter of 2025, the Anti Phishing Working Group (APWG) observed 1,003,924 phishing attacks, the highest quarter on record.
    • Phishing attacks are estimated to account for 36 % of all data breaches in 2025.
    • Emails remain the dominant vector; 40 % of all email threats in 2025 were phishing‑based.
    • The volume of phishing emails has surged; some reports show an increase of 1,265 % driven by generative AI tools.
    • Business e‑mail compromise (BEC) scams in one year accounted for more than US $2.9 billion in losses.
    • Among simulation data, nearly one in five users clicked a phishing link; of those, 11 % admitted to clicking again even after a warning.
    • 92 % of organisations reported at least one business email compromise incident in the last year.
    • Spear‑phishing remains critical; up to 74 % of targeted attacks involve spear‑phishing tactics in 2025.
    Phishing Bec Attack

    Malware Attacks

    • In 2025, malware cases comprised 42 % of all “action on objective” incidents.
    • Of these malware cases, 28 % involved ransomware, 20 % backdoors and 13 % web‑shells.
    • Malware incident volume rose by approximately 30 % between 2023 and 2024.
    • Over 1 million identity‑theft incidents in the U.S. alone were attributed to malware in recent years.
    • 39 % of organisations faced general malware attacks in the past year.
    • In 2025, the number of disclosed vulnerabilities (CVEs) increased from 20,385 in H1 2024 to 23,667 in H1 2025, up 16 %.
    • 40 % of malware attacks result in data theft or sensitive information leaks.
    • Attackers increasingly deploy malware‑free techniques; for example, 79 % of detections were malware‑free.

    Data Breaches and Leaks

    • In 2025 so far, 53 % of data breaches were classified as system intrusion, up from 36 % in 2024.
    • In 2025, 61 % of data breaches involved compromised emails, while 39 % included stolen phone numbers.
    • The global average cost of a data breach hovered around US $4.88 million in recent years.
    • Human error or insider activity was present in 95 % of data breaches in 2025.
    • Cloud misconfigurations caused 23 % of public‑cloud incidents, and 21 % of all cloud incidents resulted in a data breach.
    • Over 2.8 billion passwords were posted on criminal forums in 2024 alone.
    • Credential abuse was the initial access vector in 22 % of non‑error/non‑misuse breaches in 2025.
    • Phone numbers and passwords were compromised in 39 % and 28 % of data breaches respectively in 2025.

    Online Fraud and Financial Theft

    • U.S. consumers lost US $16.6 billion to online scams and internet crime in 2024, a 33 % increase from 2023.
    • According to a U.S. survey, 21 % of adults say they have lost money due to an online scam or attack.
    • Individuals 60 and over lost US$4.8 billion from cyber‑scams in 2024.
    • The Federal Trade Commission recorded more than a four‑fold increase since 2020 in reports of impersonation scams stealing tens or hundreds of thousands from older adults.
    • Investment fraud involving cryptocurrency resulted in over US$6.5 billion in losses in 2024.
    • Lower‑income households (26 %) were more likely than higher‑income households (15 %) to say they had lost money to an online scam.
    • Credit‑card fraud accounted for 43.9 % of identity‑fraud theft cases.
    • “Pig‑butchering” romance/investment scams in the crypto‑space grew by ~40 % YoY and contributed a major share of crypto‑fraud losses in 2024.

    Business Email Compromise (BEC)

    • BEC attack volume increased by 13 % in February 2025 compared to January, with gift‑card scams accounting for over 30 % of cases.
    • In May 2025, BEC volume rose by 48 % compared to April; gift cards were the most common cash‑out method, representing 25.2 % of all methods.
    • In June 2025, BEC attack volume increased by 37 % compared to May; credential phishing became the most common cash‑out method at 46.2 %.
    • The average amount requested in wire‑transfer BEC attacks reached US $96,200 in May 2025, up 19 % from April.
    • BEC attacks originate from free webmail providers in 66 % of cases vs maliciously registered domains in 34 % (May 2025).
    • Daily volumes continue to rise: one report indicates over 21,000 complaints related to BEC were filed in 2024, with losses across years reaching US$8.5 billion just in the 2022‑24 period.
    • The BEC market size is expected to grow from US $1.9 billion in 2024 to US $2.22 billion in 2025, reflecting a compound annual growth rate of 17 %.
    • BEC attacks make up more than 50 % of all social‑engineering incidents in some assessments.
    • Around 70 % of organisations report being targeted by BEC attacks, making it one of the top attack vectors.

    Cyber Crime by Industry Sector

    • In 2025, the financial services sector reported that 45% of organisations had experienced an AI‑powered cyberattack (deepfakes, hyper‑phishing, malware) in the past 12 months.
    • The healthcare sector continues to incur the highest breach costs, with some studies showing average breach costs in healthcare exceeding US$10.9 million per incident and increasing into 2024–25.
    • Manufacturing and critical infrastructure saw a rise in supply‑chain attacks; approximately 60% of C‑suite executives say supply‑chain risk is the most likely threat to their business.
    • Small and medium‑sized businesses (SMBs) across sectors report that 71% of cyber‑leaders believe their cyber risk outpaces their cybersecurity capabilities.
    • Retail and e‑commerce firms faced credential‑stuffing and web‑shell malware increases of 30%+ year‑on‑year in 2024–25.
    • The energy & utilities sector reported an accelerated “breakout time” for cyber incidents, one major provider saw infiltration to ransomware in under 51 seconds in 2024.
    • In the public sector/government category, a survey found that 72% of respondents believe cyber‑risks have risen in the last year.
    • Cyber‑insurance premiums for companies in high‑risk sectors (finance, healthcare, critical infrastructure) rose by ~33% in 1H–2025.

    Cyber Crime by Region and Country

    • The Federal Bureau of Investigation (FBI) recorded more than 800,000 complaints in 2024 in the United States with losses exceeding US $16 billion, a ~33% increase from 2023.
    • The United States accounts for 86% of all North American cyber‑incident volume in 2025.
    • In North America, deepfake fraud surged by 1,740% between 2022 and 2023, with losses in Q1 2025 alone exceeding US $200 million.
    • Rapidly digitalising economies in Asia are being targeted disproportionately, flagged as “faster‑growth” cybercrime zones.
    • Country ranking data for 2025 show top‑targeted nations: the US, Ukraine, Israel, Japan, the UK, Saudi Arabia, Brazil, India, Germany, and Poland.
    • European law enforcement agencies report that criminals are using AI to scale cross‑border operations, making attribution harder.
    • In Southeast Asia in 2023, cyber‑scammers stole an estimated US$37 billion in fraud, aided by generative‑AI and virtual‑asset flows.
    • The Middle East and North Africa region saw supply‑chain and cloud‑intrusion incidents grow by approximately 75% year‑on‑year, leading into 2025.

    Cyber Crime Demographics (Victims & Criminals)

    • Victims aged 60 and over filed more than 147,000 complaints in 2024 in the U.S., accounting for US $4.8 billion in losses.
    • Approximately 32% of business leaders had no confidence that their employees could identify a deepfake fraud attempt.
    • Globally, around 60% of consumers said they encountered a deepfake video in the past year.
    • Among organisations hit by ransomware, 63% believe the root cause was an exploited vulnerability.
    • In a study of phishing simulations, roughly 1 in 5 users clicked a phishing link, and 11% admitted to clicking again after a warning.
    • Cyber‑criminal tool‑kits such as MaaS (Malware‑as‑a‑Service) allow individuals with minimal skills to launch attacks, lowering the barrier to entry.
    • Nearly 40% of people doubt their ability to distinguish real from fake voices (voice‑cloning scams).
    • Organisations report that unchecked third‑party vendors are now involved in over 20% of initial access incidents.

    Notable Cyber Crime Incidents

    • In June 2025, a major U.S. tax‑resolution firm was hit by a double‑extortion ransomware attack, resulting in 69 GB of data stolen.
    • A large manufacturing company suffered a ransomware breach in March–April 2025 affecting over 15,000 employees and dependents with SSNs, driver’s licences and medical information stolen.
    • In early 2025, a global architecture firm lost US$25 million via a deepfake video conference scam where the CEO’s voice was cloned.
    • An entertainment ticketing platform in South Korea was hit with a ransomware attack causing service disruption for 4+ days and concert postponements.
    • In 2024–25, multiple government agencies in the UK dealt with more than 15 million cyber‑attacks in one year, ~40,000 threats daily in some departments.
    • A major retailer exposed nearly 3,000 customer accounts via credential‑stuffing attack in June 2025.
    • 305,033 BEC scams between 2013–2023 caused over US $55 billion in losses.
    • The largest known zero‑day vulnerability cluster in 2025 identified 3,508 zero‑day vulnerabilities as of June, averaging ~585/month.

    Cyber Crime and the Supply Chain

    • In 2025, 60% of organisations say cyber‑security risk is a key factor in selecting third‑party vendors or transactions.
    • Supply‑chain attacks are now flagged as the top threat vector by many security executives worldwide.
    • Misconfigurations in cloud or third‑party systems caused 23% of public‑cloud incidents and 21% of those led to a breach.
    • The fastest “break‑out time” for malware from supplier‑side intrusion was under 51 seconds in one documented case.
    • Smaller suppliers were identified as entry points in 20% of major incidents in 2025.
    • In 2025, multichannel attacks combining supply‑chain and social‑engineering vectors increased by more than 40% year‑on‑year.
    • Organisations that performed continuous vendor validation reported an average breach cost of US $1–2 million less than those that did not.

    Emerging Techniques and Technologies in Cyber Crime (AI, Deepfakes, etc.)

    • Deepfake fraud cases surged 1,740% in North America between 2022 and 2023, with losses exceeding US $200 million in Q1 2025 alone.
    • In 2025, polymorphic malware was present in ~76.4% of phishing campaigns.
    • Phishing attacks driven by generative AI increased by 1,265% in 2024–25 in some reports.
    • Voice‑cloning scams: one in ten adults globally has experienced an AI voice scam; of those, 77% lost money.
    • Attackers are automating reconnaissance and weaponisation using AI tools, reducing “time to compromise” significantly.
    • Organisations say roughly 50% of executives believe generative AI will advance adversarial capabilities such as phishing, malware, and deepfakes.
    • Deepfakes are now responsible for ~40% of all biometric fraud in some segments.
    • Fraud losses via generative‑AI technologies in the U.S. are projected to rise from US$12.3 billion in 2023 to US$40 billion by 2027.

    Cyber Crime Prevention and Response

    • Organisations that perform regular tabletop cyber‑incident drills reduce breach cost by up to US $2 million on average.
    • By 2025, 60% of organisations plan to include cyber‑security risk as a material consideration in M&A and third‑party engagements.
    • Cyber‑insurance premiums are rising ~33% in 2025 for high‑risk sectors, pushing organisations to invest in prevention.
    • AI‑powered defence tools are now used by over 50% of enterprise security teams, yet many organisations report that adversarial AI still outpaces defence deployments.
    • Vendor risk‑management maturity is now cited as a key metric by board‑level governance in 72% of large firms.
    • Organisations with a formal “incident‑response team + cyber‑hygiene training” programme saw 30% fewer successful attacks in 2025.
    • Under 2% of illicit criminal cyber‑proceeds are recovered by law‑enforcement globally, emphasising the need for prevention over cure.

    Frequently Asked Questions (FAQs)

    How much is global cybercrime projected to cost annually by 2025?

    It’s expected to reach about US $10.5 trillion per year by 2025.

    What was the average global cost of a data breach in 2024?

    The average global cost reached approximately US$4.88 million in 2024.

    By what percentage did cybercrime damage costs grow year‑on‑year toward 2025?

    They are estimated to be growing by roughly 15% per year heading into 2025.

    How much did U.S. consumers lose to internet crime and scams in 2024?

    Losses exceeded US $16.6 billion, marking a ~33 % increase from the prior year.

    What share of organisations believe generative AI will enhance adversarial cyber‑capabilities?

    Around 50% of executives believe generative AI will advance attacker capabilities such as phishing, malware and deepfakes.

    Conclusion

    The landscape of cybercrime in 2025 is marked by unfolding complexity, rapid innovation by threat actors, and escalating cost and impact across industries and regions. From deepfakes and AI‑enabled attacks to supply‑chain compromises and targeted breaches, organisations and individuals face a broader risk surface than ever before. However, the data also show that proactive prevention, vendor risk‑management, incident preparation and investment in adaptive defence can make a meaningful difference.

    References

    Share.

    Related Posts

    Add A Comment
    Leave A Reply