Home › Articles › Cybercrime Statistics 2026

50+ Cybercrime Statistics You Need to Know (2026)

Last updated: April 3, 2026 · 18 min read · Sources: IBM, FBI IC3, Verizon DBIR, Cybersecurity Ventures, Ponemon Institute

Cybercrime continues to grow at an alarming rate, affecting businesses and individuals across every industry. Whether you are a journalist writing about data breaches, a security professional building a business case, or someone who wants to understand the threat landscape, these statistics paint a clear picture of where we stand in 2026.

We have compiled over 50 cybercrime statistics from authoritative sources including IBM's Cost of a Data Breach Report, the FBI's Internet Crime Complaint Center, Verizon's Data Breach Investigations Report, and Cybersecurity Ventures. All statistics are cited with their original sources.

Global Cybercrime Overview
Data Breach Costs
Ransomware Statistics
Phishing Statistics
Identity Theft Statistics
Password Breach Statistics
Malware Trends
Most Targeted Industries
Detection & Response Times
Future Projections
FAQ

Global Cybercrime Overview

$10.5 Trillion Projected annual global cost of cybercrime by 2025, up from $3 trillion in 2015 (Cybersecurity Ventures)

Cybercrime damages are projected to hit $10.5 trillion annually by 2025, making it the third-largest "economy" in the world behind only the US and China. (Cybersecurity Ventures, 2023)
The FBI's IC3 received 880,418 complaints in 2023, with reported losses exceeding $12.5 billion, a 22% increase from 2022. (FBI IC3 Annual Report 2023)
There is a cyberattack every 39 seconds on average, affecting one in three Americans each year. (University of Maryland / Clark School)
Global cybersecurity spending is expected to exceed $215 billion in 2025, yet attack volumes continue to outpace defensive investments. (Gartner, 2024)
59% of organizations experienced a material cybersecurity incident in the past 12 months, up from 53% the year prior. (Ponemon Institute, 2024)
Cybercrime as-a-service (CaaS) operations grew by 40% in 2024, lowering the barrier to entry for amateur threat actors. (Europol IOCTA, 2024)

Data Breach Costs

$4.88 Million Average total cost of a data breach in 2024, the highest figure ever recorded (IBM / Ponemon)

The average cost of a data breach reached $4.88 million in 2024, a 10% increase over 2023 and the largest single-year jump since the pandemic. (IBM Cost of a Data Breach Report, 2024)
Healthcare remains the costliest industry for breaches at $9.77 million per incident, more than double the global average. Healthcare has held this position for 14 consecutive years. (IBM, 2024)
The average cost per breached record is $165, with healthcare records averaging $614 per record. (IBM / Ponemon, 2024)
Breaches involving stolen or compromised credentials cost an average of $4.81 million and took the longest to identify and contain (292 days). (IBM, 2024)
Organizations using AI and automation in security saved an average of $2.22 million per breach compared to those without. (IBM, 2024)
The US has the highest average breach cost at $9.36 million, followed by the Middle East ($8.75M) and Canada ($5.13M). (IBM, 2024)
Mega-breaches (50 million+ records) cost an average of $375 million, underscoring the exponential cost curve of large-scale incidents. (IBM, 2024)

Weak passwords cause 80% of breaches. A password manager generates and stores unique, unbreakable passwords for every account.

Read Our 1Password Review

Ransomware Statistics

$5.13 Million Average cost of a ransomware attack, not including the ransom payment itself (IBM, 2024)

Ransomware attacks affected 66% of organizations in 2023, consistent with the two previous years despite increased investment in defenses. (Sophos State of Ransomware, 2024)
The average ransom payment rose to $2 million in 2024, a 500% increase from the $400,000 average in 2023. (Sophos, 2024)
Ransomware victims paid out over $1.1 billion in ransom in 2023, a record high despite law enforcement disruptions. (Chainalysis, 2024)
The average downtime from a ransomware attack is 24 days, causing massive operational losses beyond the ransom itself. (Coveware, 2024)
Only 8% of organizations that paid a ransom recovered all of their data. The median recovery was just 65% of encrypted data. (Sophos, 2024)
Double extortion (encrypting data + threatening to leak it) is now used in 70%+ of ransomware attacks, putting additional pressure on victims to pay. (Zscaler ThreatLabz, 2024)
Small businesses (under 1,000 employees) account for 43% of ransomware victims but are least prepared to recover. (Verizon DBIR, 2024)

Phishing Statistics

36% Percentage of all data breaches that involve phishing (Verizon DBIR, 2024)

Phishing remains the top initial access vector, involved in 36% of all data breaches according to Verizon's analysis of 30,000+ incidents. (Verizon DBIR, 2024)
The FBI received 298,878 phishing complaints in 2023, more than any other cybercrime category. (FBI IC3, 2023)
Business email compromise (BEC) caused $2.9 billion in losses in 2023, the most financially damaging form of phishing. (FBI IC3, 2023)
AI-generated phishing emails have increased click-through rates by 40% compared to traditional phishing, as they eliminate telltale grammatical errors. (SlashNext, 2024)
The average cost of a phishing attack for a mid-sized company is $4.76 million. (IBM, 2024)
Employees click on approximately 1 in 6 phishing emails (17.8%) that arrive in their inbox. (Proofpoint, 2024)
Mobile phishing (smishing) attacks increased 140% year-over-year in 2024, exploiting smaller screens and SMS trust. (Lookout, 2024)

Identity Theft Statistics

1.4 Million Identity theft reports filed with the FTC in 2023, the third-highest year on record (FTC, 2024)

There were 1.4 million identity theft reports filed with the FTC in 2023, down from the pandemic peak but still well above pre-2020 levels. (FTC Consumer Sentinel, 2024)
Consumers lost $10 billion to fraud in 2023, the highest figure ever reported to the FTC, a 14% increase from 2022. (FTC, 2024)
The median individual loss from identity theft is $500, but 14% of victims report losses exceeding $10,000. (FTC, 2024)
New account fraud (opening accounts in someone else's name) increased by 36% in 2024, driven by synthetic identity techniques. (Javelin Strategy, 2024)
The average identity theft victim spends 200+ hours resolving the issue, including dealing with credit agencies, banks, and law enforcement. (ITRC, 2024)
Adults aged 30-39 are the most targeted age group for identity theft, accounting for 24% of all reports. (FTC, 2024)
Credit card fraud is the most common type of identity theft at 40% of all reports, followed by government document fraud (19%). (FTC, 2024)

1.4 million identity theft reports were filed last year. Identity monitoring services detect fraud before it destroys your credit and finances.

Read Our Aura Review

Password Breach Statistics

80% Percentage of hacking-related breaches that involve brute force or stolen credentials (Verizon DBIR)

80% of hacking-related breaches involve brute force or the use of stolen credentials, making passwords the weakest link in security. (Verizon DBIR, 2024)
Over 24 billion username/password pairs are available on the dark web, a fourfold increase from 2020. (Digital Shadows, 2024)
The most common password in 2024 is still "123456", used by over 4.5 million accounts in leaked databases. (NordPass, 2024)
65% of people reuse passwords across multiple accounts, and 13% use the same password for everything. (Google / Harris Poll, 2024)
Multi-factor authentication (MFA) blocks 99.9% of automated attacks, yet only 28% of users enable it on their accounts. (Microsoft, 2024)
Credential stuffing attacks (using leaked passwords on other sites) increased 65% in 2024, directly targeting password reuse. (Okta, 2024)
It takes less than 1 second to crack a 7-character password with modern hardware, compared to 3,000 years for a 16-character passphrase. (Hive Systems, 2024)

Malware Trends

Over 560,000 new malware samples are detected every day, totaling more than 1.3 billion known malware programs. (AV-TEST Institute, 2024)
Infostealer malware (targeting passwords, cookies, and session tokens) grew 266% in 2024, becoming the fastest-growing malware category. (IBM X-Force, 2024)
94% of malware is delivered via email, reinforcing the importance of email security and anti-phishing tools. (Verizon DBIR, 2024)
Fileless malware attacks (living-off-the-land techniques) account for 40% of all malware incidents, evading traditional antivirus solutions. (Trend Micro, 2024)
Mobile malware attacks increased 50% in 2024, with banking trojans and spyware leading the threat landscape on smartphones. (Kaspersky, 2024)
Supply chain attacks (compromising software vendors to reach their customers) increased 430% since 2021. (Sonatype, 2024)

560,000 new malware samples appear daily. Real-time antivirus protection is your first line of defense.

Read Our Norton 360 Review

Most Targeted Industries

Some industries face disproportionately higher cybercrime costs and attack frequency. Here are the most targeted sectors, ranked by average breach cost:

Healthcare: $9.77 million average breach cost. Electronic health records are worth 10-40x more than credit card numbers on the dark web. (IBM, 2024)
Financial Services: $6.08 million average breach cost. Banks and insurers face the highest volume of credential-based attacks. (IBM, 2024)
Pharmaceuticals: $5.01 million average breach cost. Intellectual property theft and clinical trial data are high-value targets. (IBM, 2024)
Technology: $5.00 million average breach cost. Source code, customer data, and API keys are frequently targeted. (IBM, 2024)
Energy: $4.72 million average breach cost. Critical infrastructure attacks have geopolitical implications and often involve state-sponsored actors. (IBM, 2024)
Education: $3.65 million average breach cost. Universities hold vast personal data and research IP but often run underfunded security programs. (IBM, 2024)

Detection & Response Times

258 Days Average time to identify and contain a data breach (IBM, 2024)

The average time to identify a breach is 194 days, and the average time to contain it is an additional 64 days, totaling 258 days. (IBM, 2024)
Breaches contained in under 200 days cost $3.93 million on average, compared to $4.95 million for breaches taking longer than 200 days. (IBM, 2024)
Organizations with incident response teams and tested plans save an average of $2.66 million per breach. (IBM, 2024)
Only 33% of breaches were identified by the organization's own security team. 27% were disclosed by the attacker (often in ransomware scenarios). (IBM, 2024)
AI-assisted detection reduced the average breach lifecycle by 108 days compared to organizations without AI security tools. (IBM, 2024)

Future Projections & Emerging Threats

AI-powered attacks are expected to become the norm by 2027, with deepfake voice and video used in social engineering attacks increasing 3,000% since 2023. (World Economic Forum, 2024)
The global cybersecurity workforce gap stands at 4 million professionals, meaning demand far outstrips the supply of skilled defenders. (ISC2, 2024)
Quantum computing could break current encryption standards within 10-15 years, prompting NIST to release post-quantum cryptography standards in 2024. (NIST, 2024)
IoT-connected devices will exceed 30 billion by 2027, each one a potential attack surface with historically weak security. (Statista, 2024)
Cyber insurance premiums increased 50% in 2023-2024, with some insurers refusing coverage for organizations lacking basic security hygiene. (Marsh McLennan, 2024)
By 2026, 70% of boards of directors will include at least one member with cybersecurity expertise, up from 30% in 2022. (Gartner, 2024)

Frequently Asked Questions

How much does cybercrime cost the world each year?

Cybercrime is projected to cost the global economy $10.5 trillion annually by 2025, according to Cybersecurity Ventures. That figure has grown from $3 trillion in 2015 and $6 trillion in 2021. The cost includes data destruction, stolen money, lost productivity, theft of intellectual property, fraud, post-attack disruption, forensic investigation, and reputational harm.

What is the most common type of cybercrime?

Phishing is the most common type of cybercrime, accounting for approximately 36% of all data breaches according to Verizon's Data Breach Investigations Report. The FBI's Internet Crime Complaint Center (IC3) receives more phishing complaints than any other category, with over 300,000 phishing reports filed in 2023 alone. Business email compromise (BEC) causes the highest financial losses per incident.

How can individuals protect themselves from cybercrime?

The most effective individual protections are: using a password manager to generate unique passwords for every account (eliminating password reuse, the #1 cause of account takeovers), enabling multi-factor authentication on all accounts, using identity theft monitoring to catch fraud early, keeping software updated, and using antivirus software with real-time protection. Studies show that multi-factor authentication alone blocks 99.9% of automated attacks.

Protect Yourself From the Statistics Above

The numbers are clear: cybercrime is growing, credentials are the #1 target, and most people are under-protected. These three tools cover the biggest gaps in personal security.

Best Password Manager Best Antivirus Best Identity Protection

We earn a commission if you purchase through our links, at no extra cost to you.

Methodology: All statistics in this article are sourced from published reports by IBM, FBI, Verizon, Cybersecurity Ventures, Ponemon Institute, Sophos, and other reputable cybersecurity research organizations. We update this page as new reports are released. If you cite these statistics, please link back to this page.