The threat of cybercrime continues to escalate. Enormous financial losses have resulted from various cybercrimes, including data breaches, ransomware attacks, and even romance scams. This article explores the cost of cybercrime, drawing on data from the latest threat reports.

In this article, you will discover:

  • Key cybercrime cost statistics, such as total losses over the past five years

  • The global financial impact of ransomware and phishing attacks

  • The most profitable cryptocurrency heists to date

  • The extent of corporate spending on data privacy

  • And much more

Let's dive in and explore these critical aspects of the cybercrime landscape.

Key statistics about the cost of cybercrime

This overview presents key figures and trends in cybercrime costs. Learn about the growing financial burden individuals and organizations worldwide face due to scams and data breaches.

IC3 losses 2018-2022

  • In 2022, the FBI's Internet Crime Complaint Center (IC3) received 800,944 cybercrime reports. This marked a 5% reduction from the year before. However, the potential total loss rose from $6.9 billion in 2021 to over $10.2 billion in 2022. [FBI]

  • The global cost of cybercrime was estimated at $8.4 trillion in 2022, $11 trillion in 2023, and $20 trillion by 2026. Cybercrime costs include data loss and recovery, stolen funds, data security, lowered productivity, and more. [Statista]

  • In 2021, the average expense for handling an internal threat was $15.4 million worldwide for organizations. [Ponemon Institute]

  • In 2022, the average cost of a data breach reached a record high of $4.35 million. [IBM]

  • Below are the top ten US states most affected by cybercrime, ranked by victim loss:

    1. California — $2.01B

    2. Florida — $844M

    3. New York — $777M

    4. Texas — $763M

    5. Georgia — $322M

    6. New Jersey — $284M

    7. Illinois — $266M

    8. Pennsylvania — $250M

    9. Alabama — $247M

    10. Arizona — $241M [FBI]

  • The most costly cybercrime types in 2022 included:

    1. Investment — $3.31B

    2. BEC — $2.74B

    3. Tech Support — $806M

    4. Personal Data Breach — $742M

    5. Confidence/Romance — $735M

    6. Data Breach — $459M

    7. Real Estate — $396M

    8. Non-Payment/Non-Delivery — $281M

    9. Credit Card/Check Fraud — $264M

    10. Government Impersonation — $240M [FBI]

  • Cybercrime-related losses were highest among victims over 60, totaling $3.1 billion. However, most complaints (94k) came from individuals aged 30-39, who experienced comparatively lower losses — $1.3 billion. [FBI]

Cybercrime losses by age group 2022

Ransomware attacks

Despite a decrease in the total amount of money taken, ransomware attacks remain a serious threat. The average payments have risen sharply, and overall costs are projected to increase in the future. These cybercrime cost statistics provide a snapshot of recent trends and figures related to ransomware attacks.

Total ransoms paid 2017-2022

  • In 2022, ransomware attackers extorted at least $456.8 million from their victims, a significant decrease of 40.3% from the $765.6 million in 2021. This decline is likely because victims are less willing to pay ransoms rather than a decrease in the number of attacks.

    1. 2022 — $457M

    2. 2021 — $766M

    3. 2020 — $765M

    4. 2019 — $174M

    5. 2018 — $43M

    6. 2017 — $46M [Chainalysis]

  • The number of victims willing to pay ransoms has significantly dropped: in 2022, 41% of victims paid, compared to 76% in 2019. [Coveware]

  • Even with fewer victims making payments, the average ransom payment increased from $50,000 at the end of 2019 to over $400,000 by the end of 2022. [Coveware]

  • The median ransom payment in the last quarter of 2022 was $185,972, a 342% increase from the third quarter of the same year. [Coveware]

  • It's projected that the total cost of ransomware will surpass $42 billion by the end of 2024 and will exceed $265 billion by 2031. This cost includes data damage and destruction, stolen funds, lost productivity, theft of intellectual property, and more. [Cybersecurity Ventures]

  • The average cost of recovering from a ransomware breach in 2022, excluding the ransom payment, was $4.54 million. [IBM]

  • The Irish healthcare system suffered a Conti ransomware attack resulting in around $100 million in damages and weeks of service disruption at hospitals. Despite the attackers demanding a $20 million ransom, Ireland refused to pay, which harmed the Conti brand. [Deep Instinct]

  • In response to the "Conti Leaks" in April 2022, the FBI offered $10 million for information on the members of the Conti group. The group later split into smaller factions. [Deep Instinct]

  • The LockBit ransomware group carried out several attacks in the final quarter of 2022. They targeted the Asian Reinsurance Corporation, the Port of Lisbon, the UK Royal Mail, Continental, the Wabtec Corporation, and Pendragon. Tens of thousands of dollars (Asian Reinsurance Corporation), $1.5 million (Porto de Lisboa), and even $60 million (Pendragon) were demanded as ransom. [Avast]

  • In 2022, the LockBit ransomware group demanded the largest known ransom of $60 million, although higher demands have been reported. [Malwarebytes]

  • In April 2022, a US healthcare conglomerate with 65 hospitals and 450 healthcare facilities suffered a ransomware attack, leading to an estimated loss of $100 million in revenue and mitigation expenses. [SonicWall]

  • In 2021, 67% of companies affected by ransomware reported losses between $1 million and $10 million. [Cybereason]

  • In 2021, 4% of businesses impacted by ransomware estimated their losses between $25 million and $50 million. [Cybereason]

  • The number of victims paying $1 million in ransoms tripled in 2021 (11%) compared to 2020. [Sophos]

  • The manufacturing and production sector saw the highest average ransom payments in 2021, with an average of $2.04 million. [Sophos]

Phishing scams

This section provides an overview of the prevalence and impact of phishing attacks, including the rise of wire transfer BEC attacks, significant losses reported, and a high-profile case involving the theft of non-fungible tokens (NFTs).

  • Phishing was one of the most common methods of cybercrime in 2022, with breaches costing an average of $4.91 million. [IBM]

  • Approximately 93% of breaches involved phishing attacks. [Cofense]

  • In 2022, Business Email Compromises (BECs) were responsible for billions in global losses, affecting 90% of the victims worldwide. BECs are phishing attacks where criminals try to trick organizations into transferring funds or disclosing sensitive information. [Cofense]

  • Wire transfer BEC attacks saw a 59% increase in the third quarter of 2022 compared to the second quarter of the same year. However, the average sum requested in the third quarter was $93,881, a 14% decrease from the second quarter average of $109,467. [APWG]

  • In 2022, the IC3 received 21,832 BEC complaints, with adjusted losses exceeding $2.7 billion. [FBI]

  • From 2018 to 2022, BECs led to $43 billion in exposed losses. [Abnormal Security]

  • Attackers using phishing techniques stole over $1.7 million in non-fungible tokens (NFTs) from 17 users by impersonating OpenSea. [Cofense]

Cryptocurrency

As the crypto market experienced investor withdrawal, cybercriminals intensified their efforts, leading to record-breaking losses through theft and investment fraud. These statistics about the cost of cybercrime explore the magnitude of these heists, the emergence of advanced malware targeting cryptocurrencies, and the significant impact on the industry.

Costliest crypto heists of 2022

  • The ten largest crypto heists in 2022 include:

    1. Ronin Network (Axie Infinity) – $620 million stolen

    2. Poly Network – $610 million stolen

    3. Binance – $570 million stolen

    4. Coincheck – $547 million stolen

    5. MT Gox – $470 million stolen

    6. FTX – $415 million stolen

    7. Wormhole – $326 million stolen

    8. KuCoin – $281 million stolen

    9. Gate.io – $234 million stolen

    10. PancakeBunny – $200 million stolen [Comparitech]

  • As investors pulled back from the crypto market in 2022, cybercriminals increased their efforts, resulting in a record-breaking year in cryptocurrency heists, with an estimated total of $3.56 billion. [SonicWall]

  • Cryptocurrency investment fraud surged from $907 million in 2021 to $2.57 billion in 2022, a 183% increase. [FBI]

  • By November 2022, the ViperSoftX information stealer and its VenomSoftX payload had stolen over $130,000 in cryptocurrency. This figure only accounts for funds sent to crypto wallets and does not include potential earnings from other activities. [Avast]

  • In January 2022, cybercriminals stole over 500 cryptocurrency wallets (valued at more than $30M) through data breaches. [SonicWall]

  • The Headcrab malware, a botnet primarily focused on mining Monero, appears to be highly effective. Researchers estimate that each infected endpoint could generate around $4,500 per year. [SonicWall]

  • In October 2022, Binance announced the theft of two million BNB coins. The exploit allowed attackers to mint new coins without impacting user funds. In effect, the attackers created approximately $568 million in BNB coins for free. [Avast]

Privacy spending

The growing concern for data privacy and security has led to a substantial increase in spending on privacy protection across companies of all sizes. In 2022, organizations prioritized investing in privacy measures, with smaller companies experiencing the most significant growth in spending. Here’s a summary:

  • In 2022, average spending on privacy protection per company reached $2.7 million, a substantial increase from $1.2 million just three years prior. [Cisco]

  • The most notable growth from 2021 to 2022 took place in smaller organizations:

    1. 50-249 employees: spending rose 17%, from $1.7 million to $2.0 million.

    2. 500-999 employees: spending increased over 13%, from $2.3 million to $2.6 million.

    3. 1000+ employees: spending remained relatively stable, between $2.8 million and $3.7 million. [Cisco]

  • The estimated value of privacy-related benefits also saw a significant rise this year. The average estimate grew more than 13%, from $3.0 million last year to $3.4 million, with considerable gains across various organization sizes. [Cisco]

Google vulnerability reward program

Google's commitment to ensuring the security of its platforms was evident in 2022, with the tech giant distributing millions of dollars in rewards through its Vulnerability Reward Program. Here are the latest statistics about the cost of cybercrime on this front:

  • In 2022, Google distributed over $12 million in bounty rewards through its Vulnerability Reward Program. [Google]

  • The Android Vulnerability Reward Program had a record-breaking year in 2022, providing $4.8 million in rewards, including the largest payout in Google VRP history at $605,000. [Google]

  • Chrome VRP also had an unmatched year, obtaining 470 valid and distinct security bug reports, leading to $4 million in VRP rewards. [Google]

Other statistics about cybercrime costs

Here’s a highlight of statistics about various cybercrimes, including banking trojans, investment scams, ad fraud, the industries most affected, and the financial impact on victims.

  • Emotet, a banking trojan first detected in 2014, was propagated through spam campaigns imitating financial statements, transfers, and invoice payments. By 2022, it had caused approximately $2.5 billion in losses. [Deep Instinct]

  • Backdoor access to compromised corporate networks typically sells for $5,000-$10,000 on the dark web, while a single credit card goes for under $10. [IBM Security]

  • The average cost of utilizing an info stealer is around $250 per month, with users responsible for deploying their chosen malware, such as spyware, adware, or keyloggers. [IBM Security]

  • In 2022, investment scams represented the most expensive scheme reported to the IC3. Investment fraud complaints rose from $1.45 billion in 2021 to $3.31 billion in 2022, a 127% increase.

  • Illegal call centers defraud thousands of victims annually, with two types of fraud reported to the IC3 (Tech/Customer Support and Government Impersonation) accounting for over $1 billion in losses. [FBI]

  • Call centers predominantly target older people, with disastrous consequences. About 46% of victims are over 60, experiencing 69% of the losses (over $724 million). [FBI]

  • Between 2020 and 2025, the healthcare industry is projected to spend $125 billion on cybersecurity. [Cybersecurity Ventures]

  • In April 2021, hackers infiltrated the US's Colonial Pipeline. They used a VPN without multi-factor authentication. This led to a $5 million Bitcoin payment to restore access. [Reuters]

  • By 2024, ad fraud is anticipated to cause global losses of $100 billion. [Juniper Research]

  • Ad fraud costs the worldwide digital advertising sector $51 million daily. [Bloomberg Law]

  • The average cost of a data breach in the financial services sector stands at $5.85 million, making it one of the most expensive across all industries. [Varonis]

  • As of September 2022, around 6.61 million Australian dollars had been lost to online shopping scams in Australia. In 2021, over eight million Australian dollars were reported as losses due to such scams. [Statista]

  • Australia's economy experiences a $42 billion annual loss because of cybercrime. [UNSW Canberra]

Sources

  1. 2022 Interim Cyber Threat Report — Deep Instinct

  2. 2022 Ransomware Attack Report — BlackFog

  3. 2023 ANNUAL STATE of EMAIL SECURITY REPORT — Cofense

  4. Avast Q4/2022 Threat Report — Avast

  5. 2023 STATE OF MALWARE — Malwarebytes

  6. 2023 SonicWall Cyber Threat Report — SonicWall

  7. Worldwide cryptocurrency heists tracker — Comparitech

  8. X-Force Threat Intelligence Index 2023 — IBM Security

  9. Improved Security and Backups Result in Record Low Number of Ransomware Payments — Coveware

  10. PHISHING ACTIVITY TRENDS REPORT Q3 2022 — APWG

  11. Internet Crime Report 2022 — FBI

  12. H1 2023 EMAIL THREAT REPORT — Abnormal Security

  13. 2023 Data Privacy Benchmark Study — Cisco

  14. Vulnerability Reward Program: 2022 Year in Review — Google

  15. 2023 Crypto Crime Report — Chainalysis

  16. Cybercrime To Cost The World $10.5 Trillion Annually By 2025 — Cybersecurity Ventures

  17. Global Ransomware Damage Costs Predicted To Exceed $265 Billion By 2031 — Cybersecurity Ventures

  18. One password allowed hackers to disrupt Colonial Pipeline, CEO tells senators — Reuters

  19. Estimated cost of digital ad fraud worldwide from 2018 to 2023 — Statista

  20. 2021 DATA RISK REPORT — Varonis

  21. Estimated cost of cybercrime worldwide from 2016 to 2027 — Statista

  22. Money loss from online shopping scams reported in Australia from 2015 to 2022 — Statista

  23. Amount of monetary damage caused by reported cyber crime to the IC3 from 2001 to 2022 — Statista

  24. Ransomware: The True Cost to Business 2022 — Cybereason

  25. The State of Ransomware 2022 — Sophos

  26. How Cybercriminals Are Stealing Your Ad Dollars — Bloomberg Law

  27. Cybercrime an estimated $42 billion cost to Australian economy — UNSW Canberra

  28. 2022 Cost of Insider Threats Global Report — Ponemon Institute 

Editor image

Octav Fedor (Cybersecurity Editor)

Octav is a cybersecurity researcher and writer at AntivirusGuide. When he’s not publishing his honest opinions about security software online, he likes to learn about programming, watch astronomy documentaries, and participate in general knowledge competitions.

TABLE OF CONTENTS