Cybercrime Statistics [2026]: 500+ Facts & Trends

📊 Key Cybercrime Numbers (2026)

$10.5 trillion. That is the annual global cost of cybercrime in 2026, a figure projected to reach $15.63 trillion by 2029 (Cybersecurity Ventures). The FBI's Internet Crime Complaint Center reported $16.6 billion in losses for 2024 alone, a 33% jump from $12.5 billion the previous year (FBI IC3 2024). Organizations face an attack every 39 seconds, and 95% of breaches are financially motivated (Verizon DBIR 2025).

If cybercrime were measured as a country, its $10.5 trillion economy would rank third globally, behind only the United States ($27T GDP) and China ($18T GDP). The scope of the problem is accelerating: weekly cyberattacks on organizations continue to rise (VikingCloud 2026), US data breaches hit a record 3,322 (Barracuda 2025), and Microsoft processes 600 million+ password attacks per day. Meanwhile, the probability of detecting and prosecuting a cybercrime entity in the US remains a mere 0.05% (WEF 2025).

💰 Data Breach Costs (IBM 2025 vs 2026)

The global average cost of a data breach dropped to $4.44 million in 2025, down 9% from $4.88 million in 2024 (IBM). The decline is largely attributed to widespread adoption of security AI and automation, which saved an average of $1.9 million per breach. Organizations using extensive AI detected breaches 51 days faster and paid $3.62 million per breach versus $5.52 million without AI (IBM 2025).

The average breach lifecycle stands at 241 days (181 days to identify, 60 days to contain). Third-party breaches doubled year-over-year to 30% of all incidents, and supply-chain compromises cost $4.91 million on average. Breaches involving stolen credentials remained the most common vector at 53% of incidents (Verizon DBIR 2025).

Breach Cost by Attack Vector

Ransomware/extortion is the most expensive initial attack vector at $5.08 million per breach, followed by supply chain compromise at $4.91 million and stolen credentials at $4.81 million (IBM 2025). Phishing accounts for 16% of all breaches as an initial vector.

Breaches that take longer than 200 days to resolve cost substantially more than those resolved quickly (IBM 2025). Organizations with an incident response plan save significantly on breach costs. External actors cause the majority of breaches, but third-party supply chain compromises doubled year-over-year to 30% (IBM 2025). The lesson: detection speed and supply chain governance are the two highest-leverage cost reduction strategies.

🌍 Breach Costs by Country (9 Countries Ranked)

The United States leads all countries at $10.22 million per breach, an all-time high and 2.3x the global average. Germany ($6.8M) and France ($5.5M) follow. India ($3.2M) has the lowest cost among tracked nations but also the fastest-growing attack volume with a 24% rise in ransomware (IBM 2025, CERT-In).

Several factors explain the US cost premium: stricter notification requirements, higher litigation costs, larger regulatory fines, and costlier incident response. Germany and France benefit from stronger baseline GDPR compliance but still face rising costs. In APAC, Japan ($4.5M) and Australia ($4.2M) have converged toward the global mean, while India ($3.2M) and Brazil ($4.0M) remain below average but are growing rapidly in attack volume.

Organizations operating across multiple jurisdictions face compounding costs from overlapping regulatory regimes. A breach affecting EU citizens triggers GDPR notification requirements within 72 hours, while US state-level breach notification laws create a patchwork of obligations. For multinational enterprises, a single breach can trigger compliance costs across 5-10 regulatory frameworks simultaneously.

🔒 Ransomware Trends

Ransomware is present in 44% of all data breaches, up from 32% the prior year (Verizon DBIR 2025). Attack volume surged 58% in 2025 (HIPAA Journal). Global ransomware damages are estimated at $57 billion annually, with daily damage reaching $156 million (Cybersecurity Ventures). The median ransom payment is $115,000, but 64% of organizations now refuse to pay (Verizon DBIR 2025).

Double extortion (data exfiltration plus encryption) is now the norm at 87.6% of ransomware claims (Travelers Insurance). Recovery takes a median of 100+ days (Sophos 2024), and the mean recovery cost excluding the ransom is $2.73 million (Sophos 2025). 55 new ransomware-as-a-service families emerged in 2024, a 67% increase (Travelers).

The economics of ransomware heavily favor attackers. The largest single ransom payment in 2024 was $75 million to Dark Angels (ThreatLabZ). Meanwhile, 67% of organizations that paid a ransom were targeted again within 12 months (Fortinet 2024), and layoffs following a ransomware attack affect a significant portion of victim organizations. Backup compromise rates exceed 90% in targeted attacks (Veeam 2024), which explains why organizations paying the ransom often fail to recover all data (Sophos 2025).

Law enforcement involvement makes a measurable difference. IBM reports that organizations involving law enforcement saved on average compared to those handling incidents alone. 64% of organizations now refuse to pay ransom demands (Verizon DBIR 2025), a shift driven by better backups, insurance requirements, and government guidance discouraging payments.

🎣 Phishing & Social Engineering

3.4 billion phishing emails flood inboxes every day. Phishing remains the most common initial attack vector, appearing in 16% of breaches (IBM 2025). AI-generated phishing emails now match or exceed human-crafted ones in effectiveness, with 40% of Q2 BEC emails identified as AI-generated (VIPRE 2024). The median time from email delivery to click is just 21 seconds (Verizon DBIR 2025).

FBI IC3 received 193,407 phishing complaints in 2024. Business email compromise (BEC) losses hit $2.9 billion (FBI IC3). Vishing attacks surged dramatically in 2025 (CrowdStrike), and smishing now accounts for a significant share of mobile-based attacks. Social engineering accounts for 98% of all cyberattacks when combined across vectors (Sprinto).

Phishing Statistics

Social Engineering & BEC

Business email compromise (BEC) remains one of the costliest attack types despite requiring minimal technical sophistication. FBI IC3 BEC losses hit $2.9 billion in 2023 (FBI IC3). BEC attacks increasingly use AI-generated content, with 40% of BEC emails in Q2 2024 identified as AI-crafted (VIPRE). Average BEC losses per incident are substantial, and organizations without phishing-resistant MFA face dramatically higher compromise rates (Arctic Wolf 2025).

Vishing (voice phishing) surged in 2025 (CrowdStrike), driven by AI voice cloning that can replicate a person's voice from just 3 seconds of audio (McAfee 2024). Smishing (SMS phishing) now accounts for a growing share of mobile-based attacks (SentinelOne 2026). The convergence of AI-generated text, voice, and video across phishing, vishing, and smishing creates a multi-channel social engineering threat that traditional email-only defenses cannot address.

🤖 AI-Powered Cyber Threats

AI is reshaping both sides of the cybersecurity battlefield. 66% of organizations expect AI to have the most significant impact on cybersecurity this year (WEF 2025). Shadow AI (unauthorized AI tool usage) is a growing breach vector, adding extra cost to breaches and exposing PII at scale (IBM 2025). Security teams adopting AI tools see 34% lower breach costs and 51 days faster detection.

On the offensive side, AI-generated phishing reduces attack costs by 95% while maintaining high click-through rates (HBR 2024). Deepfake fraud surged in 2024, with the largest deepfake-enabled CFO scam reaching $25 million (CrowdStrike). Gartner projects that GenAI will cause a significant rise in cyberattacks by 2027. Meanwhile, organizations lacking AI governance frameworks remain exposed to model manipulation and data poisoning attacks.

AI Threat Landscape

Deepfake & Synthetic Fraud

Deepfake fraud is one of the fastest-growing threat categories. The largest deepfake-enabled scam in 2024 tricked a finance executive into transferring $25 million via a video call with a deepfaked CFO (CrowdStrike). Deepfake fraud incidents surged (Pindrop 2024), and Deloitte projects GenAI-enabled fraud losses will reach substantial levels by 2027. The deepfake detection market is growing rapidly in response, yet both managers and C-suite executives report being unprepared for deepfake-based attacks (WEF 2025).

🐛 Malware & Threat Landscape

450,000+ new malware samples are detected every day (AV-TEST), bringing the total registered samples to 1.56 billion. 75% of attacks are now malware-free, relying on legitimate tools, stolen credentials, and living-off-the-land techniques (CrowdStrike 2025). SonicWall detected 210,258 never-before-seen malware variants in 2024, an 8% increase.

The eCrime breakout time (time from initial access to lateral movement) dropped to 48 minutes (CrowdStrike 2025). Mobile threats are escalating, with smartphone attacks blocked daily and mobile banking trojans on the rise (Kaspersky 2024). Access broker advertisements on dark web forums continue to grow, enabling less technical actors to launch sophisticated attacks.

Malware Statistics

The shift to malware-free attacks does not mean malware is declining. Rather, attackers now use a dual approach: commodity malware for mass campaigns and living-off-the-land techniques for targeted intrusions. Access brokers on dark web forums sell initial access to compromised networks, enabling even low-skill actors to deploy sophisticated attacks. Mobile malware is a growing vector: banking trojans targeting Android surged (Kaspersky 2024), and mobile-targeted phishing sites reached unprecedented levels (Zimperium 2024).

Zero-Days & Vulnerability Exploitation

Google TAG tracked 75+ zero-day vulnerabilities exploited in the wild in 2024, with enterprise targets increasingly favored over consumer targets. The median time to exploit after disclosure continues to shrink (Mandiant 2025), and the median vulnerability remediation time is 32 days (Verizon DBIR 2025), leaving organizations exposed for weeks.

👤 Identity Theft & Credential Attacks

Stolen credentials are the most common breach vector. 53% of all data breaches involve compromised credentials (Verizon DBIR 2025). Akamai tracks 26 billion credential stuffing attacks per month. Account takeover losses reached significant levels in 2025 (SEON), and infostealer malware surged in 2024 (KnowBe4). Synthetic identity fraud continues to grow as a concern for 67% of organizations (Regula).

MFA adoption remains surprisingly low in enterprise environments (Microsoft 2024), and organizations without phishing-resistant MFA face significantly higher breach rates (Arctic Wolf 2025). SIM swap fraud surged in 2024 (Infisign), and billions of leaked cookies provide attackers with session hijacking opportunities (NordVPN 2025).

The identity attack surface is expanding. Infostealers harvested billions of credentials in H1 2025 alone (SpyCloud). SIM swap fraud surged (Infisign 2024), enabling attackers to bypass SMS-based MFA. Leaked authentication cookies (NordVPN 2025) allow session hijacking without needing passwords at all. Synthetic identity fraud, where attackers combine real and fake data to create new identities, is a growing concern for financial institutions (TransUnion 2024, Regula).

The defensive gap remains wide. MFA adoption in enterprise environments is surprisingly low (Microsoft 2024), and the majority of organizations still lack phishing-resistant MFA such as FIDO2/passkeys (Arctic Wolf 2025). Zero-trust architecture reduces breach costs significantly (IBM 2025), but adoption remains uneven. Until organizations close the credential hygiene gap, stolen credentials will remain the path of least resistance for attackers.

🏥 Industry Impact

Healthcare remains the most expensive industry for data breaches at $11.2 million per incident, 2.5x the global average and 15 consecutive years at the top of IBM's list. Financial services follow at $6.08 million, facing 300x more attacks than other industries (KnowBe4 2025). Small businesses face a different but equally severe threat: 88% of SMB breaches involve ransomware (Verizon DBIR 2025), and 60% fail within six months of an attack (NCSA).

Healthcare

Financial Services

Small & Medium Businesses

Other Industries

Education, manufacturing, critical infrastructure, and retail all face escalating threats. Manufacturing was the top ransomware target in 2024 (Group-IB), driven by operational downtime pressure that makes manufacturers more likely to pay. Critical infrastructure breach costs average $4.82 million (IBM 2025), and ransomware targeting critical infrastructure rose significantly (Verizon DBIR 2025).

Education ransomware attacks surged (Sophos 2025), and the education sector's breach cost is substantial (IBM 2025). Utilities saw a significant increase in ransomware incidents (DeepStrike 2025), reflecting the convergence of IT and OT systems. Retail extortion sites grew as ransomware groups increasingly target consumer-facing businesses with customer data exposure threats (SentinelOne 2025).

Insider Threats

Insider threats remain a costly and persistent challenge. The average insider threat incident costs significant sums to contain, with containment taking weeks (Ponemon 2025). Non-malicious insiders (negligent or compromised employees) account for the majority of insider incidents, and phishing is the primary trigger. Insider threat frequency is increasing across all sectors (Securonix 2025).

👨‍💻 Cybersecurity Workforce & Skills Gap

The global cybersecurity workforce gap exceeds 4 million unfilled positions (ISC2 2024). The active workforce has grown but demand outpaces supply. Job growth in cybersecurity significantly outpaces the broader economy (BLS 2024). Burnout is a critical retention issue: the majority of cybersecurity professionals report experiencing burnout, and the rate increased year-over-year (Sophos 2025).

67% of organizations report a moderate-to-critical skills gap (WEF 2025), and those with the most severe shortages pay a breach cost premium of 17.6% ($5.22M vs $4.44M average, IBM 2025). AI security is the number one skill gap (ISC2 2025), followed by cloud security. Budget constraints remain the top cause of understaffing (ISC2 2024).

Workforce Statistics

Cybersecurity workforce demographics are shifting. Workers under 30 represent a growing but still minority share of the workforce (ISC2 2024). Women in cybersecurity are increasing but remain significantly underrepresented. The attrition rate in cybersecurity exceeds other technology fields (BCG 2024), driven by burnout, on-call demands, and the emotional toll of defending against constant attacks. Retention difficulty is a top concern for hiring managers (ISACA 2024).

Skills Gap

The cybersecurity skills gap is not just about headcount. ISC2 reports that skills shortages now pose a greater organizational risk than staffing shortages (ISC2 2024). AI security, cloud security, and zero trust are the top skill needs (ISC2 2025). Organizations with critical skills gaps pay 17.6% more per breach ($5.22M vs $4.44M), and 87% of organizations attribute at least one breach to the skills deficit (Fortinet 2025). Budget constraints remain the top cause of understaffing.

Salary & Compensation

Cybersecurity salaries remain well above broader IT averages. The US median infosec analyst salary is around $120K (BLS 2024). CISOs command $200K-$350K+ depending on organization size (SentinelOne 2026). UK cybersecurity salaries carry a premium over general IT roles, with London commanding higher rates (Gov.uk 2025). CISSP certification holders earn a significant salary premium (EC-Council 2025).

💵 Security Spending & Market Size

Global cybersecurity spending continues to accelerate. Gartner projects total information security spending will exceed $200 billion in 2025. The cybersecurity market is forecast to reach $271 billion by 2029 at a CAGR of 12-13% (Precedence Research). The US accounts for the largest single market at $80+ billion (Precedence 2025).

Per-employee security spend averages $2,700 (Deloitte 2024), and the majority of CISOs plan to increase budgets next year (PwC 2025). AI-focused security spending is the fastest-growing segment, with the AI cybersecurity market projected to exceed $130 billion by 2030 (VikingCloud).

Overall Spending

Security spending growth consistently outpaces overall IT budgets, reflecting the escalating threat environment. IDC projects double-digit security spending growth through 2028. Per-employee security spend averages $2,700 annually (Deloitte 2024), though this varies widely by industry and organization size. The average SOC budget reaches $14.6 million (KPMG 2024), driven by 24/7 monitoring requirements and the cost of security tools and talent.

Market Segments

The AI cybersecurity market is the fastest-growing segment, projected to grow from $22 billion in 2023 to $60+ billion by 2028 and $133+ billion by 2030 (MarketsandMarkets, VikingCloud). Identity and access management (IAM), zero trust, endpoint protection, and managed detection and response (MDR) are all multi-billion-dollar markets experiencing double-digit growth. Cyber insurance is maturing rapidly, with the global market approaching $20 billion (Munich Re 2024).

⚔️ Cyber Warfare & Nation-State Threats

Nation-state cyber operations intensified in 2024-2025. China-nexus espionage operations surged 150% (CrowdStrike 2025), with new adversary groups emerging targeting telecommunications, government, and critical infrastructure. North Korea's Lazarus Group executed a $1.5 billion cryptocurrency heist against ByBit in 2025. Microsoft tracks 600+ nation-state threat groups. Geopolitical events are now a primary driver of cybersecurity strategy for most organizations (WEF 2025).

Government ransomware attacks continue to cause significant downtime and cost. Taiwan faces 30+ million daily cyberattacks (CSIS 2024). Election interference via DDoS and disinformation remains an active threat vector (Cloudflare 2024, Tidal Cyber).

Nation-State Threat Actors

The four primary nation-state cyber adversaries are China, Russia, North Korea, and Iran. China focuses on espionage and intellectual property theft, with a 150% surge in operations (CrowdStrike 2025). North Korea uniquely combines state espionage with financial theft, stealing $1.5 billion in a single cryptocurrency heist (Lazarus/ByBit 2025). Russia-nexus groups focus on disruptive attacks and election interference. Iran targets regional adversaries and critical infrastructure.

Government Cybersecurity Spending & Impact

Governments are increasing cybersecurity budgets in response to escalating nation-state threats. The US civilian cybersecurity budget and DoD cyber budget both reflect federal prioritization. The UK, Australia, and EU have all committed significant multi-year funding. Yet government ransomware attacks continue: ransomware hit government organizations at high rates (Sophos 2024), and downtime costs for US government agencies are substantial (Comparitech).

Election security is a growing focus. Tidal Cyber identified multiple state-backed threat actors targeting election infrastructure in 2024. Cloudflare reported significant DDoS attacks against US election infrastructure. Government encryption rates in ransomware attacks remain concerning, as attackers successfully encrypt government data a majority of the time (Sophos 2024). Recovery costs for government organizations are high, reflecting bureaucratic procurement processes and legacy IT systems.

🛡️ Privacy & Regulation

Cumulative GDPR fines have exceeded $5 billion since enforcement began (DLA Piper 2026). Breach notifications continue to rise year-over-year. Over 160 countries now have data protection laws (Greenleaf 2025), and AI governance is the newest regulatory frontier. Organizations failing compliance add significant costs to their breach expenses (IBM 2025).

CISOs increasingly cite regulatory fragmentation as a top challenge (WEF 2025). Shadow AI governance gaps expose organizations to data compromise: organizations without AI upload controls or governance frameworks face higher breach costs. Privacy spending delivers positive ROI, with organizations seeing 1.6x+ returns on privacy investments (Cisco 2025).

AI governance is emerging as the next major regulatory frontier. Organizations without AI upload controls, approval workflows, or adversarial AI testing face higher breach costs and data compromise rates (IBM 2025). The EU AI Act, US executive orders on AI safety, and sector-specific AI guidance from financial regulators are creating a new compliance layer that security teams must navigate alongside existing GDPR, CCPA, HIPAA, and PCI DSS obligations.

☁️ Cloud Security

Cloud intrusions increased 75% year-over-year (CrowdStrike 2024). Misconfiguration remains the leading cause of cloud breaches, with Gartner projecting 99% of cloud security failures through 2025 will be the customer's fault. Multi-cloud adoption continues to rise, creating complexity in security management. Hybrid cloud environments face breach costs of $4.97M (IBM 2025).

Kubernetes security incidents affected the majority of organizations using containers (Red Hat 2024), with misconfiguration as the primary cause. Cloud credential incidents rose significantly (CrowdStrike 2024). Organizations with breaches spanning multiple environments face the highest costs at $5M+ (IBM 2025).

The shift to multi-cloud environments adds complexity. Organizations running workloads across 3+ cloud providers face significantly higher breach costs than single-cloud or on-premises operations (IBM 2025). Kubernetes-specific security incidents are particularly concerning: the majority of organizations running containers experienced security incidents, with misconfiguration as the primary root cause (Red Hat 2024). Container security and CNAPP (Cloud-Native Application Protection Platform) are the fastest-growing cloud security market segments.

Human error remains the dominant cause of cloud security failures. Gartner projects that through 2025, 99% of cloud security failures will be the customer's fault, not the provider's. Exposed cloud resources, misconfigured storage buckets, and overly permissive IAM policies continue to be the most exploited cloud attack vectors. Organizations with hybrid cloud environments face breach costs near the global average, while those spanning multiple environments pay the highest premiums (IBM 2025).

📱 IoT Security

IoT attacks surged 107% in 2024 (SonicWall). Connected IoT endpoints are projected to reach 29+ billion by 2027 (Statista). 98% of IoT traffic is unencrypted (Palo Alto Networks). Medical device security is a critical concern: 99% of healthcare organizations have devices with known exploited vulnerabilities (Claroty 2025), and medical imaging devices frequently run unsupported operating systems.

OT and ICS environments face mounting ransomware threats, with ICS vulnerabilities rising in H2 2024 (Nozomi). Unmanaged devices remain a primary ransomware entry point (Microsoft 2024). Router vulnerabilities continue to be a significant discovery vector (Forescout 2025).

The convergence of IT and OT (Operational Technology) networks creates new attack surfaces. ICS (Industrial Control Systems) vulnerabilities rose in H2 2024 (Nozomi), and OT ransomware surged in 2025. Manufacturing, energy, and utilities sectors are particularly exposed. Medical devices present a critical risk in healthcare: imaging systems running unsupported operating systems cannot be easily patched, and 99% of healthcare organizations have at least one device with known exploited vulnerabilities (Claroty 2025).

Consumer IoT devices are increasingly weaponized. Google discovered the BadBox botnet compromising millions of Android-based devices (2025). 98% of IoT traffic remains unencrypted (Palo Alto Networks), meaning intercepted data is immediately readable. Router vulnerabilities are a growing discovery target, with Forescout finding critical flaws in widely deployed enterprise and consumer models. The IoT attack surface will continue expanding as connected endpoints approach 29+ billion by 2027 (Statista).

🇺🇸 Country Data: United States

The United States has the highest average data breach cost globally at $10.22 million, an all-time high (IBM 2025). US data breaches hit a record 3,322 in 2025, up 4% year-over-year (Barracuda). The FBI IC3 received 859,532 complaints in 2024, with total losses of $16.6 billion. Investment fraud ($6.57B) and BEC ($2.9B) were the costliest categories.

The US cybersecurity market exceeds $80 billion (Precedence 2025), accounting for the largest share of global spending. North America holds the dominant market share. The US civilian cybersecurity budget and DoD cyber budget both reflect federal prioritization of cyber defense. California alone accounted for the highest state-level FBI IC3 losses.

🇬🇧 Country Data: United Kingdom

The UK faces a significant cybercrime burden. Large businesses report the highest breach rates, followed by medium and small businesses (Gov.uk 2025). The UK government invested heavily in cybersecurity as part of its national cyber strategy. London commands premium cybersecurity salaries, and the cyber salary premium over general IT roles reflects sustained demand.

The UK Cyber Security Breaches Survey (Gov.uk 2025) reveals a clear size-based vulnerability gradient. Large businesses face the highest breach rates, followed by medium and small enterprises. The UK's National Cyber Strategy drives continued government investment. The cybersecurity salary premium over general IT roles reflects persistent demand for skilled professionals, with London commanding the highest rates in the country (Gov.uk 2025).

🌐 Country Data: Global & Regional

Cyber threats are global but impact regions differently. The APAC region has a significant unfilled cybersecurity roles gap (ISC2 2024) and a growing market (FBI/industry). Africa and Latin America report the lowest cyber confidence levels (WEF 2025-2026). The Middle East, Japan, Germany, and Brazil all have billion-dollar cybersecurity markets and face distinct threat profiles.

India faces a 24% rise in ransomware (CERT-In) and projected weekly attack volumes continue to climb (SentinelOne 2026). Singapore is increasing its cyber budget (Sophos 2025). Taiwan faces an extraordinary volume of daily cyberattacks (CSIS 2024), primarily attributed to Chinese state actors.

Regional cybersecurity maturity varies enormously. Africa and Latin America report the lowest confidence in national cyber resilience (WEF 2025-2026), reflecting gaps in regulation, workforce, and infrastructure investment. The Middle East cybersecurity market is growing rapidly, driven by digital transformation and nation-state threat awareness. Japan's market reflects the country's advanced digital economy and proximity to China-nexus threats. Germany and Brazil both have billion-dollar security markets growing at double-digit rates, yet face distinct threat profiles rooted in their industrial bases and regulatory environments.