The Top 37 Cyber Crime Statistics You Need To Know In 2025
Cyber crime has evolved into one of the most significant challenges facing today’s world.
Defined broadly as illegal activities carried out or facilitated through digital systems, cyber crime ranges from simple phishing scams to sophisticated ransomware attacks that can cripple entire organizations.
We will delve into key trends, highlight major cyber threats, analyze industry-specific vulnerabilities, and offer practical recommendations for bolstering security posture.
Key cyber crime stats for 2025
- Cyber crime is anticipated to cost the global economy USD 10.5 trillion annually by 2025 [2].
- There has been a 30% increase in global cyber attacks during the same period from Q2 2023 to Q2 2024 [5].
- 4,100 data compromises were officially documented worldwide in 2023 [4].
- The financial impact, including losses from investment fraud and business email compromise, reached nearly USD 10.3 billion per the 2023 IC3 Internet crime report [1].
- Cybercrime costs are growing 15% per year in the years leading up to 2025.
- In many cases, people fall victim to multiple forms of exploitation simultaneously, such as phishing scams combined with investment scams.
- During the height of the Covid-19 pandemic, phishing incidents rose by 220%.
- Global daily estimates suggest that over 2,200 cyber attacks occur every day [6], while some estimate that the number might even exceed 3,000 in particularly active months.
- The cost of a data breach can be devastating. In fact, the average data breach cost reached approximately USD 4.45 million per incident in 2023 [9]. That is an increase from USD 4.35 million in 2022.
- The breach costs for large-scale intrusions in critical sectors can surge well beyond USD 10 million, underscoring the dire need to invest in robust cyber security measures.
- Cyber crime is estimated to have caused financial losses of USD 12.5 billion in the United States alone in 2023.
- Experts estimate that up to 90% of cyber incidents involving smaller or medium-sized organizations may never appear in official records because some victims prefer to handle breaches quietly, fearing reputational harm or lacking confidence in legal recourse.
- Cyber crime affects a wide range of age groups, but individuals over 60 accounted for about 23% of cybercrime victims.
Below is a chart summarizing reported incidents and total estimated losses from some of the key years (2018–2023).
While these figures illustrate a growing challenge, it is also critical to note that many incidents go unreported.
Key questions on global cyber crime
- Based on data from 2023 and 2024 analyses, global cyber crimes statistics point toward a year-over-year increase of roughly 30–40% in reported cases, with total annual losses crossing USD 10 billion in the United States alone [1] [5].
- Although estimates vary, studies often cite that roughly 70% of all cyber attacks specifically target small-to-midsize businesses [6]. This is due to limited cyber security budgets, lower security posture, and a lack of specialized IT staff among smaller entities.
- Experts note that phishing continues to be a prime vector used by criminals to breach organizations. The FBI’s internet crime report frequently ranks phishing attacks as the most reported complaint category, leading to a high cybercrime victim count each year.
- Typically, the top 5 cybercrimes are:
- Phishing attacks (including spear-phishing)
- Ransomware attacks
- Business email compromise
- Investment fraud / investment scams
- Identity theft
- Global daily estimates suggest thousands of incidents every day, translating to hundreds of thousands or even millions per year. By some calculations, at least one attack is attempted every 39 seconds worldwide [6], demonstrating how quickly people fall victim on a continual basis.
Analysis of trends & emerging threats
Growth factors
Multiple factors drive the growth of cybercrime victims. The widespread shift to remote work has extended corporate perimeters, making it easier for threat actors to exploit vulnerable endpoints.
The expansion of the Internet of Things (IoT) means more devices—and thus more potential entry points for criminals.
Meanwhile, the ongoing digital transformation in finance, healthcare, and retail industries has created new avenues for criminals to launch damaging attacks and exfiltrate sensitive data.
AI-Driven exploits
Emerging threats include the use of artificial intelligence for hyper-personalized phishing attacks—sometimes referred to as “deepfake extortion.”
Forbes has also reported on “GhostGPT,” an AI tool criminals may use to refine malware or create highly convincing scam emails [10].
This innovation underscores how quickly adversaries adapt to new technologies, staying one step ahead of traditional detection methods.
Vertical-specific threats
Highly regulated sectors—such as the healthcare industry, financial services, and government institutions—face increased attacks due to the high value of personal data.
Healthcare data breaches can expose medical records and other confidential patient information.
As a result, the healthcare sector is consistently ranked among the most frequently targeted by hackers target, as these institutions often store large volumes of sensitive information.
Healthcare organizations also face large regulatory fines when a data breach occurs, which adds to their overall breach costs.
Human element
Cybersecurity professionals frequently highlight the human element in security. While advanced technical defenses can mitigate a wide range of intrusions, end-user mistakes remain a key factor behind many security breaches.
Social engineering attacks pivot on deception, tricking victims per scenario into clicking malicious links or divulging login details. Training employees and the public to recognize red flags in phishing scams is, therefore, paramount.
Regional or sector-specific insights
Certain regions see higher rates of particular crimes. Ransomware hits the United States especially hard, as reported by the FBI.
However, internet crime is not limited to one nation; other countries also face surges in social engineering, ddos attacks, and data exfiltration.
The finance sector endures repeated intrusions due to direct monetization potential, while the healthcare industry is targeted for personal data that criminals can use in identity theft schemes.
Check Point Research found that more than half of all corporate networks in Africa and parts of Asia experienced at least one infiltration attempt in 2024, surpassing other global averages [5].
Meanwhile, certain industries, including critical infrastructure and e-commerce, remain prime targets. Because each industry has distinct regulatory obligations and data-handling procedures, the motivation and methods used by criminals vary significantly.
Discrepancies also arise from local legislation and law enforcement capacity. In countries where cybersecurity regulations are lax, criminals operate with greater impunity.
Similarly, the absence of robust legal frameworks can hinder cross-border investigations, leaving many cyber crime victims without recourse or restitution.
The impact of data breaches in numbers
One cannot overstate the role of the data breach in modern cybercrime. According to Statista’s 2023 findings [4], the global count of data compromises soared beyond 4,100 incidents—up from under 4,000 the previous year.
Key data points indicate that each intrusion can affect hundreds of thousands, if not millions, of breached accounts, depending on the target’s size. In some events, entire customer databases have been leaked to the dark web, fueling subsequent identity theft or investment fraud.
The average data breach cost stands at USD 4.45 million [9], factoring in immediate incident response, legal fees, lost business, and reputation damage. The cost of a data intrusion can escalate further when high-value personal data or intellectual property is stolen.
In analyzing the per victim perspective, each compromised record can lead to an average cost of approximately USD 180 per victim (though estimates vary), indicating how expensive large-scale security breaches can become.
Recent high-profile data breach cases, such as the Marriott incident, impacted up to 500 million customer records at one point [11]. These data compromises highlight the severe reputational hits companies face.
Experts warn that as cloud computing, mobile apps, and IoT proliferate, criminals will have more opportunities to infiltrate corporate systems.
Financial impact of cyber crimes

The global financial impact of cybercrime is projected at $8 trillion in 2023. Cybercrime damage costs are expected to increase by 15% annually, potentially reaching $10.5 trillion by 2025.
Total monetary losses
In 2023, cybercrime in the United States led to an estimated monetary loss of:
- 12.5 billion U.S. dollars (significant financial impact of cybercrime)
- 72.7 million U.S. dollars due to SIM swapping in 2022
- 4.6 million U.S. dollars from phishing attacks reported in 2021
- 100 million U.S. dollars in financial losses from phishing attacks to Facebook and Google in 2017
These statistics highlight the massive financial impact of cyber crime statistics on individuals and organizations alike.
Sector-specific financial impact
Cybercriminals target sectors with high-value data, particularly healthcare and finance, leading to significant financial losses.
Ransomware attacks in the healthcare sector cost on average $10.1 million per breach. The finance sector also experiences severe impacts from cyber crimes due to the sensitive data it holds.
The financial risks for both healthcare and finance sectors underscore the need for robust cybersecurity measures.
These sectors are often targeted by hackers due to the valuable information they store, making them prime targets for cyber attacks.
Ransomware attacks and financial losses
Ransomware attacks are among the most disruptive forms of cyber crime. By encrypting critical files and demanding payment—often in cryptocurrency—criminals place enormous pressure on organizations to decide between paying the ransom or risking permanent data theft.
In 2023, the FBI’s IC3 noted that ransomware victims reported total financial losses exceeding USD 34 million [1]. However, these figures likely underrepresent the full scale of the problem, as many victims per year do not report attacks to law enforcement.
Furthermore, ransomware attacks have become more sophisticated, employing “double extortion” tactics where criminals also threaten to release personal data online if ransoms remain unpaid. This approach adds an extra layer of pressure and can lead to further data privacy violations.
Healthcare providers, municipal governments, and educational institutions are consistently singled out due to the vital nature of their services, with criminals betting they cannot afford extended downtime.
Financial impact of ransomware
The financial cost of ransomware attacks is substantial. Here are some key statistics:
- The average cost of a ransomware attack is estimated at $1.85 million.
- In 2023, a staggering 72.7% of organizations experienced ransomware attacks.
- Around 236.1 million ransomware attacks were reported worldwide in the first half of 2022.
- On average, mid-sized organizations pay a ransom of approximately $170,404.
- 54% of organizations did not recover more than half of their data after a ransomware attack.
- From 2019 to 2021, ransom payments increased by 449%.
- By 2031, it is predicted that ransomware costs to victims will reach $265 billion.
This estimate highlights the significant financial impact of ransomware attacks.
These statistics highlight the critical need for proactive measures to prevent ransomware attacks and mitigate their financial impact.
Business email compromise and investment fraud
Business email compromise (BEC) is another high-impact form of cyber crime, manipulating corporate payment processes to divert funds.
According to the IC3 internet crime report [1], BEC accounted for over USD 2.7 billion in reported losses in 2022 alone, making it one of the costliest categories of fraud reports. Criminals often impersonate CEOs or suppliers, convincing accounting staff to transfer money into fraudulent accounts.
Investment fraud and investment scams, meanwhile, continue to proliferate online. Fake trading platforms, cryptocurrency ponzi schemes, and unauthorized “brokers” con thousands of cybercrime victims out of billions of dollars annually.
These crimes rely heavily on social engineering to cultivate trust among victims per fraudulent scheme. Once again, the human element underscores how criminals exploit psychological vulnerabilities to orchestrate elaborate con jobs.
Insider threats and DDoS attacks
Insider threats present a unique challenge: employees (or contractors) with legitimate access to corporate systems misuse privileges, either intentionally or inadvertently, leading to detrimental security breaches.
While not as widespread statistically as external hacks, insider threats can be more costly because they exploit trusted permissions. By the time they are discovered—if they ever are—the damage done through data theft can be substantial.
DDoS attacks do not typically lead to stolen data or immediate financial theft. However, they can cause significant operational downtime, resulting in secondary financial harm. A well-timed DDoS incident can disrupt online retail, streaming services, or vital infrastructure.
The complexity of these attacks cost organizations in terms of lost revenue, resources spent on mitigation, and potential reputational damage.
Fraud reports and phishing victims
Phishing scams remain a significant portion of fraud reports globally. They rely on emails, text messages, or phone calls that impersonate legitimate institutions—such as banks or e-commerce sites—to trick phishing victims into disclosing passwords, credit card details, or other personal data.
The FBI’s 2023 Internet crime report documented over 300,000 complaints related to phishing alone [1].
While advanced email filters and AI-driven threat detection systems have made strides, criminals continuously adapt to bypass these measures. Some sophisticated phishing attacks incorporate brand-specific designs, official logos, and well-crafted domain names that appear nearly identical to the real sites.
Training and awareness are critical to reducing the number of cybercrime victims who might be falling victim to these schemes.
Data privacy challenges
Data privacy is an increasingly pressing concern as the number of reported personal data breaches escalates.
Companies that fail to protect sensitive data face legal implications under regulations like the EU’s General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA).
The cost of a data incident also compounds when non-compliance fines come into play.
Although public awareness of data privacy has grown, the risk is still high. From large-scale data compromises to small-scale cyber crime incidents, criminals continue to exploit vulnerabilities in corporate networks.
Implementing robust access controls, encryption, and continuous monitoring can significantly reduce the likelihood of breaches and subsequent personal data breaches.
The human cost—victims per age group
The phrase “victims per age group” underscores that cybercrime victims span every demographic.
Although younger generations tend to be more tech-savvy, they may still be susceptible to advanced social engineering or smartphone-based scams.
Conversely, older generations, while sometimes less digitally literate, often have significant financial resources—making them prime target victims for criminals.
Across multiple studies, the incidence of cybercrime victims is high among those in the 18–34 bracket, but individuals over 55 also report heavy monetary losses when they do become victims.
Regardless of age, the per victim cost can escalate quickly if banking details are compromised. As connectivity grows, criminals continue refining their techniques to tailor attacks for each age group’s digital habits.
Characterizing the per victim perspective
When analyzing the effect of cyber crime from a “per victim” perspective, we find wide variations in outcomes.
For example, a typical instance of phishing scams might result in a few hundred dollars stolen from an individual’s bank account, while a sophisticated business email compromise scheme could entail hundreds of thousands of dollars in fraudulent wire transfers.
That means the average cost per victim can range from under USD 100 (for petty credit card theft) to well into the millions (for large corporate BEC or data breach scenarios).
Quantifying these differences helps security professionals and policymakers allocate resources effectively. Understanding how criminals tailor their methods by age group, device usage, or financial standing is crucial to designing effective preventive measures.
Although one might assume that big corporations represent the most lucrative targets, criminals have found that focusing on thousands of small-scale victims per day can be equally profitable, if not simpler, to execute.
Future outlook for 2025
Industry experts predict an even steeper rise in cyber crime over the next two years. As generative AI continues to evolve, criminals will harness it for more convincing phishing attacks and possibly for automating vulnerability discovery.
The 2025 outlook remains grim, with estimates that cyber crime will cost the world USD 10.5 trillion annually—up from roughly USD 8 trillion in 2023. This spells significant challenges for government agencies, private enterprises, and individual internet users.
In tandem with these projections, the healthcare industry and financial sectors appear poised for further targeting. The intensification of advanced persistent threats (APTs) also points to greater infiltration of supply chains, potentially causing widespread disruptions.
In parallel, there is growing anticipation of regulatory moves worldwide, particularly around data localization and mandatory breach reporting, aimed at mitigating the impact of future data breaches.
References
- Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3). 2023 Internet Crime Report
- Cybersecurity Ventures. Cybercrime Damage Costs to Reach $10.5 Trillion by 2025
- eSentire. 2023 Official Cybercrime Report
- Statista. Cyber Crime & Security: Data and Statistics
- Check Point Research. 2024 Global Cyber Attacks Increase: 30% YoY
- TechJury. How Many Cyber Attacks Per Day?
- TechJury. Cyber Security Statistics
- TechJury. Cybercrime Statistics
- IBM. Cost of a Data Breach Report 2023
- Forbes. GhostGPT: The New Cybercrime AI Used by Hackers
- CSO Online. Marriott Data Breach FAQ