Cybercrime Statistics 2025 (U.S. & Worldwide)

It’s common knowledge that cybercrime is evolving as fast as technology.

We have researched and gathered the following cybercrime statistics from the past few years up to the most recent facts about this ever-growing problem.

cybercrimes were already increasing before the pandemic, but since 2019, statistics show that the whole world was impacted by COVID-19, which also resulted in skyrocketing cyber attacks and online scams.

What Constitutes Cybercrime?

Honestly, there are so many things that can qualify as cybercrime, but we will go over the basics so you have an idea of what it is, and the activities that qualify as cybercrimes.

Basically, cybercrimes are anything that is done illegally and that impacts security in the cyber world.

Here are some examples:

• Account breaches that compromise data and information.
• Malware attacks like ransomware attacks, phishing, etc.
• Identity theft, or any fraudulent impersonations of companies, entities, or individuals.
• Digital currency scams, cryptojacking, crypto mining, etc.
• Data compromise that may include data manipulation, loss, or theft.

There are other forms of cyber-related crimes that are not categorized in the short list above, but we want to get into these statistics as this is our topic of the day.

Let’s talk about cybercrime.

Key Cybercrime Statistics 2025

• 95% of all cybercrime and security breaches are due to human error.
• 95% of all records breached in 2016 were from only three sectors.
• 10% of data breaches were espionage-related and  motivated, and 86% were motivated by money.
• The FBI reported that there was a 300% increase in cybercrime reports since the COVID-19 pandemic.
• Experts expect cybercrime damages to reach $10.5 trillion per year by 2025.
• Global cyber security spending is expected to reach $170.4 billion by 2022.
• A mere 5% of all company folders are effectively protected.
• The most malicious of all malware file types that are sent through email is .exe.
• As of May 2022, 64% of Americans have never checked their system to find out if it’s been attacked.
• In 2020, 48% of all malicious email attachments were sent as Microsoft Office files.

Detailed Cybercrime Statistics 2025

In this first section of detailed statistics, we will provide a few general cybercrime facts.

You may find some of these somewhat concerning, while others will seem extremely concerning.

1. 95% of All Cybercrime and Security Breaches Are Due to Human Error.

If this statistic is true, most cybersecurity breaches are happening because of human error.

That means it’s unintentional, but also that the people it’s happening to are not as knowledgeable as they should be about cybersecurity and cybercrime.

The truth is that hackers and cyber criminals will try to enter your company’s network through its weakest link.

That means they avoid going through the IT department in companies where they have one.

They literally and intentionally target innocent, unaware workers to get their feet in the door.

2. 95% of All Records Breached in 2016 Were from Only Three Sectors.

The three industries where records breaches were the worst were retail, technology, and government.

That doesn’t offer us much hope on the cybercrime front, but it’s obviously well-known by cyber criminals and hackers.

It’s like they know the most vulnerable industries to attack.

Also, the retail, government, and technology sectors usually have the most high-level personal identifiable information (PHI), making these sectors wildly popular targets for cybercrimes.

3. 10% of Data Breaches Were Espionage-Related and Motivated, and 86% Were Motivated by Money. 

According to statistics from Verizon research, money-motivated data breaches are much more common than espionage-motivated breaches.

That includes factors like grudge-related, just for fun, ideology-centric, and conventional go-to motives like hacking movies.

While it’s more fun and interesting to watch a movie or television show where espionage is at the center of cybercrimes, that aspect of cybercrime isn’t as massive as financially-motivated breaches.

Financially-motivated cybercrimes regarding data breaches account for 86% of cybercrimes, while only 10% are related to espionage.

4. The FBI Reported that There Was a 300% Increase in Cybercrime Reports Since the COVID-19 Pandemic.

COVID-19 was bad enough with the lockdowns and halt to virtually everything across the globe without the added issue of 300% more cybercrimes being reported.

Hackers and cyber criminals leveraged the pandemic for their own agenda by attacking vulnerable company networks when office workers were forced to work at home.

In June 2020 alone, 12,377 COVID-19-related scams were reported to the FBI.

They said that this was only a fraction of all the cybercrimes reported in June.

As more workers were moved to working at home, more hackers and cybercriminals found their vulnerabilities and took advantage of them.

5. Experts Expect Cybercrime Damages to Reach $10.5 Trillion per Year by 2025.

This damage estimation is based on historical figures related to year-over-year cybercrime numbers.

They expect to see a massive increase in hostile cyber criminals and gang hacking endeavors.

The costs of these damages will include elements such as stolen funds, data destruction, theft of intellectual properties, financial data theft, fraud, embezzlement, forensic investigations, post attack business disruptions, hacked data deletion, and other damage to systems and reputations.

Cybercrime Statistics Worldwide 2024

In this section, we will discuss global data and facts about cybercrime.

Remember, cybercrime technically has no specific location, other than those chosen by cyber criminals.

It can happen anywhere and anytime on the globe.

6. In 2017, Statistics Showed that There Will Be 300 Billion Passwords Used and At Risk by 2021.

Today, over 300 billion passwords that are being used are at risk for cybercrimes.

Also, due to poor or reused passwords, a Verizon Data Breach Report says that 80% of all data breaches occur.

Surprisingly, because companies are using email to share passwords, which isn’t the most secure way to do so, they are making it easy for hackers to get in.

Thanks to all these factors combined, 15 billion logins are running around on the dark web.

7. Global Cyber Security Spending Is Expected to Reach $170.4 Billion by 2022.

The report stated that during 2017 and 2021, spending on cyber security services and products would reach over $1 trillion.

That’s a bundle of money over five years.

In 2019 alone, they predicted that cybersecurity costs would grow to $124 billion and then $170.4 billion by the end of 2022.

As statistics are showing, hacking, and other cybercrimes are on the rise.

That means that businesses and individuals will be spending billions cumulatively as cybercrime waves continue.

8. In The First Six Months of 2019, 4.1 Billion Records Were Reported as Compromised and Exposed. 

One study revealed that over 3,800 publicly reported data breaches caused 4.1 billion records to be compromised in the first six months of 2019.

In only 8 breaches, 3.2 billion records were exposed, which accounts for the largest of them all.

That one incident happened at Verifications.io, which is an entity that approves email addresses for its third-party clients.

The one single breach was wildly massive and exposed billions of names, emails, and other PHI because of an openly accessible unsecured database.

9. In 2020, 88% of Global Organizations Suffered Spear Phishing Attempts. 

In case you don’t know what spear phishing is, here is the definition: A fraudulent method of sending emails from what looks like a trusted sender that targets specific groups or persons within a company.

This activity is more often simply called phishing.

A study showed that 49% of American employees couldn’t correctly answer questions about phishing.

German employees who would recognize a phishing email accounted for 66% of those surveyed.

10. A Mere 5% of All Company Folders Are Effectively Protected. 

Unfortunately, companies are failing to update, upgrade, or maintain security protocols for their company’s folders.

Due to this neglect, statistics say that only a minuscule number of American companies are effectively taking the proper security precautions to protect their files.

If you own a business, these statistics should alarm you enough to act to protect your own company folders.

By not staying on top of your company’s files and folders security, you are leaving your own data, plus PHI of clients or other confidential data at risk.

11. 62% of All American Organizations Have Experienced Phishing and Social Engineering Cyber Attacks. 

Recent statistics revealed that 62% of U.S. companies suffered phishing or social engineering cyber attacks in 2020.

Experts in cyber security say that staff training is a company’s first line of defense, especially when it involves the cybercrime of phishing, which often occurs due to human error or lack of knowledge.

Businesses also need to stay on top of new security protocols and use multifactor authentication for all passwords.

Since working at home has become more prominent among office workers post-pandemic, there needs to be higher levels of care in security.

12. The Most Malicious of All Malware File Types that Are Sent Through Email Is .Exe.

An .exe file is an executable file on computer systems. If you get an .exe attachment in your email at work, you need to scan it to check it for malware.

Do not click on attachment emails unless they are from an actual person you work with and you are expecting it.

Even then, you need to run a malware and virus scan on the attachment first.

The malware that can be sent in an .exe file include ZBOT, DUNIHI, and CRILOCK which is definitely spam and likely malware that will impact your computer or your entire network if someone opens it.

Other file types that can be malware include, SCR, PDF, VBS, DO, SlS, RTF, JPEG, and ZIP. Yes.

These can look like benign regular attachments, but don’t be fooled and become one of the many cyber crime statistics.

Cybercrime & Data Breach Stats 2024

As we have already mentioned, there are several types of cybercrimes that can occur.

Data breaches happen to be one of the most common, so we will use this section to help you better understand this cybercrime.

13. Ransomware Attacks Occur Every 14 Seconds to Businesses.

This means that no business is immune, and that every 14 seconds a company is likely to fall victim to a ransomware attack.

Hackers are out there, as we all know, and they are attacking people around every 30 seconds at least.

The smaller your company, the more likely you are to have a ransomware attack.

Companies with between 1 and 250 employees are at the highest risk of being targeted by hackers and cyber criminals.

To put things into perspective, small businesses are targeted for malicious emails at 1 in every 323 businesses.

14. More than 500 Million Online Gamers Have Experienced Data Breaches Over the Last 5 Years. 

Online gaming is a huge industry, and is one of the easiest ways that hackers get into a computer or a network.

One-half billion gamers have had their data compromised just in the past 5 years. Believe it or not, that’s just a small taste of how bad this problem is.

The only information we can gather comes from sources that get it from data breaches being reported.

That’s the problem.

Only about one-quarter of data breaches are reported to the appropriate authorities.

15. Data Breaches Cost Worldwide Companies Nearly $4 Million in 2019.

In 2019, it was reported that the average cost of global data breaches was $3.92 million. In 2020, that figure was a bit lower, at $3.86 million.

However, there isn’t much difference in costs, since both years cost companies nearly $4 million each.

The average data breach incident cost $8.64 million in 2020, which accounted for a 5.49 million increase over 2019.

21% of the manufacturing and financial services sectors have had their data exposed, which is the highest among all industries.

16. 56% of All Americans Don’t Know how To Handle a Data Breach.

While this may seem shocking to those in the IT industry, it’s not out here in the real world where people aren’t trained to handle data breaches.

However, there are 44% of Americans that do know what to do in case of data breaches.

If you don’t know what to do, you should look it up and learn how to protect yourself at home, and your company’s files at work.

Companies should be training their employees to learn more about data breaches so they happen less due to lack of knowledge.

Email attachments are often the biggest issue.

17. Uber, One of A Few Companies, Tried but Failed to Keep Data Breaches Quiet. 

Over the past 10 years, a few big companies have tried, but failed to keep their data breaches out of the news.

About 5% of organizations that have tried to keep data breaches from going public.

Of this 5%, Uber was one of them in 2016. Uber is a good example of how not to handle data breaches.

In 2016, more than 57 million rider and driver records were breached in a cyber attack by Uber.

Instead of coming forward and admitting their wrongdoing in poor security solutions and how they would work to fix them, they chose to pay off cyber criminals.

They paid the criminals off to delete the data that had been stolen by them, while trying to keep the data breach under the radar.

This ordeal backfired on them and it was discovered, which created many PR issues for Uber.

It cost them millions of dollars to repair their reputation on top of the pay-off to the criminals.

18. It’s Not Uncommon for It to Take Over 200 Days to Discover a Data Breach.

This means that hackers have access to a network for 200+ days before any breach or cyber attack is discovered.

The average number of days reported for companies to discover breaches is 205 days.

This data comes from 12 months of investigation by the Mandiant team.

It was reported that less than 31% of companies found out about an internal breach in 2014.

Furthermore, 69% of companies were told by a third-party that they had been hacked.

The only good news to come out of the years 2012 to 2014 is that the average number of days until a company discovered a breach went from 243 in 2012, to 229 in 2013, and it dropped again in 2014 to 205.

Hopefully, we will find out that there is new technology that helps businesses discover data breaches much faster now.

19. As Of May 2022, 64% of Americans Have Never Checked Their System to Find out If It’s Been Attacked. 

So, not only do 64% of Americans have no idea what to do if they experience a data breach, another 64% don’t even check their systems for attacks.

Anti-malware and anti-virus software should be running to find any kind of potential breach or cyber attack, but they either don’t have it on their computer, or they just don’t run it.

It’s not that antivirus and anti-malware applications can catch every breach, but they can find them later, if not sooner than without it.

It’s one of the things you can do to prevent data breaches.

20. 3 Billion Records Were Lost in The Biggest Data Breach of All Time at Yahoo. 

Yes. In case you never knew about this historic and record-breaking data breach of Yahoo that occurred in 2013, 3 billion records were compromised in the attack.

Leaked customer information was accessed from more than 3 billion Yahoo user accounts.

The good news is that the data that was stolen didn’t include bank account numbers, payment data, or unhashed passwords.

It was bad enough that more than 3 billion user accounts were compromised without it being confidential data.

Cybercrime by Type in 2025

We have covered a lot of ground already in this article on statistics, but we will address them now by type.

This will include mobile, malware, ransomware, spear-phishing, cryptomining, viruses, and more.

21. Data from 2019 Shows that The Average Cost of Ransomware Attacks Accounted for $133,000.

Among smaller businesses, the average cost per ransomware attack came to $713,000.

That is much higher than the costs incurred by larger organizations.

In 2021, the worldwide total cost of ransomware attacks came to $20 billion.

According to FinTech data, the average ransomware payments rose to $233,817 in 2020.

However, due to the companies’ refusal to be extorted, there was a decrease in the last quarter of 2020 to $154,108.

22. In 2020, 48% of All Malicious Email Attachments Were Sent as Microsoft Office Files.

This means that almost half of all malicious attachments sent in emails were in Microsoft Office formats.

This included Word, Excel, and PowerPoint, the top three most popular used for malicious attachments.

Unfortunately, 38% of spear-phishing attacks by cybercriminals are done so through malicious Office files they have created for their purposes.

The next most popular delivery method, at 37%,  are archived file types like .jar and .zip.

23. Oddly, 69% of Companies Don’t Think the Threats They See Can Be Blocked by Their Installed Antivirus Programs. 

If a business thinks its antivirus isn’t effective enough to catch viruses or other malware types, it’s time to bring in some experts to evaluate your network.

This is the best way to make sure your security protocols are doing their job.

Businesses have a huge legal responsibility and duty to comply with government (local, state, and federal) regulations regarding online security and cyber security protocols.

However, it’s smarter to go above and beyond to do your best to protect your clients.

24. Roughly 1 out Of Every 13 Web Requests Leads to Malware.

You may not see that as much of a threat, but you would be surprised at how much damage such a threat can impose.

You need to know that approximately 20% of malicious domains are brand new and are live for a week after they are registered.

This is a scary and concerning statistic that you need to address at home and in the workplace.

While there are some protections in your browser settings that will protect you from malicious domains, they are still registered as legitimate domains.

25. 1 out of 36 Smartphones Have a High-Risk App on Them. 

Data from Symantec’s 2019 Internet Security Threat Report, 1 out of every 36 smartphones have at least one high-risk app on them.

Yes, they are installed on the phones. Usually, they are utility apps or gaming apps. They go undetected and unnoticed because of their generic names.

This is one of the reasons to take great care about what you download and install on your smartphone.

In September 2021, Android users found themselves having to manually delete 16 malicious (infected) apps from their phones.

26. 90% of Remote Code Execution Attacks Are Linked to Cryptomining. 

This is one example of how remote workers are at risk of cyber attacks.

Unfortunately, remote code execution attacks are trending and quite popular among today’s cyber criminals.

Remote code execution is web-shell-driven, which allows cyber attackers to steal data from its servers and then leverage that server for further malicious intents such as deployment of more payloads and lateral movement.

27. According to Verizon’s Data Breach Report, 92% of Malware Is Still Being Delivered as Emails. 

92% is a large percentage of malware to experience in emails in this day and age.

How do we not have the technology to put an end to cybercrime?

It seems like as quickly as technology evolves, so do cyber criminals.

Phishing is the most common method of cyber attack used against email users.

They count on receivers being unaware of this kind of malicious attack, so they trick them into thinking they are getting an email from their bank, or someone else demanding a payment.

They can look quite real, but there are ways you can tell. It’s crucial to start training workers on how to recognize phishing emails.

28. 19 DDoS Attacks Happen Each Minute, According to 2020 Data.

DDoS is short for distributed denial of service In 2020, over 10 million DDoS attacks happened, which accounts for about 19 events per minute.

About 30% of DDoS attacks come from China, and 22% from the United States, which shows their ranks at first and second.

In 2019, 53% of companies suffered DDoS attacks. Distributed denial of service attacks intentionally disrupt the company’s internet services.

Cybercriminals can render a network or a single machine unavailable to its users.

29. In 2021, 5,200 cyber attacks occurred on IoT devices each month.

IoT devices stand for the “internet of things” devices, which are non-standard, hybrid computing devices that are capable of connecting to wireless networks.

An average of 5,200 cyber attacks impacted IoT devices each month in 2021.

Since these hybrid IoT devices are being used more and more, this is one of the more concerning statistics we have gathered.

The biggest reason that this is such bad news is that it means cyber criminals are getting better at their methods of hacking and attacking devices.

30. In 2018, Malicious Power Shell Scripts Blocked at The Endpoint Rose by 1,000%.

PowerShell is a Microsoft configuration management and task automation program that is used to build, test, and implement solutions.

Its most dynamic aspect is its command line shell and scripting language.

The sheer magnitude of the increase in PowerShell malware attacks shows that cyber criminals pose a threat to anything that can connect to the internet, hardwired or wirelessly.

These perpetrators seem to be able to get past so many obstacles, that it’s frightening.

FAQs

Conclusion

Now that you have detailed statistics to consider for 2025, you can move forward with more knowledge. What you do with this knowledge is ultimately up to you.

For instance, will you take the opportunity to learn more about spear-phishing emails and malicious email attachments?

After reading all these facts and stats, you should better understand the seriousness of cybercrime, and how it can affect anyone, anywhere, at any time.

Cybercrimes are most often perpetrated on small businesses and work-at-home networks, but they also impact large companies and even individuals.

We also now know that financially beneficial cybercrimes occur a lot more than those that involve espionage.

Those statistics make sense with greedy cyber criminals hacking and attacking small businesses to get information that will set them up financially.

These criminals hope they won’t get caught.

Unfortunately, sometimes they aren’t.

What do you think should be done about cybercrime today?

There are laws across the world that govern cybercrimes, but if the criminals aren’t found, nothing happens to them.

Hopefully, we will see less cybercrime and more solutions to cybercrime in technology.

What we do know is that cybercriminals seem to catch up to new technology fast. What we need is technology that fights back.

Sources

2019 Symantec Internet Security Threat Report	AIS Cyber Security Compliance	Cloudwards
CNBC	Cyber Security Ventures	Cyber Security Ventures
Cyber Security Ventures	Cybint Solutions	Cypress Data Defense
Embroker	FBI	Findstack
Firewall Times	Graphus	High Speed Options
Ian Research	Info Security Magazine	Proof Point
Purple SEC US	Security Boulevard	Security Today
Stickman Cyber	Termly.io	Threat Cop
Toolbox	Varonis Blog	Varonis Blog
Verizon	VPN Compass	Web Tribunal