The latest cybercrime statistics illustrate an important truth about threat actors: when it comes to cyber activity, it’s pretty much all about the money.
Hackers doing it just for kicks, idealists, and politically-motivated saboteurs attract a fair amount of press, but these groups actually make up a very small part of the threat landscape.
If—and when—a cyber security attack hits you, it’s a safe bet that a criminal is seeking financial reward at the other end.
So, how likely is it that you’ll be targeted by cybercriminals? Who are they? What do they want? What tools and tricks are they using right now, and what can you do to stop them?
Our roundup of recent cybercrime stats casts light on all of this. Let’s jump in.
Cybercrime Statistics Trends
Cybercriminals usually either want to steal your data to make money out of it or extort you. Very often, it’s a bit of both.
Here’s a closer look at the prevalence and growth of criminal activity over recent times, the volume of attacks and breaches, and an overview of cybercrime geo hotspots.
Cybercrime Motivations and Attack Rates
1. Financial theft was the desired impact in 88.4% of all attempts to intrude, manipulate, steal, interrupt, or destroy data and systems in 2023, making financial gain the primary motive across all areas of cybercrime.
2. Malicious intrusion attempts—i.e., attempts to gain access to an application with the intent of causing harm or compromising data—increased to 11.3 billion in 2023, a 6% increase from 2022.
3. In 2023, there was a 74.3% increase in extortion activity.
4. More than 90% of cyber security attacks involve credential or data theft.
5. Researchers recaptured around 1.38 billion stolen passwords from the darknet in 2023, an 81.5% increase from 2022.
6. More than 6 billion additional exposed credentials were discovered on the dark web in 2023, bringing the total number of stolen credentials discovered to more than 36 billion. Threat actors frequently use stolen credentials to gain access or launch credential-stuffing attacks.
7. In March 2024, over 299 million data records were compromised by threat actors, a 58% increase from the previous month and a 613% increase from 2023.
8. According to Surfshark estimates, more than 17 billion user accounts have been leaked worldwide from 2004 to date.
9. 2023 saw a record 4,819 compromised entities named on data leak websites.
10. In 2023, the LockBit ransomware group named an unprecedented 1,000+ entities on data leak websites. Other groups—e.g., Clop and ALPHV—adopted new extortion tactics, including filing SEC complaints, using cloned domains to leak data, and leaking data via torrents.
11. Projections suggest that cybercrime groups earned more than USD $900 million from extortion in 2023, a year-on-year increase of 80%.
12. Global cybercrime damage costs are expected to grow by 15% per year over the next two years, reaching USD $10.5 trillion by 2025, up from USD $3 trillion in 2015.
Geographical Hotspots and Trends for Cybercrime
Cybercrime attack rates: regional variations
13. Africa has the highest pro-rata incidence of cybercrime targeting businesses in the five global regions. In Q1 2024, there were 2372 average weekly attacks of all types per organization in Africa. This was a 20% year-on-year increase compared to the same period in 2023.
14. 80% of companies in the US and 85% of companies in Asia, Europe, Africa, and Latin America say they’ve been successfully hacked in an attempt to steal, change, or make public important data.
15. The United States was the country most impacted by ransomware attacks in 2023. 49% of all observed ransomware attacks were against US organizations.
16. US internet users are exposed to data breaches the most. The US ranks first according to Surfshark’s analysis of the number of data points leaked per-capita.
17. The US has lost 37 data points per-capita to breaches between 2004 and 2024.
18. Over the same period, Russia comes second with 30 data points lost per-capita.
19. France ranks third with 22 data points lost per-capita.
20. Top 10 countries for data leaks by number of leaked data points (2004-2024):
Countries with the highest and lowest cybercrime risks
Threat detection specialist MixMode has ranked countries based on their preparedness and susceptibility to cybercrime by analyzing various indices, including the National Cyber Security Index, Cybersecurity Exposure Index, and Global Cybersecurity Index.
21. Finland, Norway, and Denmark all have a cyber safety score of 92 or above and the lowest risk of cybercrime in all countries.
22. Bolivia has a cyber safety score of 38.39 and the highest cybercrime risk of all countries.
Common Targets of Cybercrime
With sensitive and potentially highly valuable data on offer, it’s no surprise that finance and healthcare continue to feature heavily among the most frequently attacked sectors for various attack types.
However, especially over the last year or so, criminals seem to be increasingly focusing on areas such as SaaS and social media.
Cybercrime by Industry Sector
Sectors most frequently breached by cybercriminals
23. In the first four months of 2024, healthcare was the most breached sector in terms of the number of publicly disclosed incidents. IT services and software were the sectors most impacted by breached data records.
Sectors most frequently targeted with malware and ransomware
24. Education is the industry sector most likely to be targeted with a malware attack. The volume of attacks against this sector rose by 157% between 2021 and 2022.
25. In the year to 2023, the retail and finance sectors saw year-on-year increases in the volume of malware attacks of 50% and 86%, respectively.
26. In 2023, manufacturing was the sector most impacted by ransomware. 12.9% of all ransomware cybercrime victims were organizations in the manufacturing sector.
27. In 2023, technology was the second most impacted sector by ransomware. 7.9% of ransomware cybercrime victims were technology businesses.
Sectors most frequently targeted with phishing attacks
28. In Q1 2024, attacks on social media platform providers accounted for 37.4% of all phishing attacks, up from 18.2% in Q1 2023.
29. Taken together, phishing attacks against the SaaS/Webmail and social media sectors now represent almost 60% of all detected phishing attacks.
30. Phishing attacks against financial institutions have fallen steadily as a proportion of all attacks, from 24.9% in Q3 2023 to 9.8% in Q1 2024. Cybercriminals are thought to be directing their activities less towards organizations with the most stringent controls (e.g., banking) and more towards social media and webmail accounts.
Cybercrime by Organization Size
31. In 2023, over 75% of cyber incident response cases handled by Sophox X-Ops were for small businesses.
32. 70% of ransomware attacks small businesses.
33. 94% of small business cyber incidents investigated by Verizon last year involved external threat actors (85% for large businesses).
34. 98% of cyber attacks on small businesses are driven by financial motives (97% for large businesses).
35. An average small business employee with less than 100 employees will receive 350% more social engineering attacks than an employee of a large enterprise.
Cybercrime Victim Demographics
36. For phishing, Millennials are the most frequently targeted age group, making up 37.4% of phishing targets.
37. IT leaders identify finance professionals (27%) and IT team members (23%) as the individuals within their organizations most likely to be targeted by cybercriminals through phishing attacks.
38. Cybercriminals may be more likely to target remote workers than office-based employees. 80% of infosec professionals say they’ve seen increased security threats since the shift to remote working. 62% said that phishing attacks had increased more than any other type of threat.
Profiles of Cybercriminals
Russia seems to be the single biggest source of the world’s cybercrime activity. Most threat actors are either part of—or loosely affiliated with—organized crime gangs. At the same time, however, the continued rise of Malware-as-a-Service platforms allows lone wolves and part-time criminals to thrive.
Geographical Location of Cybercriminals
39. Developed by the University of Oxford and UNSW Canberra, the World Cybercrime Index (WCI) ranks the most significant sources of cybercrime nationally. Russia is ranked as the most significant source of cybercrime, with a WCI score of 58.39.
40. Russia is the most significant source of phishing attacks globally. In 2023, it accounted for over 30% of unsolicited spam emails.
41. On January 16, 2023, over 7 billion spam emails were sent from Russia.
Organized Crime Affiliations
42. An estimated 65% of cybercriminals are thought to be linked to organized crime. Around 15% fall into the “Other” category (e.g., lone wolf attackers).
43. Around 10% of threat actors are end-users (i.e., internal malicious activity within organizations).
44. Between Q1 2023 and Q1 2024, active ransomware groups doubled year-on-year from 29 to 45 distinct groups.
Prevalence of Malware-as-a-Service
45. Lockbit, a ransomware-as-a-service tool, was the most frequently observed ransomware type in 2023. Sophos observed this in 69% of ransomware instance reports.
46. The remote access trojan (RAT) AgentTesla was the most dominant malware-as-a-service in 2023, detected in more than 50% of cases where MaaS was involved.
Methods Used in Cybercrime
The latest cybercrime statistics demonstrate that phishing and malware (including ransomware) remain important elements of the cybercriminal’s playbook.
Phishing and Cybercrime
47. Phishing is the single most common form of cybercrime. An estimated 3.4 billion emails a day are sent by cybercriminals and designed to look like they come from trusted senders (Valimail). This is over a trillion phishing emails per year.
48. In 2023, phishing links or attachments were used in 71.1% of cyber attack incidents. These methods were commonly used to aid initial access to networks or systems.
49. In Q1 2024, 77% of phishing attacks involved cybercriminals impersonating well-known brands.
50. As of Q1 2024, DocuSign was the most impersonated brand for phishing attacks, followed by Microsoft.
51. Sunday is the most popular day for cybercriminals sending phishing emails, accounting for 22% of attacks. Friday is the second most popular, with 19% of attacks.
52. February 9th was the most phished day in 2024, as cybercriminals sought to dupe victims with Valentine-themed attacks.
Malware, Ransomware, and Cybercrime
53. 43% of malware detected in 2023 was “stealer” malware designed to grab credentials, keystrokes, and other data that can be sold or used for further exploitation.
54. In 2023, there was an 80% increase in ransomware activity year-on-year, driven partly by multiple mass exploitation campaigns impacting hundreds of organizations.
55. Between Q1 2023 and Q1 2024 the number of reported ransomware cybercrime victims increased by around 20%.
56. Ransomware prevalence within phishing attack payloads has doubled since 2021. Ransomware now constitutes around a third (32.6%) of phishing attachments.
Online Fraud
57. In 2023, an estimated 2.9% of total e-commerce revenue was lost to payment fraud globally, down from 3.6% in 2022.
58. E-commerce merchants in North America and Europe spend an average of 10% of their revenue on expenses related to managing and reducing payment fraud.
59. In APAC, the amount spent by online retailers on fraud prevention and mitigation is almost 15%. In Latin America, it’s 19%.
Top four fraud attack types reported by merchants globally:
60. Phishing: 43% of merchants have experienced situations where phished card information has been used to make unauthorized purchases at their stores.
61. First-party misuse: e.g., chargeback fraud, where a customer submits a transaction dispute with their payment provider for illegitimate or dishonest reasons.
62. Card or credentials testing: where a criminal tries to determine whether stolen payment details are usable by attempting a purchase.
63. Identity theft: where a cybercriminal leverages a victim’s personal data to open cards and use them.
New and Emerging Cybercrime Techniques
Obfuscation and evasion
64. In Q1 2024, there was a 52.2% spike in cybercrime attacks evading secure email gateway (SEG) detection.
65. 68% of attacks that evade SEG detection also pass essential authentication checks such as DMARC.
66. Obfuscation techniques are used in an estimated 23.5% of attack incidents.
67. In 24% of cybercrime incidents, attackers use valid domain accounts to escalate privileges.
Quishing
68. In Q1 2024, QR code phishing—aka “quishing,” whereby cybercriminals use QR codes to redirect victims to malicious websites—accounted for 10.8% of phishing email payloads. This is up from 0.8% in 2021.
69. In September 2023 alone, there was a 51% increase in quishing compared to the total from January through to August.
Exploitation of stolen cookie information
70. SpyCloud recaptured over 20 billion stolen cookie records in 2023, with an average of more than 2,000 records per infected device.
71. 39% of organizations fail to terminate session cookies on becoming aware of the exposure, and 27% do not routinely review logs for signs of compromise.
Use of AI
72. Just 11% of IT managers currently use AI for cybercrime threat detection, but 56% are optimistic about its use in the future.
73. 63% of cyber security leaders worry about cybercriminals using deepfakes in cyberattacks.
74. 61% of cyber security leaders are worried about cybercriminals using AI chatbots to enhance their phishing campaigns.
Impact of Cybercrime
The global cost of cybercrime is now measured in trillions of dollars. The cost of dealing with cybercrime incidents continues to rise for individual businesses.
Cumulative Global Costs of Cybercrime
75. Cybersecurity Ventures estimates that global cybercrime damage costs for 2024 will amount to USD $9.5 trillion. That’s equivalent to USD $26 billion daily, or USD $18 million a minute.
76. Statista analysis suggests that by 2028, global annual cybercrime costs will be almost USD $14 trillion.
Repercussions of Cybercrime for Organizations
77. According to IBM, the global average cost of a data breach in 2023 was USD $4.45 million, which is 15% more than in 2020.
78. For companies with an annual turnover of less than USD $10 million, the average cost of recovery following a ransomware attack is USD $165,520.
79. In 2021, average ransomware demands were estimated at $220,298, a 43% increase from 2020.
80. 60% of small businesses close within six months of being hacked.
Notable Cases of Financially Motivated Cybercrime
The World’s Largest Cybercrime Botnet
Arrested earlier this year, Yinhe Wang operated the “911 S5’ botnet, a network of malware-infected computers spanning 200 countries. For over a decade, cybercriminals used Wang’s network to steal billions of dollars.
LockBit Mastermind Named
The multi-year extortion spree by ransomware group, LockBit managed to grab an estimated $500 million from its victims. The group’s leader has recently been identified.
REvil Hacker Caught
The REvil gang orchestrated 2500+ attacks, demanding $700 million in ransoms. Here’s how one of its leading affiliates was caught.
Conclusion
Instances of cybercrime—and the costs of dealing with it—are increasing. Criminals are constantly looking for new ways to steal and extort, which means that businesses will always need up-to-date skills to manage new threats.
Cybercrime is big business, and the global dependency on technology guarantees it will only continue to grow.
To learn how to protect your business or pursue a career in cyber security, consider joining the StationX Accelerator Program. Our program offers over 1000 courses and labs, certification preparation, career guidance, and more. Join today as your first step towards an exciting and rewarding cyber security career.
Frequently Asked Questions
Sources:
- APWG: Phishing Activity Trends Report, Q1 2024
- Barracuda: Spear Phishing Top Threats and Trends, Report, 2022
- Basis Theory: Global Payments and Fraud Report, 2023
- Check Point: ‘Shifting Attack Landscapes and Sectors in Q1 2024’, Article, April 2024
- Egress: ‘Key Takeaways from the 2024 Phishing Threat Trends Report’, Article, April 2024
- Egress: ‘Who Are the Top Phishing Targets in an Organization?’, Article, March 2022
- Esentire: ‘CyberCrime to Cost the World $9.5 Trillion USD Annually in 2024’, Article, April 2024
- Guidepoint Security: Annual GRIT Ransomware Report, 2023
- Guidepoint Security: Ransomware Report, Q1 2024
- Help Net Security: ‘Cybercrime stats you can’t ignore,’ Article, May 2024
- IBM: Cost of a Data Breach, Report, 2023
- IT Pro: ‘Cyber Attacks Surged in March…’ Article, April 2024
- Microsoft: The New Future of Work, Report: 2021
- MixMode: Global Cybercrime Report, 2024
- ReliaQuest: Annual Cyber Threat Report, 2024
- SonicWall: Cyber Threat Report, 2024
- Sophos: Threat Report - Cybercrime on Main Street, 2024
- Statista: Estimated Cost of Cybercrime Worldwide 2017-2028, Report, 2024
- Statista: Information Security and Cyber Crime in Russia - Statistics & Facts, April 2024
- SurfShark: Data Breach Monitoring Report, 2024
- University of Oxford: ‘World-First Cybercrime Index Maps the Global Geography of Cybercrime’, Article, April 2024