Social media is playing a growing role in cybercrime this year — here are the top cybercrime stats to know about this $1.5 trillion (and growing) industry as we move into 2020
If you’re looking for the most up-to-date cybercrime statistics, you’ve certainly come to the right place. (We really like our numbers around here.)
For businesses and organizations, cybercrime is all encompassing — and its collective impact is staggering. Not only does cybercrime leave a mark financially, but it also has a significant impact on an organization’s services, reliability, and reputation in the eyes of the public, shareholders, and even your own employees.
In this article, we’ll break down what cybercrime entails and take a look at some of the most notable cyber crime statistics and trends for 2019. We’ll also dive into some of the trends and stats the experts are pointing to for 2020 and the next few years to come.
Let’s hash it out.
What we’re hashing out…
- Social media is playing a growing role in cybercrime this year — here are
the top cybercrime stats to know about this $1.5 trillion (and growing)
industry as we move into 2020
- What is Cybercrime?
- Cybercrime Statistics: How Much Money are Cybercriminals Making?
- Cybercrime Statistics: The Top Methods of Attack and Related Cybersecurity
- Cybercrime Statistics: Who Are the Victims?
- Cybercrime Statistics: Top Industries Targeted
- Cybercrime Statistics: The Worldwide Costs of Cybercrime
- Cybercrime Statistics: The Role of Cybercurrencies in Cybercrime
- Cybercrime Statistics: Cybercriminals Love Social Media
- Cybercrime Statistics: Predictions and Trends in the Coming Years
What is Cybercrime?
Also called computer crime, the term “cybercrime” is very broad term and represents a wide variety of criminal activities that are conducted by using and/or targeting a computer or related system. Merriam-Webster defines cybercrime as: “: criminal activity (such as fraud, theft, or distribution of child pornography) committed using a computer especially to illegally access, transmit, or manipulate data.”
This type of definition now includes virtually any type of electronic devices. Cell phones. Cameras. IoT devices. Servers and databases. The list goes on and on.
Some cybercriminals conduct their business via the dark web but not all. Some choose to use more public channels such as social media. And, certainly, the examples listed in this definition are not exhaustive. There are many other examples of cybercrime, including:
- ransomware attacks,
- malware attacks,
- crypto mining, cryptojacking, and other digital currency scams,
- identity theft, or impersonating another person or company,
- stealing, leaking or manipulating data, information, or intellectual property,
- violating privacy,
- human and sex trafficking, and
- selling weapons or drugs online.
There are certainly other types of cybercrimes to include on this list. But we know you’d jump right into the cybercrime statistics info.
With that in mind, here’s our list of the top cybercrime statistics we’ve collected for the year 2019.
Cybercrime Statistics: How Much Money are Cybercriminals Making?
Cybercrime represents the fastest-growing types of crime in the United States — and the world as a whole. Not only are the cyber attacks that fall within this category growing in number, but they’re also increasing in both size and sophistication. This results in an increasingly large price tag for governments, businesses, and organizations of all sizes. It also means business is booming for cybercriminals.
In our previous article on cybercrime statistics in 2018, we discussed a six-month study by Bromium, an endpoint security company, and cybercrime researcher Dr. Michael McGuire. The report, titled “Into the Web of Profit,” examines the new platforms used by cybercriminals in the flourishing cybercrime economy. This year, the company released another report “Social Media Platforms and the Cybercrime Economy,” and it serves as the next chapter in the Into the Web of Profit series. Only this time, it examines the role social media platforms play in the world’s cybercrime economy.
We’ll cover some statistics from both of these reports — along with others from many reputable organizations, companies, and government institutions — throughout this article.
1 — The cybercrime industry generated at least $1.5 trillion in revenue in 2018 (and that’s a conservative estimate!)
The first cybercrime report by Bromium and McGuire estimates that cybercrime created more than $1.5 trillion in profits in the year 2018 alone. However, it’s critical to note that McGuire openly admits that those estimates may not paint a complete picture — that the estimates are conservative, and the numbers may actually skew higher.
But even if we were just to go by this number, it’s terrifying to think of just what that entails. If cybercrime was a country, it would rank 13th in terms of its GDP when considering the most recent (2018) GDP data from the World Bank. This would place it firmly between the Republic of Korea, which currently has a GDP of $1.6 trillion, and Australia, which has a GDPR is a little more than $1.4 trillion.
2 — Social media-enabled cybercrimes generate $3.25+ billion in global revenue per year
The social media-focused research from Bromium and McGuire indicates that social media plays a growing role in perpetuating cybercrime. According to the research, social media-enabled crimes generate at least $3.25 billion to the growing cybercrime economy each year.
To put that in perspective, that’s nearly the net worth of movie mogul Steven Spielberg, whose net worth is estimated to be $3.6 billion, according to The Forbes 400 list for 2019.
3 — Social media contributes to the sale of stolen personal data in an underground economy that’s now worth about $630 million per year
It’s no secret that cybercriminals use the dark web and other various channels to engage in criminal activities. But did you know that these actors use social media to steal your personal information? As far as cybercrime statistics go relating to social media, Bromium’s study data indicates that between 45% to 50% of all illicit trading of personal information — this includes everything from stolen credit card info to usernames and passwords — can be traced back to breaches of social media platforms.
4 — $76 billion of the cybercrime economy involves Bitcoin
Bitcoin definitely appears to be the reigning champion when it comes to being the favorite cryptocurrency of cybercriminals. A research study from two universities in Australia indicates that “around $76 billion of illegal activity per year involves bitcoin (46% of bitcoin transactions), which is close to the scale of the US and European markets for illegal drugs.”
5 — 4.1 reported records exposed in the first half of 2019
Risk Based Security reports that in the first six months alone, 4.1 billion records were exposed via data breaches in 2019. Now, keep in mind, this number doesn’t even include data breaches that went unreported or undiscovered. This means that there could potentially be millions more exposed records that we just don’t know about. Not very comforting, is it?
But with these cybercrime stats in mind, what are some of the statistics of cybercrime relating to how they perform their attacks?
Cybercrime Statistics: The Top Methods of Attack and Related Cybersecurity Concerns
There are numerous types of cyber attacks that criminals are using to achieve their goals. These types of attacks range include everything from hacking and phishing to distributed denial of service, SIM-swapping, and ransomware attacks. Regardless of their chosen method of attack, though, it’s essential for your business to implement cyber security awareness training as part of your prevention and risk mitigation methods.
So, what are some of the top cybercrime statistics relating to attack methods?
6 — 85% of organizations reported experiencing phishing and social engineering attacks
Phishing and social engineering attacks are now as common as wearing flip-flops in Florida (thongs or sandals for you international readers) Accenture Security’s 2019 “The Cost of Cyber Crime” annual report indicates that the number of organizations that reported experiencing phishing and social engineering attacks increased 16% year over year.
7 — Malware ranks as the most costly type of attack for organizations
Accenture Security’s 2019 report indicated that malware cost organizations an average of $2,613,952 in 2018. This is an increase of 11% over the previous year. The next most costly type of attacks were web-based attacks, which cost an average of $2,275,024 per year in 2018.
8 — Three-quarters of businesses report insider threats as a significant concern
Data from KnowBe4’s 2019 Security Threats and Trends global survey of 600 organizations indicates that “76% of organizations say the biggest and most persistent security threat comes from ‘the enemy from within.’” This describes careless end users who regularly endanger organizations by engaging with phishing emails, ransomware, malware, and other dangerous content.
9 — 96% of survey respondents report email phishing scams as the top security risk
The same KnowBe4 report also indicates that nearly all of the survey’s participants identify email phishing scams as the greatest security threat to businesses. And considering that nearly half of the survey participants also indicated that they’re worried about their organization falling victim to targeted scams, it serves to further underscore the importance of cyber awareness training.
Cybercrime Statistics: Who Are the Victims?
10 — An average of 300,000 cybercrime-related complaints are received each year by the FBI IC3
Cybercrime doesn’t discriminate. The victims of cybercrime involve individuals, organizations, and businesses alike — virtually everyone from all walks of life. In its 2018 Internet Crime Report, the FBI’s IC3 reports that the organization receives an average of 300,000 cybercrime-related complaints per year — that’s an average of 900 complaints per day.
11 — Seniors over age 60 are the preferred victims of cybercrime against individuals
Senior fraud scams are increasingly common and result in significant losses each year. In 2018 alone:
- 62,085 victims age 60 or older reported $649,227,724 in losses to cybercrime.
- An additional 48,642 victims ages 50-59 reported losses of $494,926,300 in the same year.
That’s a combined amount of more than $1.14 billion in a single year between these two age groups! However, let me just remind you of one important thing: This number represents reported losses. This means that there are likely many other victims —and much larger losses — than what we know.
Cybercrime Statistics: Top Industries Targeted
12 — More than 22% of ransomware attacks in Q1 2019 targeted professional services organizations
Coveware reports that professional services — companies such as certified public accountants and law firms — were the top choice of ransomware attacks (22.4%) in the first quarter of the year. This was followed by software services (17.2%) and healthcare organizations (10.3%) such as small healthcare providers and specialists. They’re valuable targets to cybercriminals because they are responsible for protecting their patients’ extremely sensitive personal and medical data, yet they’re often under protected and unprepared in terms of IT security and data backups.
To our readers in the healthcare and professional services industries in particular, please pay attention. We don’t want to see your organization’s name in domestic or international news headlines.
13 — More than 25% of malware attacks targeted banks and financial services in 2018
Intsights Cyber Intelligence reported in April that more malware attacks (25.7%) targeted global banks and financial services institutions (FSIs) than other industry they tracked that year. Furthermore, their research indicates that there were substantial year-over-year increases in several types of attacks:
- compromised credit cards (212%),
- credential leaks (129%) and
- malicious apps (102%).
Cybercrime Statistics: The Worldwide Costs of Cybercrime
When we talk about the “costs” of cybercrime, this term can mean a few different things. Costs typically entail:
- direct financial costs that result from the crime,
- indirect costs, or
- prevention and mitigation costs.
So, what are some of the top cyber crime statistics by country? Here are a few to note:
14 — The U.S. leads the way with more than $27 million in annual costs relating to cybercrime
… Wait, this isn’t exactly the type kind of title we should be proud of. But it’s still critical information for all of us to know.
Accenture Security’s 2019 “The Cost of Cybercrime” study indicates that there were significant regional differences where cybercrime costs were concerned in 2018. However, the United States continued to hold its No. 1 title with the highest annual costs relating to cybercrime — $27.4 million, an increase of 29% over the previous year.
15 — Cybercrime in the U.K. and Japan rose significantly — 31% and 30% — in 2018
The Accenture Security report also indicates that the largest increase year-over-year increases were experienced by the United Kingdom (31%) and Japan (30%), respectively. Their annual cybercrime costs increased to $11.5 million (U.K.) and $13.6 million (Japan). While they’re still nowhere near the U.S.’s level of cybercrime annual costs, we’re likely to see these costs continue an upward trajectory.
Cybercrime Prevention Costs
16 — The U.S. President’s proposed FY 2020 budget requests more than $17 billion for cybersecurity and cyber operations
Even with all of the resources at his disposal, thwarting cyber threats and preventing cybercrime is a huge concern for Uncle Sam. That’s why the United States’ proposed fiscal year budget for 2020, which is available on the White House website, requests “$17.4 billion of budget authority for cybersecurity-related activities.” This is an increase of $790 million (5%) over the FY 2019 estimate. It’s important to note, however, that this amount doesn’t represent the entire cyber-related budget for (obvious) security reasons.
Can’t really blame Uncle Sam for not wanting to hold his cards close to the vest, right?
Regardless, here’s a breakdown of some of the disclosed initiatives we do know about in the proposed FY 2020 budget:
- $1+ billion to support Department of Homeland Security (DHS) cybersecurity efforts.
- $9.6+ billion to advance the Department of Defense (DOD)’s three primary cyber missions.
- $156+ million to support “early-stage research” and increase cyber resilience of system for the recently established Office of Cybersecurity, Energy Security, and Emergency Response.
- $13 million for the Department of the Treasury’s Office of Critical Infrastructure Protection and Compliance Policy.
17 — The spending on cybersecurity products and services anticipated to surpass $1 trillion by 2021
In its Secure Anchor-sponsored 2019 Cybersecurity Market Report, Cybersecurity Ventures reports that global spending on cybersecurity market products and services will exceed $1 trillion cumulatively between 2017 and 2021.
In 2018 alone, worldwide spending on infosec services and products surpassed $114 billion — a market that’s anticipated to grow to $170 billion in 2022.
18 — Cyber security awareness training expected to reach $10 billion by 2027
Almost every article you read online about cyber security harps on the importance of cyber awareness and security training. Heck, we’re guilty of that ourselves because we know that training is essential to help mitigate certain cyber threats and vulnerabilities. That’s why it’s not surprising that Cybersecurity Ventures also reports that security awareness training is on the rise. However, the number is certainly attention-grabbing: $10 billion by 2027.
This trend is expected to continue through nearly the next decade as cyber-defense strategies become fundamental to more major corporations.
19 — 30% of survey respondents say their organizations don’t have a separate security budget
Considering the number of cyber attacks and data breaches making headlines globally each year, it’s hard to believe that some organizations don’t place greater importance on their cybersecurity defenses. Unfortunately, research definitely shows that’s still the case.
For example, KnowBe4’s 2019 Security Threats and Trends Report indicates that nearly a third of surveyed organizations don’t separate their security budget from their annual IT capital expenditure budget. To add insult to injury, about 13% report that they allocate “less than $25,000 on security spending” and 50% dedicate “less than or up to 50,000 a year to purchase security products, software or security awareness training.”
I have to ask: Have these organizations learned nothing from Yahoo, Marriott, Equifax, or any other major corporations in recent years? It must be a case of “it won’t happen to me,” or what’s also known as optimism bias.
Costs Resulting from Damages
20 — Cybercrime damages are anticipated to cost $6 trillion per year by 2021.
Although we shared this cybercrime statistic in our 80 eye-opening cyber security statistics article earlier this year, we’d be remiss to not at least mention it here. This number, which comes from Cybersecurity Venture’s 2019 Annual Crime Report (ACR), is double their 2015 prediction of $3 trillion in cybercrime costs annually.
21 — Cybercrime costs $2.9 million to the global economy every minute
Research from Risk IQ’s “The Evil Internet Minute 2019” report indicates that one minute on the internet carries a price tag of $2.9 million to the global economy. In their report, Risk IQ researchers state that top companies pay $25 per minute due to cyber breaches.
22 — More than $26 billion in losses reportedly lost to BEC and EAC scams specifically
The FBI’s Internet Crime Compliant Center (IC3) reports that $26,201,775,589 was exposed in 166,349 domestic and international business email compromise/email account compromise (BEC/EAC) scams between June 2016 and July 2019. As far as FBI cyber crime statistics go, this is one of the most important to know.
If current trends continue and these types of scams keep growing, I’d hate to see what they’re going to report in their next BEC report…
Cybercrime Statistics: The Role of Cybercurrencies in Cybercrime
Depending on the side of the (digital) coin you look at, there are positives and negatives to the use of cryptocurrency. Blockchain digital currencies fall outside the control or scope of the European Union’s financial regulations. As such, it’s challenging for law enforcement and other government entities to track — which is, of course, part of the purpose of using it altogether.
Digital currencies such as Bitcoin, Ethereum, Ripple, Dash and others are attractive options to a variety of individuals. They’re attractive to both law-abiding users who want their governments to butt-out and keep more control over their money and cybercriminals who want to transfer funds without detection.
So, how do these digital funds contribute to the cybercrime industry? Here are some enlightening cybercrime statistics on cryptocurrencies:
23 — 98% of ransomware payments are made via Bitcoin
Hands down, Bitcoin continues to rank as the leading cryptocurrency payment method of choice for cybercriminals. Coveware reports that when actors launched ransomware attacks in Q1 2019, 98% demanded payment via Bitcoin.
24 — In 2018 alone, cryptocurrency exchange hacking cost around $1 billion
The hacking of cryptocurrency exchanges is “far and away the most costly type of crypto crime,” according to a report by Chainanalysis. Their research tracks two major hacking groups that largely contributed to the theft of these funds during that year. The average cost per hack by these groups? A cool $90 million. They achieved this by frequently moving the stolen currency through a complex network of exchanges and digital wallets that involves moving the funds at least 5,000 times.
25 — Tens of millions of dollars have been lost to SIM-swapping attacks
SIM-swapping is a crime that involves a criminal transferring a victim’s mobile account to a device they have in their possession. It’s a method of attack that cybercriminals like to use against people within the cryptocurrency community in particular because it’s profitable. In its 2019 Cybersecurity Almanac, Cybersecurity Ventures estimates that these crimes have resulted in tens of millions of dollars of cryptocurrencies being stolen.
Cybercrime Statistics: Cybercriminals Love Social Media
Social media as a useful tool for users and cybercriminals alike. For end users, it’s a way to connect with family and friends. For cybercriminals, it’s a wealth of information that they can use as part of their social engineering tactics as well as a platform to launch malware attacks. The risks associated with social media platforms is particularly good for businesses to know considering that many employees use company computers and other devices to access their personal social media accounts.
Heck, maybe you do that yourself during your lunch break. After all, who doesn’t enjoy watching and sharing a funny cat video or two to give your brain a break in the middle of the day?
Regardless, for this section, we’ve pulled together some statistics from the Bromium social media study and studies by other notable organizations to address cybercrime relating to social media.
26 — Up to 40% of social media sites have some form of turn-key hacking tools or services available for purchase
The widespread availability of cybercrime tools is a growing concern for SMBs and enterprises alike. Bromium’s research indicates how easy it is for even the least knowledgeable cybercriminals to engage in cyber attacks with ready-made tools, solutions, training, and hacking-for-hire services:
One account on Facebook offers the opportunity to trade or learn about exploits and advertises on Twitter to attract buyers. We also found evidence of botnet hire on YouTube, Facebook, Instagram and Twitter, with prices ranging from $10 a month for a full-service package with tutorials and tech support to $25 for a no-frills lifetime subscription – cheaper than Amazon Prime.”
27 — Fraud attacks on social media increased 43% in 2018
By the end of last year, social media fraud attacks rose significantly. This increase in fraud may be attributed in part to the use of automation tools, RSA Security reports. Regardless of the reason, though, it just serves to further emphasize the need for users to be hypervigilant when it comes to their social media activities and security efforts.
28 — Fraud revenues increased by 60% since 2017 thanks to social media
In short, cybercriminals are having a heyday with social media. Bromium’s social media data indicates that they’re able to conduct a variety of fraudulent activities using these social networking platforms. For example, they can engage in financial fraud, romance/dating fraud, and impersonate major brands across all channels including major platforms like Facebook, Twitter, and LinkedIn.
29 — The data of 1.3+ billion social networking users has been compromised within the past 5 years
We’ve all seen the headlines about businesses being breached and user accounts being compromised. Social platforms are no different. In fact, according to Bromium, the accounts of more than 1.3 million social media users have been compromised in the past five years.
This statistic doesn’t really come as a surprise to me. It seems like every couple of months I receive obvious phishing messages from friends’ compromised Facebook accounts. The messages try to get me to click on a link. Or, I’ll even receive a friend request from a fake account impersonating them that’s trying to add me as a friend.
Nice try, hackers. Keep phishing, ‘cause I ain’t bitin’.
Cybercrime Statistics: Predictions and Trends in the Coming Years
There are some interesting and notable trends in the cybercrime industry. In an article about cybercrime statistics, we’d be remiss to not at least highlight some of the biggest predictions, forecasts, and trends from experts within the industry.
So, without further ado, here are some notable trends and predictions of what we can expect to see within the industry over the next few years:
30 — Only 15% of firms report being notified by a third-party vendor notifying them of a breach the vendor caused
A 2019 survey of 600 IT and security decision makers by eSentire and Spiceworks shows that of the 250 surveyed companies that indicated experiencing a breach, only 15% were notified of the breach by the respective vendor who caused it. Yeah, that’s some shady business right there.
In some ways, it’s unsurprising that vendors don’t want to inform their corporate clients about the data breaches they cause. This could be, in part, due to the reputational risks or accountability involved with disclosing a cyber breach. But regardless of wounded egos or reputational concerns, it’s the responsibility of every vendor to inform their customers of any breaches they cause. Shame not everyone likes to live up to such ethical standards.
31 — More than 70% of cryptocurrency transactions will involve illegal activities by 2021
Cybersecurity Ventures predicts that the use of cryptocurrencies for nefarious activities will jump significantly in a little more than a year. The cybersecurity research firm forecasts that these illicit activities will jump from current estimates of 20% of the five major cryptocurrencies by 2021.
32 — The amount of data stored in the cloud will increase 100x by 2021
It’s no secret that cloud storage for data is on the rise. No matter whether you’re talking about public clouds, private clouds owned by businesses, or government ones that are accessible by the public, Cybersecurity Ventures predicts that the number will increase one hundredfold by 2021. This makes for an incredibly data-rich target environment for cybercriminals.
33 — Cybercrime breaches are anticipated to increase nearly 70% by 2024
The cost of data breaches to businesses is on the rise. Experts expect costs (direct and indirect) relating to cybercrime breaches to jump from $3 trillion to more than $5 trillion within the next five years! In their August 2019 press release, Juniper Research indicates that the costs of cybercrime will show an average annual growth of 11%. This data comes from their report “The Future of Cybercrime & Security: Threat Analysis, Impact Assessment & Mitigation Strategies 2019-2024.”
Why Cybercrime and Related Activities Are So Important to Study
But if computers are so dangerous, why are companies and individuals increasingly reliant on them? It’s because digital technologies and the internet are staples in the modern economy — and in our modern lives as a whole. They’re essential to not only ecommerce but to other aspects of our lives as well — everything from entertainment to business and government operations. Why bother hand-delivering or mailing in a check when you can pay bills online? And who doesn’t love the convenience of online banking?
Regardless of how or why we’re all using these things, the fact is that we are using them. And with all the perks of these conveniences and benefits come certain risks as well. This is why businesses, governments, and other organizations and institutions need to invest the time, money, labor, and attention to addressing cyber security vulnerabilities. Every little bit helps in the uphill battle against cybercriminals.