top of page

27 New Cybercrime Statistics for 2025: What the Numbers Mean (and What to Expect in 2026)

The cyber threat landscape has continued to accelerate in 2025. Attackers are learning to monetize low-cost techniques at scale, use identity-driven strategies, and weaponize AI, while victims struggle to defend themselves. In this post are 27 data-backed statistics from 2024–2025 that summarize where cybercrime is concentrated today and what organizations must know to prepare for next year. We cite the most authoritative, recent sources for the stats that follow.

 


gold piggy bank - the high cost of cybersecurity, especially when it fails
Cybersecurity costs money. A lot of money. But failure to invest means failure to protect your valuable data. And that costs even more.

 

 

Top Cybercrime Statistics of 2025

 

 

  1. Reported losses exceeded $16 billion in 2024. The FBI’s Internet Crime Complaint Center (IC3) recorded roughly $16–$16.6 billion in reported losses for 2024, a sharp increase from the prior year and a sign that low-tech frauds (such as investment scams, phishing, and BEC) remain extremely lucrative. (Axios)


  2. The estimated global economic cost of cybercrime in 2025 is ~$10.5 trillion. Industry modeling projects total annualized costs (direct and indirect) to the global economy to be in the trillions as adversaries scale operations and the attack surface grows. (Accenture)


  3. A large and growing share of attacks are ‘malware-free’ and identity-driven. Studies in 2024–2025 show that most intrusions detected were malware-free, relying instead on credential theft, phishing, and “hands-on-keyboard” activity. One synthesis of 2024–25 findings reports malware-free detections at roughly 79% in many datasets. (Morgan Lewis)

 

 

Attack Vectors, Tactics and Trending Methods

 

hacker mask - attack vectors are scaling up

  1. Credential abuse dominates breach patterns. In the 2025 Data Breach Investigations Report (DBIR), credential theft and misuse appear across the most common breach scenarios, particularly in web application attacks and cloud incidents. Many reported web-app breach patterns involved stolen credentials. (Verizon)


  2. Attack paths are short and effective. Analysis shows that a meaningful portion of attack chains contain three steps or fewer, and up to 90% of organizations are exposed to at least one attack path. This means one simple misconfiguration or stolen credential set can rapidly escalate into full compromise. (Microsoft)


  3. Interactive, hands-on intrusions rose significantly. “Hands-on-keyboard” intrusions, where attackers manually operate inside networks after gaining access, rose notably in 2024–2025, outpacing many commodity malware campaigns. (Privacy Matters)


  4. Infostealers and MaaS (Malware-as-a-Service) remain highly prevalent. Reports highlighted specific infostealers (for example, Lumma Stealer) as top threats in late 2024–2025, used to harvest credentials and crypto-wallet data for resale. (Microsoft)

 

 


tl:dr


Cybercrime is accelerating across every industry in 2025, with attacks growing more targeted, more automated, and far more expensive. Ransomware demands are rising, AI-generated phishing is up more than ever, insider threats continue to increase, and attacks on cloud storage and collaboration platforms have become a primary entry point for breaches. Supply-chain compromises, deepfake-enabled fraud, and credential-based intrusions are now among the fastest-growing threats.


The data shows a clear shift: cybercriminals are focusing on the weakest points in hybrid workflows—file sharing, cloud storage misconfigurations, and unsecured messaging. Organizations that fail to harden these areas are experiencing the highest breach costs and longest recovery times.

Looking ahead to 2026, we can expect:


·      AI-scaled cyberattacks to multiply

·      More attacks on collaboration ecosystems and shared data

·      Increasing regulatory pressure and mandatory reporting laws

·      Higher-value targeting of small and mid-sized organizations

·      A widening gap between prepared and unprepared companies

 

To stay ahead, organizations must evolve from perimeter security to zero-trust collaboration, encrypt data end-to-end, and eliminate blind spots in storage, sharing, and messaging workflows.

 

Ready to harden your data workflows?

 

Explore Gold Comet’s fully encrypted, zero-trust collaboration platform at goldcomet.com.




Ransomware and Extortion

 

silver case with money for ransom and extortion payment
This is not where you want your operating capital and profits to go.

  1. Ransomware continues but payment dynamics are shifting. Recent industry summaries show ongoing high ransomware volumes in 2025, combined with an uptick in extortion-only attacks (data leak threats without encryption) and continued pressure on organizations to pay to avoid publication of stolen data. (Fortinet)

 

  1. A growing share of ransomware attacks are ‘double extortion’ or data-only extortion. Operators increasingly threaten leak sites and dox instead of or in addition to encrypting systems. This increases reputational damage risk even when backups exist. (Bright Defense)

 

  1. Recovery from encrypted incidents is getting harder. Industry reporting indicates lower backup recovery rates and longer recovery times in some sectors, increasing the overall impact of ransomware events. (Bright Defense)

 

 

 

Fraud, Scams, and Losses (U.S.)

 

  1. Investment frauds and crypto scams led monetary losses. In the FBI’s 2024 report, investment fraud (including crypto schemes) accounted for the largest total losses—more than $6.5 billion, followed by BEC (Business Email Compromise) losses in the billions. (Axios)


  2. Older adults were disproportionately harmed. Victims 60+ submitted the highest number of complaints and suffered large aggregate losses (several billion dollars), highlighting targeted social-engineering campaigns. (Axios)


  3. Complaint volume remained high—near 860,000 reports. The U.S.-centric IC3 reporting shows complaint volumes in the high hundreds of thousands, indicating both widespread attack activity and underreporting as a continuing problem. (Internet Crime Complaint Center)

 

 

  

Industry and Sector Impacts


supply chain railroads, power and phone lines - interconnectivity at risk of cybercrime disruption
Supply chain interconnectivity is at constant and increasing risk of disruption. How secure is yours?

  1. Manufacturing, healthcare, and critical infrastructure remain favored targets for extortion. Ransomware and extortion actors continue to pressure sectors where operational disruption yields higher leverage for payment. (Bright Defense)


  2. Cloud incidents often trace back to identity and access weaknesses. Many cloud-related incidents in 2024–2025 involved identity-based intrusions through compromised credentials or misconfigured access controls. (Morgan Lewis)


  3. Third-party and supply-chain risk continues to cause major incidents. Breaches often propagate through vendor relationships, making supplier data security posture management a central control for enterprise risk control. (Verizon)

 

 

Human Factors and Social Engineering

 

  1. Phishing / spoofing remain the most-reported complaint types. As inexpensive and high-return attacks, phishing dominates complaint counts and remains the top entry vector for many larger intrusions. (Axios)


  2. Business Email Compromise (BEC) remains a high-dollar threat as well. BEC scams continue to drive multi-million-dollar losses for companies, illustrating the need for stronger payment controls and multi-step verification for data and funds transfers. (Axios)


  3. Human error and poor identity hygiene accelerate incidents. Studies and incident triage consistently show weak MFA adoption, credential reuse, and improper access rights as major contributors to successful attacks. (Microsoft)

  

 

Technology Trends and AI

 

working on computer amid interlocking gears - illustrating the vulnerabilities of hybrid communication across networks

  1. Adversaries are adopting AI to scale phishing and misinformation. Multiple intelligence reports in 2024–2025 document nation-state and criminal groups using generative AI to craft targeted lures, deepfakes, and automated social engineering at scale. (AP News)



  2. Attack automation and access brokering continue to expand. The underground market for access (initial access brokers) and automated tooling means fewer skills are required to launch damaging intrusions, raising the floor for adversary capability. (Morgan Lewis)


  3. Identity-based intrusions account for a growing share of cloud compromises. Research in 2024–2025 shows identity misuse in a large portion of cloud incidents, often tied to stolen credentials or misconfigured tokens. (Morgan Lewis)

 

 

Detection, Response, and Resilience

 

  1. Many organizations report more frequent threats but slower improvements in remediation capacity. In broad resilience surveys, roughly 70%+ of organizations reported rising threats year-over-year, while a portion noted capacity gaps in responding to advanced incidents. (Accenture)


  2. Short attack paths and exposed accounts mean defenders must prioritize identity protections. Given that many attack chains are short and often begin with credential compromise, identity protection (MFA, credential hygiene, conditional access) yields outsized defensive value. (Microsoft)

 

  1. Public reporting and leak-site activity increase reputational risk even for non-encrypted incidents. Data extortion without encryption is designed to harm reputation and force negotiations; organizations must treat these threats with the same urgency as classic ransomware. (Bright Defense)

 

 

 

 Visibility, Reporting, and Undercounting

  

  1. Actual economic impact is likely substantially higher than reported figures. Law enforcement and industry reports repeatedly warn that a large share of cybercrime goes unreported (especially in B2B breaches and ransomware where companies fear reputational damage), meaning published loss figures are conservative. (Reuters)


eyes with spectral colors representing visibility and reporting

  

  1. Journalists, researchers and defenders use aggregated threat reports as early warning, so sharing sanitized telemetry helps the whole ecosystem. The quality and timeliness of industry reports (DBIR, Microsoft, CrowdStrike, vendor surveys) improved in 2024–2025, helping defenders prioritize controls, especially those involving identity, backups, and detection. (Verizon)

 

 


What These 27 Stats Mean

 

  • Identity is the new perimeter. A consistent theme: stolen credentials and identity misuse power a large share of breaches across web apps, cloud services, and email. Prioritize MFA, posture management, and role-based access.



  • Ransomware remains a reputational as well as an operational threat. Even when backups work, data extortion and leak sites multiply the damage.



  • AI is a force-multiplier for attackers. Generative tools make social engineering more believable and easier to create and scale, pushing defenders to improve verification workflows and behavioral analytics.



  • Underreporting masks the true scale. Public figures are serious but conservative; enterprises are often more concerned about reputational damage and customer backlash, so many incidents are never divulged in official tallies.

  

 

What to Expect in 2026

 


crystal ball with foliage background - expectations for 2026


  1. Identity-first attacks will escalate. Expect adversaries to invest further in identity theft, credential stuffing, and compromised session exploitation. Organizations that lag on MFA and identity governance will see disproportionate impact.

 

  1. AI-powered social engineering will become widespread. Phishing and deepfake-driven frauds will increase the success rate of targeted scams, forcing tighter verification for high-risk transactions.

 

  1. More extortion-only and multi-vector campaigns. Attackers will continue favoring flexible extortion models and will combine DDoS, doxing, and legal pressure tactics.

 

  1. Regulatory pressure and reporting requirements will increase. Governments and regulators will push for stricter incident reporting and supply-chain controls, making transparency and documented security posture central to vendor relationships.

 

  1. A bifurcation in defender outcomes. Organizations that invest in identity-first defenses, rapid detection, and tested recovery plans will see far lower impact than peers who rely on legacy controls.

 

 

 Practical Takeaways for Security Leaders

 

  • Make MFA + conditional access non-negotiable for every privileged account.

  • Treat data extortion as a first-class incident type. Prepare PR, legal, and containment plans.

  • Assume attackers will use AI and adapt phishing training and transaction verification accordingly.

  • Share sanitized telemetry with trusted industry partners and participate in threat intel sharing.

  • Focus on shortening detection-to-containment times. Short attack paths need fast response.

 

 

Sources and Further Reading

 

  • FBI / IC3 Annual Internet Crime Report 2024. (Internet Crime Complaint Center)

  • Verizon 2025 Data Breach Investigations Report (DBIR). (Verizon)

  • Microsoft Digital Defense Report 2025. (Microsoft)

  • CrowdStrike Global Threat Report 2025 summaries. (CrowdStrike)

  • Accenture / State of Cybersecurity Resilience 2025 (economic impact modeling). (Accenture)

  • Industry ransomware summaries (Sophos/aggregators referenced in 2025 ransomware overviews). (Bright Defense)



 


outdoor library signage - Gold Comet's newly updated Resources Library is open!

TAKE A MOMENT TO JOIN OUR NEWLY UPDATED GOLD COMET RESOURCE LIBRARY!


Click the Library Tab in the main menu above or click the Account button to get started!


Lots of informative material from our own expertise and research as well as curated content from cybersecurity industry authorities.


Our resources will be updated on an ongoing basis - so come back often!


Comments

bottom of page