The cost of cybercrime statistics is projected to be $10.5 trillion annually by 2025

Cybercrime Statistics 2025

• Scale of crime: In 2024, the FBI logged 859K+ complaints with losses exceeding $16B, a 33% jump from 2023.
• Global impact: Cybercrime costs projected to reach $10.5T by 2025, one of the largest wealth transfers in history.
• Breach economics: IBM reports $4.45M average breach cost 2023.
• Attack velocity: A cyberattack occurred every 39 seconds in 2023.
• Vectors: Phishing remains the most reported attack; ransomware incidents surged 73% globally in 2023.
• Why it matters: Escalating scale, speed, and cost mean businesses must invest in prevention, detection, and resilience.

What Are Cybercrime Statistics and Why They Matter

Cybercrime statistics measure the frequency, methods, and financial impact of online crimes fraud, hacking, ransomware, etc.. Agencies like the FBI’s Internet Crime Complaint Center IC3 and industry reports IBM, Trend Micro, APWG compile this data annually.

For example, the FBI’s latest report for calendar 2024 tallied 859,532 complaints of suspected internet crimes and >$16 billion in losses. These numbers jumped 33% from the prior year, signaling a rapid rise in attacks. In practical terms, a cyberattack hit businesses or individuals roughly every 39 seconds in 2023.

Why does this matter? These stats translate to real world impact: trillions of dollars lost, stolen data, and disrupted services. Cybercrime can cripple companies and essential services from small businesses to government agencies.

Understanding the scale such as the FBI's report or APWG’s 1,003,924 phishing incidents in Q1 2025 helps organizations prioritize security measures, budget, and training. Put bluntly, ignoring the data means risking your business.

Global Cost and Scope of Cybercrime

Cybercrime has become a global economic juggernaut. CompTIA analysts estimate that annual global Cybercrime Expected to Cost the World $10.5 Trillion Annually by 2025 a 10% YOY increase more than the GDP of most countries. This includes direct losses, ransoms, theft plus recovery and reputational damage.

To put it another way, at $10.5 T/year the world is burning through roughly $333,000 per minute on cybercrime. Even today’s reported losses $16 B in 2024 are just the tip of the iceberg, since many crimes go unreported. For perspective, the FBI emphasizes that reporting is critical last year people over age 60 filed the most complaints and suffered nearly $5 B in losses.

Cybercrime now rivals or exceeds organized crime in scale. Gartner and WEF identify it as a top global risk. The FBI notes that even with active disruption efforts e.g. LockBit takedown, losses still climbed. High profile cases Colonial Pipeline, JBS and automated attacks Trend Micro saw 161 billion threats blocked in 2023 underscore the volume and automation of modern attacks. This global surge is why tracking these stats is crucial.

Top Cybercrime Attack Types 2024 2025

• Phishing & Spoofing: Still king. The FBI’s 2024 report shows phishing/spoofing as the number 1 category of reported cybercrime. Victims received fraudulent emails/texts mimicking trusted sources. APWG noted 1,003,924 phishing attacks in Q1 2025 highest since late 2023, with 30.9% of those targeting financial/payments sectors. In short, a huge slice of cyber incidents roughly one third of reported attacks are phishing. New twists AI crafted emails, smishing texts, voice phishing keep this trend high.
• Ransomware: Explosive growth. Global ransomware incidents jumped 73% year over year in 2023. The Ransomware Task Force logged 6,670 ransomware attacks worldwide, US victims 2,800 of those. WatchGuard likewise reported a 95% increase in ransomware attack frequency in 2023. Attackers often target big game victims hospitals, utilities, banks to demand huge payouts. In fact, the FBI notes ransomware is now the most pervasive threat to critical infrastructure. Cryptocurrency ransoms hit record highs over $1 billion paid in 2023 as gangs perfected double extortion schemes. Our ransomware statistics and trends post covers these figures in context.
• Business Email Compromise BEC / Fraud: Enormous losses. Here attackers spoof executives or vendors to trick finance/HR staff into wiring money. FBI data has repeatedly shown BEC losses in the tens of billions. One analysis put global BEC losses to date at over $51 billion U.S. based IC3 reports highlight BEC as the costliest fraud type. Last year IC3 saw $6.5 billion lost to cryptocurrency investment scams. In practice, BEC and related fraud often top FBI complaints and average six figure losses per case, making it a major part of the fraud landscape.
• Malware non ransomware: Ubiquitous and evolving. Traditional malware Trojans, info stealers, bots remain very common. Trend Micro reported blocking 161 billion malicious incidents in 2023, nearly double the volume from five years ago. Notably, 2023 saw a 349% surge in email based malware detections meaning attackers are increasingly sending malicious attachments rather than just malicious links. Banking Trojans and credential stealers especially proliferated. Even though many malware attacks are broad and opportunistic, criminals innovate e.g. living off the land techniques. The sheer volume of detected malware is skyrocketing: one firm found threat traffic doubled over five years.
• Identity Theft / Fraud: On the rise. Mass data leaks and phishing feed identity fraud, which cost victims massively. According to Javelin Strategy Allstate, U.S. consumers lost $27.2 billion to identity fraud in 2024 a 19% jump from 2023 and much higher if you count related financial losses. Globally the figure is even larger, as stolen personal data fuels account takeovers, credit fraud, synthetic ID creation and more. Ransomware and malware often yield big caches of personal data, so identity crime is a downstream effect of cybercrime growth.
• Data Breaches: Widespread and costly. Data breaches where personal or business data is stolen remain frequent. Verizon’s 2023 DBIR counted 16,312 security incidents and 5,199 confirmed breaches worldwide. High profile breaches e.g. MOVEit 2023 added thousands more victims and tens of millions of records stolen. IBM found the average global data breach cost is now $4.45 million a 15% rise over three years. Healthcare breaches cost the most $10.93 M on average, followed by finance $5.9 M. Breaches also take longer to detect, often 200+ days driving up costs. For deep dive stats on breaches, see data breach statistics and trends.

These categories overlap for instance, phishing often triggers breaches or ransomware. But combined, they paint a picture of a cybercriminal ecosystem that is automated, profitable, and constantly morphing. As one practitioner puts it: Hackers are targeting fewer victims with more advanced attacks 2023’s surge in endpoint malware shows this shift.

Cybercrime Impact by Industry

Certain industries consistently draw outsized attacks and losses. Key examples:

• Healthcare: One of the hardest hit sectors. Healthcare organizations hold massive personal data and must operate 24/7, making them prime targets. IBM’s 2023 report found healthcare breach costs averaged $10.93 M by far the highest of any sector. Hospitals, insurers and clinics have seen rampant ransomware lockdowns of medical records and data theft. In fact, hospitals topped ransomware hit lists in 2022 23. IoT/medical device vulnerabilities and legacy systems add to the risk. Overall, attacks on healthcare continued climbing year over year in 2024. For more figures, see our healthcare data breach statistics and trends.
• Finance & Banking: A lucrative target. Attackers exploit online banking systems and finance staff. In 2023, IBM put financial sector breach cost at $5.9 M second only to healthcare. The sector sees constant phishing at customers for account creds and BEC at employees. In Q1 2025, for instance, 30.9% of all phishing attacks targeted the payment/finance industry. Banks and fintech firms also face heavy malware and credential stuffing attacks. Data theft from banks and crypto platforms frequently hits the hundreds of millions e.g. attacks by state linked hackers. Trend Micro notes banking was hardest hit by ransomware in 2023.
• Government & Critical Infrastructure: Geopolitics fuels attacks. Government agencies, utilities, and infrastructure energy, water, transit, etc. face frequent campaigns, from hacktivism to state sponsored espionage. CSIS reported a 138% jump in cyberattacks on Indian government entities 2019 2023. Similarly, the UK’s NCSC noted a three fold rise in significant cyberattacks in 2024 vs 2023. High profile examples SolarWinds, Colonial Pipeline underscore the stakes; even if direct losses are indirect, recovery costs and national security concerns make these costs huge. U.S. and allied agencies see ongoing efforts e.g. SolarWinds 2020, elections meddling, espionage theft that drive up overall incident counts.
• Education: Critical but under defended. Schools and universities increasingly face ransomware and breaches. A 2023 survey by Malwarebytes warned 2023 was the worst ransomware year on record for education. Attacks jumped from 129 to 265 a 105% increase in one year. Higher ed alone saw a 70% rise. Colleges frequently handle sensitive research and student data, but often lack strong IT defenses. K-12 schools also see waves of attacks, disrupting classrooms. Phishing and DDoS against education are also rising.
• Retail & Consumer: Payment data draws attacks. Retailers handle millions of card transactions, making them attractive for credit card skimmers and malware infected POS systems. Industry reports find nearly 24% of all breaches hit retail. As a result, consumers increasingly lack trust e.g. 62% of shoppers say they worry about data security at stores. E-commerce sites and their supply chains also see data breaches. See our key web components for pentesters page for more on e-commerce risks.
• Small & Medium Businesses: Not too small to ignore. It’s a myth that only big enterprises are attacked. SMBs face constant attacks too for example, 43% of cyberattacks target organizations with under 100 employees. In practice, smaller firms often lack mature defenses, making BEC, ransomware and phishing easy for criminals. See cyber attacks on small businesses for details. Insurance claims from cyber incidents in SMBs are rising sharply as well.

In summary, no sector is immune. Where data or money flows, criminals will follow. Sectors with valuable data health, finance or weaker security education, small biz see especially high attack rates and costs.

Mitigation Steps & Takeaways

Given these worrying stats, what can organizations do? Here’s a quick checklist:

1. Prioritize Phishing Defense: Train employees rigorously on spotting phishing. Deploy email filtering and multifactor authentication. Remember, phishing remains the number 1 attack vector. Regularly test staff with simulated phishing.
2. Backup and Patch: Maintain offline backups of critical data to survive ransomware. Ensure all systems are up to date unpatched software was involved in many attacks Verizon DBIR shows 32% of breaches exploited known vulnerabilities.
3. Incident Response Planning: Develop and rehearse an incident response plan. Organizations often discover breaches late practicing IR can shave months off response time and save millions.
4. Invest in Detection: Deploy modern security monitoring e.g. XDR and consider AI assisted tools to detect anomalies quickly. IBM found AI/automation can cut breach life by 108 days and save $1.76M per breach. Rapid detection is key: each hour of delay costs big money.
5. Penetration Testing & Assessments: Regularly test your defenses internal/external pen tests, red teaming. Catching gaps early is far cheaper than fallout later. DeepStrike’s penetration testing services help find hidden vulnerabilities before attackers do.
6. Leverage Data & Frameworks: Use these stats to justify security budget and controls. Align with frameworks like NIST CSF or ISO 27001 to cover high risk areas. For specific mapping, see NIST CSF pen testing guidance.
7. Cyber Insurance & Compliance: If applicable, maintain cyber insurance and make sure to meet requirements like PCI DSS 11.3 or HIPAA’s pen test rules. Keep logs and evidence, as rising costs mean insurance claims are under more scrutiny. Check out our article on cyber insurance claims trends and data for more.

Organizations should think of these stats as a wake up call. More attacks mean more risk but also more actionable data. Track industry reports, adapt controls, and treat cyber defenses as a continuous investment, not a one time project.

Cybercrime statistics for 2024-2025 send a clear message: attacks are faster and more expensive than ever. Rising losses, booming ransomware, and unchecked phishing show that threat actors have the upper hand unless we adapt. Staying informed about these trends is step one; step two is action.

Ready to Strengthen Your Defenses? The threats of 2025 demand readiness. If you're looking to validate your security posture, identify hidden risks, or build a resilient defense strategy, DeepStrike is here to help. Our team of practitioners provides clear, actionable guidance to protect your business. Explore our penetration testing services to see how we can uncover vulnerabilities before attackers do. Drop us a line we’re always ready to dive in.

About the Author

Mohammed Khalil is a Cybersecurity Architect at DeepStrike, specializing in advanced penetration testing and offensive security. Certified CISSP, OSCP and OSWE, he has led red team engagements for Fortune 500 firms in finance, healthcare, and tech. Mohammed dissects complex attack chains and builds resilient defenses by living the adversary’s methodology. With over a decade of hands-on experience, he’s passionate about translating these threats into practical security advice for organizations.

FAQs

• What is the global cost of cybercrime projected to be in 2025?

Industry analysts estimate around $10.5 trillion per year by 2025. That includes direct losses, thefts, ransoms plus cleanup and downtime. Costs have been rising 10% annually, making cybercrime effectively one of the world’s largest economies.

• How many cyber attacks occur each day?

Cybercriminals now launch attacks roughly every 30-40 seconds. For example, WatchGuard cites a study saying there were over 2,200 attacks per day in 2023 one every 39 seconds. Frequency is increasing: that’s faster than the 44 second interval noted for 2022.

• What is the average cost of a data breach in 2023?

According to IBM’s 2023 study, it was about $4.45 million globally. Critical sectors paid even more healthcare breaches averaged $10.93 M. Breach costs include detection, notification, remediation, and lost business.

• What are the most common cyber threats today?

Phishing and email fraud top the list by incident count FBI identified phishing/spoofing as the number 1 complaint in 2024. Ransomware is very common too, especially against enterprises. Global ransomware incidents grew 73% in 2023. Other frequent threats include business email compromise, malware infections, and data breaches. In short: email based scams phishing/BEC and data encrypting ransomware are the biggest risks.

• Which industries face the highest cybercrime costs?

Healthcare and finance lead in breach costs. Healthcare organizations see the highest per incident costs $10.93 M due to sensitive data and regulation. Financial services also have high breach costs $5.9 M plus heavy attack volume. Critical infrastructure and government face strategic threats, while education and small businesses suffer from rising ransomware. Sector specifics vary, but all sectors are targeted in today’s environment.

• How can organizations use this data to improve security?

These statistics highlight where to focus defenses. For example, knowing phishing leads the way means beefing up email security and training. A high breach cost suggests investing in prevention backups, patching and quick detection. Companies should update risk assessments and controls based on these trends. In practice, use this data to justify budgets for staff training and testing.