By the Numbers: 50 Cyber Crime Statistics for 2025
2 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 5 (2 votes, average: 5.00 out of 5, rated)
Loading...

By the Numbers: 50 Cyber Crime Statistics for 2025

Explore the industry’s latest cyber crime statistics worldwide to stay abreast of the latest developments and how they may affect businesses and customers worldwide

Why do bad guys rob banks? “Because that’s where the money is.”

This famous quote is attributed to U.S. bank robber William Francis “Slick Willie” Sutton, the 11th criminal to make it on the FBI’s 10 Most Wanted Fugitives list (and the 22nd bad guy caught because of it). 

But Sutton lived in a time before the internet and digital transactions. Nowadays, many modern criminals (cybercriminals) use computer keyboards and servers to carry out crimes. Cybercrime is a burden that affects everyone, from small businesses and large enterprises to the customers they serve. It impacts organizations, governments, and people across local, national, and worldwide communities.

So, what are the latest cyber crime statistics and facts to know in 2025?

Let’s hash it out.

50 Cyber Crime Facts, Trends, and Statistics (Broken Down by Category)

To make this list of cybercrime stats easier to peruse, we’ve divided the topic into several critical categories. Select a topic from the list below to explore relevant cyber crime statistics:

Here’s a quick snippet of key cyber crime statistics:

Cyber crime statistics infographic citing statistics from multiple sources (all of which are listed on the infographic in the bottom-right corner)

However, one thing to keep in mind with all of these cyber crime statistics is that they’re created using different metrics. This can make the information appear contradictory at times because of the differences in how the data is collected and processed.

An Overview of the Cyber Crime Industry

This first section aims to provide a high-level perspective of global cyber crime statistics and trends within the industry as a whole.

  1. The cost of cybercrime is expected to top $12 trillion by 2025. To put that in perspective, that’s an average of $32,876,712,328.77 per day, or what nearly equates to the total GDP of Cyprus every day in a standard year. (Source: Computer Crime Research Center)
  2. More than $55 billion has been lost to 305,033 domestic & international BEC scams in a 10-year period between Oct 2013 and December 2023. The FBI reports that between October 2013 and December 2023, $55,499,915,582 was stolen in 305,033 reported incidents. (Source: FBI IC3 Alert Number I-091124-PSA).
  3. Addresses identified as illicit accounts received at least $40 billion (perhaps as much as $51 billion) in funds stolen via crypto crimes in 2024. (Source: The Chainalysis 2025 Crypto Crime Report)
  4. Only an estimated 2% of illicit criminal proceeds are recovered by law enforcement. This is despite substantial investments in cyber crime prevention and combat measures. (Source: Europol’s EU Serious and Organised Crime Threat Assessment 2025)
  5. Global cybercrime costs are expected to top $15.6 billion by 2029. This marks an increase of nearly 70% over a five-year span. (Source: Statista Market Insights)
  6. 71% of cyber leaders believe the growing complexity of cyber risks outpaces small organizations’ cybersecurity capabilities. This was the consensus of surveyed professionals at the Annual Meeting on Cybersecurity 2024. (Source: Web Economic Forum’s Global Cybersecurity Outlook 2025)
  7. Ransomware threat actors netted $813+ million in payments from victims in 2024. This is despite the industry showing a year-over-year decrease from $1.25 billion in 2023. (Source: The Chainalysis 2025 Crypto Crime Report)
  8. $96 million stolen through disaster scams in 2024. Cybercriminals stole $96+ million in donations under the guise of fraudulent charities, disaster relief organizations, and emergency crowdfunding initiatives. (Source: FBI IC3 Alert Number I-011625-PSA)
  9. “Stablecoins” represent nearly two-thirds of all illicit transactions. This is because cybercriminals have been slowly moving away from Bitcoin. (Source: The Chainalysis 2025 Crypto Crime Report)
  10. Half of cybercriminals appearing before judges in Netherlands courts are age 25 or younger. (Source: Cybercrimebeeld Nederland 2024 [i.e., Cybercrime Monitor Netherlands 2024])

A Look at How Cyber Crimes Affect Your Bottom Line

Business is booming for bad guys, but what does that mean for the businesses they’re targeting? The following cyber crime stats will provide some insights.

  1. CDK Global was hit with a ransomware attack in June 2024 that resulted in a $25 million ransom payment in addition to weeks of downtime that cost automotive dealerships more than $1 billion in direct losses. (Source: Anderson Economic Group)
  2. Ransomware payments jumped an astonishing 500% in 2024. The median price of a ransomware attack quintupled from $400k to $2 million. (Source: Sophos State of Ransomware 2024)
  3. The average cost of ransomware recovery = $2.73 million. As if the price tag of the ransomware demand itself wasn’t bad enough, the average cost organizations have to bear in the form of recovery efforts comes in at a whopping average of $2.73 million (Source: Sophos State of Ransomware 2024)
  4. GDPR non-compliance fines topped €5.6 billion as of January 2025. The sum of the 2,288 GDPR-related non-compliance fines that have been implemented since July 2018 reached €5,634,916,783. That’s an average of €2,462,813 per fine. (Source: GDPR Enforcement Tracker)
  5. 63% of businesses admit they’re more willing to pass along the costs of cyber incidents on to consumers rather than invest in additional security measures. This is an increase of 6% over the previous year’s survey. (Source: IBM’s 2024 Cost of a Data Breach report)
  6. North Korea’s nation-state hacker group TraderTraitor is responsible for stealing ~$1.5 billion from Bybit’s cryptocurrency exchange. (Source: FBI Alert Number: I-022625-PSA)
  7. Four in five CFOs indicate that cybersecurity challenges have forced them to “delay or cancel any innovation or technology initiatives” in the last 12 months. This is based on a survey of CEOs at firms struggling with high operational uncertainty. (Source: PYMNTS Intelligence’s 2025 Certainty Project)  

How Phishing-Related Cyber Crimes Affect Organizations’ Reputations

This section of cyber crime statistics examines the impact of these scenarios on organizations and their relationships with customers.

  1. Lost business and post-breach response costs increased nearly 11% to $1.47 million between March 2023 and February 2024. This includes revenue losses stemming from system outages, losses of customer relationships, and reputational harm. (Source: IBM’s 2024 Cost of a Data Breach report)
  2. Microsoft’s brand was used in 32% of phishing attacks in Q4 2024. The tech giant ranked #1 as the cybercriminals’ favorite brand to impersonate in phishing scams. (Source: Check Point Research)
  3. On average, more than half (55%) of the brand impersonation attacks companies experienced in 2023 stemmed from their own brands. Imagine the toll it would take on your reputation if this happened to your business. (Source: Perception Point’s 2024 Annual Report of Cybersecurity Trends & Insights)
  4. One in five emails the Perception Point’s Incident Response team observed in 2023 were illegitimate. (Source: Perception Point’s 2024 Annual Report of Cybersecurity Trends & Insights)
  5. Healthcare providers were estimated to have lost more than $100 million per day due to the 2024 Change Healthcare-related outage. This estimate came from Carter Groome, CEO of First Health Advisory during an interview with CNN. (Source: CNN)

The Industries and Data Most Targeted by Cybercriminals

Wondering which industries are getting hit the worst? The answer depends on which source you consult…

  1. Healthcare edges out Finance as Kroll’s most breach sector. Healthcare snagged 23% of breaches in 2024 (up from 18% in 2023), whereas Finance dropped back from 26% to 22%. (Source: Kroll’s Data Breach Outlook 2025 report)
  2. Nearly 54% of the breaches identified as relating to System and Human Errors that were reported to the ITRC in the past 30 days involved Financial Services organizations. As of the time of writing this article, this means that seven out of 13 were Financial Services organizations. (Source: We calculated this based on information listed in the ITRC Breach Alert data breach search tool.)
  3. Interactive intrusion campaigns jumped 35% from 2023 to 2024. Technology remains the “reigning champion” (i.e., the top-targeted industry) for honors that no industry wants to be recognized for. (Source: CrowdStrike’s 2025 Global Threat Report)
  4. Copies of passports can fetch upwards of $3,800 on the dark web. Prices average $600 for this type of personally identifiable data. (Source: NordVPN’s Dark Web Case Study)

Cyber Crime Statistics Relating to Attack Vectors

Threat actors are always looking for the most efficient or cost-effective ways to carry out attacks. Sometimes, this involves using simple or elaborate social engineering scams. Other times, it’s exploiting unpatched known vulnerabilities within systems.

Explore the following cyber crime statistics aim to get a better idea of how they do what they do.

  1. 4.3 million machines globally were infected by infostealer malware applications. More than 75% were categorized as one of three specific strains: Lumma, StealC, or Redline. (Source: KELA’s The State of Cybercrime 2024)
  2. Infostealer malware accounted for 330+ million compromised credentials in 2024. (Source: KELA’s The State of Cybercrime 2024)
  3. 83% of data breach victim notices stemmed from the five “mega breaches.” Of those breaches, four of which were reportedly “preventable.” (Source: ITRC’s 2024 Annual Data Breach Report)
  4. Although U.S. data compromise incidents decreased by 1% overall, the number of breach notices skyrocketed 211% year over year. This is largely due in part to the five aforementioned “mega-breaches” that account for 100+ million notices going out after each event in 2024. (Source: Identity Theft Resource Center [ITRC] 2024 Annual Data Breach Report).
  5. 76% of intrusion breaches involved bad guys using one or 10 specific vulnerabilities. The majority of these incidents involved remote access tools (59.4%) or other external exploits (33.2%). (Source: Arctic Wolf’s 2025 Threat Report)
  6. Phishing and vishing (voice phishing) attacks led to breaches and significant financial losses for more than 90% of surveyed organizations. This was based on data from the previous 12 months. (Source: CyberArk 2024 Identity Security Threat Landscape Report)
  7. Two in four business email compromise (BEC) phishing emails are crafted using generative AI. (Source: VIPRE Security Group’s Email Threat Trends Report for Q2 2024)
  8. 44% of phishing emails originated from compromised accounts. What makes matters worse is that8% of those messages specifically came from within the organizations’ supply chains. (Source: Egress’s Phishing Threat Trends Report)
  9. Employees with a company for fewer than 7 weeks are the most commonly targeted by VIP impersonation phishing emails. (Source: Egress’s Phishing Threat Trends Report)
  10. Phishing attacks exploiting social media and work collaboration platforms account for 40% of phishing campaigns. Examples of such platforms include Microsoft Teams and Slack. (Source: HoxHunt’s Phishing Trends Report)
  11. Cybercriminals’ average “breakout time” decreased nearly 23% from 62 minutes to 48 minutes in 2024. Breakout team = how long an intruder takes to move laterally across a network after gaining initial access. (Source: CrowdStrike’s 2025 Global Threat Report)
  12. The fastest breakout time CrowdStrike observed in 2024? A chilling 51 seconds. This is down from 2 minutes and 7 seconds the year prior. (Sources: CrowdStrike’s 2024 Global Threat Report and 2025 Global Threat Report)

What Cyber Threats Organizations Are Combatting

Saying that fighting cybercriminals is an uphill battle is one heck of an understatement. Even when public and private sector organizations are doing the right things, it’s sometimes still not enough. As you’ll see in the following cyber crime stats, organizations globally have their hands full.

  1. 54% of organizations identify supply chain vulnerabilities as their top barrier to cyber resilience. (Source: World Economic Forum’s Global Cybersecurity Outlook 2025)
  2. 99% of state and local government ransomware attacks involved backup compromise attempts. What makes this worse is that more than half of these attacks were successful. (Source: Sophos State of Ransomware 2024)
  3. Machine identities top the list of the riskiest types of digital identities.This is according to more than 2,400 cybersecurity professionals globally who were surveyed. (Source: CyberArk 2024 Identity Security Threat Landscape Report)
  4. Machine identities are anticipated to outnumber human identities “100 to 1 very soon.” This is according to Matt Barker, VP & Global Head of Workload Identity Architecture at CyberArk. (Source: CloudNativeNow.com)
  5. 93% of surveyed organizations reported experiencing at least two identity-related breaches in the previous year. (Source: CyberArk 2024 Identity Security Threat Landscape Report)
  6. 95% of cybersecurity professionals indicate their organizations are using 10+ “identity-related cybersecurity initiatives.” Source: CyberArk 2024 Identity Security Threat Landscape Report)

How Organizations Are Fighting Back

The following cyber crime statistics explore how companies are taking a stand against cybercriminal activities and the investments they make to combat them.

  1. 10+ million — that’s how many user accounts were registered on two underground cybercrime forums (Cracked and Nulled) that were taken down by authorities. The multinational law enforcement operation netted two arrests and the seizure of 17 servers, 50+ electronic devices, and ~€300,000 in cash and cryptocurrencies. (Source: Europol’s press release “Law Enforcement Takes Down Two Largest Cybercrime Forums in the World”)
  2. Nearly one in four organizations indicates it plans to boost security investments after a breach. Wouldn’t it be better to make those additional investments beforehand to stop one from happening in the first place? (Source: IBM’s Cost of a Data Breach 2024)
  3. Cybersecurity budgets increased from 8.65 in 2020 to 13.2% in 2024. This indicates that organizations are dedicating larger portions of their overarching IT resources to these initiatives.(Source: IANS’ 2024 Security Budget Benchmark Summary Report)
  4. The global AI cybersecurity market is expected to grow at a compound annual growth rate (CAGR) of nearly 22% between 2023 and 2028 to top $60 billion. (Source: Markets and Markets’ report Artificial Intelligence in Cybersecurity Market by Security Type Global Forecast to 2028)
  5. Arctic Wolf’s Threat Negotiation team, part of its Incident Response (IR) team, has reduced aggregate ransom demands by 64%, and 70% of clients didn’t pay ransoms. (Source: Arctic Wolf’s 2025 Threat Report)
  6. Survey respondents indicated that their top resource investment priority is Incident response planning and testing (55%). This was followed by threat detection and response technologies (51%) and employee training (46%). (Source: IBM’s Cost of a Data Breach 2024)

Want More Cybersecurity and Cyber Crime-Related Statistics?

Check out our other related articles to get a clearer picture of what’s happening around the industry:

This article has been updated by Casey Crane in March 2025 to reflect new industry data and cybercrime statistics. It was previously updated in October 2023 and was originally written by Casey Crane in 2021.

Be the first to comment

Leave a Reply

Your email address will not be published. We will only use your email address to respond to your comment and/or notify you of responses. Required fields are marked *

Captcha *

Author

Casey Crane

Casey Crane is a regular contributor to and managing editor of Hashed Out. She has more than 15 years of experience in journalism and writing, including crime analysis and IT security. Casey also serves as the Content Manager at The SSL Store.