Home » Cybersecurity » Cyberlaw » 33 Alarming Cybercrime Statistics You Should Know in 2019

33 Alarming Cybercrime Statistics You Should Know in 2019

by Casey Crane on November 15, 2019

If you’re looking for the most up-to-date cybercrime statistics, you’ve certainly come to the right place. (We really like our numbers around here.)

For businesses and organizations, cybercrime is all
encompassing — and its collective impact is staggering. Not only does
cybercrime leave a mark financially, but it also has a significant impact on an
organization’s services, reliability, and reputation in the eyes of the public,
shareholders, and even your own employees.

In this article, we’ll break down what cybercrime entails
and take a look at some of the most notable cyber crime statistics and trends
for 2019. We’ll also dive into some of the trends and stats the experts are
pointing to for 2020 and the next few years to come.

Let’s hash it out.

What we’re hashing out…

Sponsorships Available

What is Cybercrime?

Also called computer crime, the term “cybercrime” is very broad term and represents a wide variety of criminal activities that are conducted by using and/or targeting a computer or related system. Merriam-Webster defines cybercrime as: “: criminal activity (such as fraud, theft, or distribution of child pornography) committed using a computer especially to illegally access, transmit, or manipulate data.”

This type of definition now
includes virtually any type of electronic devices. Cell phones. Cameras. IoT
devices. Servers and databases. The list goes on and on.

Some cybercriminals conduct
their business via the dark web but not all. Some choose to use more public
channels such as social media. And, certainly, the examples listed in this
definition are not exhaustive. There are many other examples of cybercrime,
including:

ransomware attacks,
malware attacks,
crypto mining, cryptojacking, and
other digital currency scams,
identity theft, or impersonating
another person or company,
stealing, leaking or
manipulating data, information, or intellectual property,
violating privacy,
human and sex trafficking, and
selling weapons or drugs online.

There are certainly other types
of cybercrimes to include on this list. But we know you’d jump right into the
cybercrime statistics info.

With that in mind, here’s our
list of the top cybercrime statistics we’ve collected for the year 2019.

Cybercrime Statistics: How Much Money are Cybercriminals Making?

Cybercrime represents the fastest-growing types of crime in
the United States — and the world as a whole. Not only are the cyber attacks that
fall within this category growing in number, but they’re also increasing in
both size and sophistication. This results in an increasingly large price tag
for governments, businesses, and organizations of all sizes. It also means
business is booming for cybercriminals.

In our previous article on cybercrime statistics in 2018, we discussed a six-month study by Bromium, an endpoint security company, and cybercrime researcher Dr. Michael McGuire. The report, titled “Into the Web of Profit,” examines the new platforms used by cybercriminals in the flourishing cybercrime economy. This year, the company released another report “Social Media Platforms and the Cybercrime Economy,” and it serves as the next chapter in the Into the Web of Profit series. Only this time, it examines the role social media platforms play in the world’s cybercrime economy.

We’ll cover some statistics from both of these reports —
along with others from many reputable organizations, companies, and government
institutions — throughout this article.

1 — The cybercrime industry generated at least $1.5
trillion in revenue in 2018 (and that’s a conservative estimate!)

The first cybercrime report by Bromium and McGuire estimates that cybercrime created more than $1.5 trillion in profits in the year 2018 alone. However, it’s critical to note that McGuire openly admits that those estimates may not paint a complete picture — that the estimates are conservative, and the numbers may actually skew higher.

But even if we were just to go by this number, it’s terrifying to think of just what that entails. If cybercrime was a country, it would rank 13th in terms of its GDP when considering the most recent (2018) GDP data from the World Bank. This would place it firmly between the Republic of Korea, which currently has a GDP of $1.6 trillion, and Australia, which has a GDPR is a little more than $1.4 trillion.

2 — Social media-enabled cybercrimes generate $3.25+
billion in global revenue per year

The social media-focused research from Bromium and McGuire indicates
that social media plays a growing role in perpetuating cybercrime. According to
the research, social media-enabled crimes generate at least $3.25 billion to
the growing cybercrime economy each year.

To put that in perspective, that’s nearly the net worth of movie mogul Steven Spielberg, whose net worth is estimated to be $3.6 billion, according to The Forbes 400 list for 2019.

3 — Social media contributes to the sale of stolen
personal data in an underground economy that’s now worth about $630 million per
year

It’s no secret that cybercriminals use the dark web and other
various channels to engage in criminal activities. But did you know that these
actors use social media to steal your personal information? As far as
cybercrime statistics go relating to social media, Bromium’s study data
indicates that between 45% to 50% of all illicit trading of personal information —
this includes everything from stolen credit card info to usernames and
passwords — can be traced back to breaches of social media platforms.

4 — $76 billion of the cybercrime economy involves
Bitcoin

Bitcoin definitely appears to be the reigning champion when it comes to being the favorite cryptocurrency of cybercriminals. A research study from two universities in Australia indicates that “around $76 billion of illegal activity per year involves bitcoin (46% of bitcoin transactions), which is close to the scale of the US and European markets for illegal drugs.”

5 — 4.1 reported records exposed in the first half of
2019

Risk Based Securit y reports that in the first six months alone, 4.1 billion records were exposed via data breaches in 2019. Now, keep in mind, this number doesn’t even include data breaches that went unreported or undiscovered. This means that there could potentially be millions more exposed records that we just don’t know about. Not very comforting, is it?

But with these cybercrime stats in mind, what are some of
the statistics of cybercrime relating to how they perform their attacks?

There are numerous types of cyber attacks that criminals are
using to achieve their goals. These types of attacks range include everything
from hacking and phishing to distributed denial of service, SIM-swapping, and
ransomware attacks. Regardless of their chosen method of attack, though, it’s
essential for your business to implement cyber security awareness training as part
of your prevention and risk mitigation methods.

So, what are some of the top cybercrime statistics relating
to attack methods?

6 — 85% of organizations reported experiencing phishing
and social engineering attacks

Phishing and social engineering attacks are now as common as wearing flip-flops in Florida (thongs or sandals for you international readers) Accenture Security’s 2019 “The Cost of Cybercrime” annual report indicates that the number of organizations that reported experiencing phishing and social engineering attacks increased 16% year over year.

7 — Malware ranks as the most costly type of attack for
organizations

Accenture Security’s 2019 report indicated that malware cost
organizations an average of $2,613,952 in 2018. This is an increase of 11% over
the previous year. The next most costly type of attacks were web-based attacks,
which cost an average of $2,275,024 per year in 2018.

graphic: cybercrime statistics concerning malware

8 — Three-quarters of businesses report insider threats as
a significant concern

Data from KnowBe4’s 2019 Security Threats and Trends global survey of 600 organizations indicates that “76% of organizations say the biggest and most persistent security threat comes from ‘the enemy from within.’” This describes careless end users who regularly endanger organizations by engaging with phishing emails, ransomware, malware, and other dangerous content.

9 — 96% of survey respondents report email phishing scams
as the top security risk

The same KnowBe4 report also indicates that nearly all of
the survey’s participants identify email phishing scams as the greatest
security threat to businesses. And considering that nearly half of the survey
participants also indicated that they’re worried about their organization
falling victim to targeted scams, it serves to further underscore the
importance of cyber awareness training.

Cybercrime Statistics: Who Are the Victims?

10 — An average of 300,000 cybercrime-related complaints
are received each year by the FBI IC³

Cybercrime doesn’t discriminate. The victims of cybercrime involve individuals, organizations, and businesses alike — virtually everyone from all walks of life. In its 2018 Internet Crime Report, the FBI’s IC³ reports that the organization receives an average of 300,000 cybercrime-related complaints per year — that’s an average of 900 complaints per day.

11 — Seniors over age 60 are the preferred victims of
cybercrime against individuals

Senior fraud scams are increasingly common and result in
significant losses each year. In 2018 alone:

62,085 victims age 60 or older reported
$649,227,724 in losses to cybercrime.
An additional 48,642 victims ages 50-59 reported
losses of $494,926,300 in the same year.

That’s a combined amount of more than $1.14 billion in a
single year between these two age groups! However, let me just remind you of
one important thing: This number represents reported losses. This means
that there are likely many other victims —and much larger losses — than what we
know.

Cybercrime Statistics: Top Industries Targeted

12 — More than 22% of ransomware attacks in Q1 2019
targeted professional services organizations

Coveware reports that professional services — companies such as certified public accountants and law firms — were the top choice of ransomware attacks (22.4%) in the first quarter of the year. This was followed by software services (17.2%) and healthcare organizations (10.3%) such as small healthcare providers and specialists. They’re valuable targets to cybercriminals because they are responsible for protecting their patients’ extremely sensitive personal and medical data, yet they’re often under protected and unprepared in terms of IT security and data backups.

To our readers in the healthcare and professional services
industries in particular, please pay attention. We don’t want to see your
organization’s name in domestic or international news headlines.

13 — More than 25% of malware attacks targeted banks and
financial services in 2018

Intsights Cyber Intelligence reported in April that more malware attacks (25.7%) targeted global banks and financial services institutions (FSIs) than other industry they tracked that year. Furthermore, their research indicates that there were substantial year-over-year increases in several types of attacks:

compromised credit cards (212%),
credential leaks (129%) and
malicious apps (102%).

Cybercrime Statistics: The Worldwide Costs of Cybercrime

When we talk about the “costs” of cybercrime, this term can
mean a few different things. Costs typically entail:

direct financial costs that result from the
crime,
indirect costs, or
prevention and mitigation costs.

So, what are some of the top cyber crime statistics by
country? Here are a few to note:

14 — The U.S. leads the way with more than $27 million in
annual costs relating to cybercrime

USA! USA!

… Wait, this isn’t exactly the type kind of title we should
be proud of. But it’s still critical information for all of us to know.

Accenture Security’s 2019 “The Cost of Cybercrime” study
indicates that there were significant regional differences where cybercrime
costs were concerned in 2018. However, the United States continued to hold its
No. 1 title with the highest annual costs relating to cybercrime — $27.4
million, an increase of 29% over the previous year.

15 — Cybercrime in the U.K. and Japan rose significantly
— 31% and 30% — in 2018

The Accenture Security report also indicates that the
largest increase year-over-year increases were experienced by the United
Kingdom (31%) and Japan (30%), respectively. Their annual cybercrime costs
increased to $11.5 million (U.K.) and $13.6 million (Japan). While they’re
still nowhere near the U.S.’s level of cybercrime annual costs, we’re likely to
see these costs continue an upward trajectory.

Cybercrime Prevention Costs

16 — The U.S. President’s proposed FY 2020 budget
requests more than $17 billion for cybersecurity and cyber operations

Even with all of the resources at his disposal, thwarting cyber threats and preventing cybercrime is a huge concern for Uncle Sam. That’s why the United States’ proposed fiscal year budget for 2020, which is available on the White House website, requests “$17.4 billion of budget authority for cybersecurity-related activities.” This is an increase of $790 million (5%) over the FY 2019 estimate. It’s important to note, however, that this amount doesn’t represent the entire cyber-related budget for (obvious) security reasons.

Can’t really blame Uncle Sam for not wanting to hold his
cards close to the vest, right?

Regardless, here’s a breakdown of some of the disclosed initiatives we do know about in the proposed FY 2020 budget:

$1+ billion to support Department of Homeland
Security (DHS) cybersecurity efforts.
$9.6+ billion to advance the Department of
Defense (DOD)’s three primary cyber missions.
$156+ million to support “early-stage research”
and increase cyber resilience of system for the recently established Office of
Cybersecurity, Energy Security, and Emergency Response.
$13 million for the Department of the Treasury’s
Office of Critical Infrastructure Protection and Compliance Policy.

17 — The spending on cybersecurity products and services
anticipated to surpass $1 trillion by 2021

In its Secure Anchor-sponsored 2019 Cybersecurity Market Report, Cybersecurity Ventures reports that global spending on cybersecurity market products and services will exceed $1 trillion cumulatively between 2017 and 2021.

In 2018 alone, worldwide spending on infosec services and
products surpassed $114 billion — a market that’s anticipated to grow to $170
billion in 2022.

18 — Cyber security awareness training expected to reach
$10 billion by 2027

Almost every article you read online about cyber security harps on the importance of cyber awareness and security training. Heck, we’re guilty of that ourselves because we know that training is essential to help mitigate certain cyber threats and vulnerabilities. That’s why it’s not surprising that Cybersecurity Ventures also reports that security awareness training is on the rise. However, the number is certainly attention-grabbing: $10 billion by 2027.

This trend is expected to continue through nearly the next
decade as cyber-defense strategies become fundamental to more major
corporations.

19 — 30% of survey respondents say their organizations
don’t have a separate security budget

Considering the number of cyber attacks and data breaches
making headlines globally each year, it’s hard to believe that some
organizations don’t place greater importance on their cybersecurity defenses. Unfortunately,
research definitely shows that’s still the case.

For example, KnowBe4’s 2019 Security Threats and Trends
Report indicates that nearly a third of surveyed organizations don’t separate
their security budget from their annual IT capital expenditure budget. To add
insult to injury, about 13% report that they allocate “less than $25,000 on
security spending” and 50% dedicate “less than or up to 50,000 a year to
purchase security products, software or security awareness training.”

I have to ask: Have these organizations learned nothing from Yahoo, Marriott, Equifax, or any other major corporations in recent years? It must be a cars of “it won’t happen to me,” or what’s also known as optimism bias.

Email Security Best Practices - 2019 Edition

Don’t Get Breached

91% of cyber attacks start with an email. 60% of SMBs are out of business within six months of a data breach. Not securing your email is like leaving the front door open for hackers.

Download the eBook

Costs Resulting from Damages

20 — Cybercrime damages are anticipated to cost $6 trillion
per year by 2021.

Although we shared this cybercrime statistic in our 80 eye-opening cyber security statistics article earlier this year, we’d be remiss to not at least mention it here. This number, which comes from Cybersecurity Venture’s 2019 Annual Crime Report (ACR), is double their 2015 prediction of $3 trillion in cybercrime costs annually.

21 — Cybercrime costs $2.9 million to the global economy
every minute

Research from Risk IQ’s “The Evil Internet Minute 2019” report indicates that one minute on the internet carries a price tag of $2.9 million to the global economy. In their report, Risk IQ researchers state that top companies pay $25 per minute due to cyber breaches.

22 — More than $26 billion in losses reportedly lost to
BEC and EAC scams specifically

The FBI’s Internet Crime Compliant Center (IC³) reports that $26,201,775,589 was exposed in 166,349 domestic and international business email compromise/email account compromise (BEC/EAC) scams between June 2016 and July 2019. As far as FBI cyber crime statistics go, this is one of the most important to know.

If current trends continue and these types of scams keep
growing, I’d hate to see what they’re going to report in their next BEC report…

Cybercrime Statistics: The Role of Cybercurrencies in Cybercrime

Depending on the side of the (digital) coin you look at,
there are positives and negatives to the use of cryptocurrency. Blockchain
digital currencies fall outside the control or scope of the European Union’s
financial regulations. As such, it’s challenging for law enforcement and other
government entities to track — which is, of course, part of the purpose of
using it altogether.

Digital currencies such as Bitcoin, Ethereum, Ripple, Dash and
others are attractive options to a variety of individuals. They’re attractive
to both law-abiding users who want their governments to butt-out and keep more
control over their money and cybercriminals who want to transfer funds without
detection.

So, how do these digital funds contribute to the cybercrime
industry? Here are some enlightening cybercrime statistics on cryptocurrencies:

23 — 98% of ransomware payments are made via Bitcoin

Hands down, Bitcoin continues to rank as the leading
cryptocurrency payment method of choice for cybercriminals. Coveware reports
that when actors launched ransomware attacks in Q1 2019, 98% demanded payment
via Bitcoin.

24 — In 2018 alone, cryptocurrency exchange hacking cost
around $1 billion

The hacking of cryptocurrency exchanges is “far and away the most costly type of crypto crime,” according to a report by Chainanalysis. Their research tracks two major hacking groups that largely contributed to the theft of these funds during that year. The average cost per hack by these groups? A cool $90 million. They achieved this by frequently moving the stolen currency through a complex network of exchanges and digital wallets that involves moving the funds at least 5,000 times.

25 — Tens of millions of dollars have been lost to
SIM-swapping attacks

SIM-swapping is a crime that involves a criminal transferring a victim’s mobile account to a device they have in their possession. It’s a met h od of attack that cybercriminals like to use against people within the cryptocurrency community in particular because it’s profitable. In its 2019 Cybersecurity Almanac, Cybersecurity Ventures estimates that these crimes have resulted in tens of millions of dollars of cryptocurrencies being stolen.

cybercrime statistics concerning social media

Social media as a useful tool for users and cybercriminals
alike. For end users, it’s a way to connect with family and friends. For
cybercriminals, it’s a wealth of information that they can use as part of their
social engineering tactics as well as a platform to launch malware attacks. The
risks associated with social media platforms is particularly good for
businesses to know considering that many employees use company computers and
other devices to access their personal social media accounts.

Heck, maybe you do that yourself during your lunch break.
After all, who doesn’t enjoy watching and sharing a funny cat video or two to
give your brain a break in the middle of the day?

Regardless, for this section, we’ve pulled together some
statistics from the Bromium social media study and studies by other notable
organizations to address cybercrime relating to social media.

26 — Up to 40% of social media sites have some form of
turn-key hacking tools or services available for purchase

The widespread availability of cybercrime tools is a growing
concern for SMBs and enterprises alike. Bromium’s research indicates how easy
it is for even the least knowledgeable cybercriminals to engage in cyber
attacks with ready-made tools, solutions, training, and hacking-for-hire
services:

One account on Facebook offers the opportunity to trade or learn about exploits and advertises on Twitter to attract buyers. We also found evidence of botnet hire on YouTube, Facebook, Instagram and Twitter, with prices ranging from $10 a month for a full-service package with tutorials and tech support to $25 for a no-frills lifetime subscription – cheaper than Amazon Prime.”

27 — Fraud attacks on social media increased 43% in 2018

By the end of last year, social media fraud attacks rose
significantly. This increase in fraud may be attributed in part to the use of
automation tools, RSA
Security reports. Regardless of the reason, though, it just serves to
further emphasize the need for users to be hypervigilant when it comes to their
social media activities and security efforts.

28 — Fraud revenues increased by 60% since 2017 thanks to
social media

In short, cybercriminals are having a heyday with social
media. Bromium’s social media data indicates that they’re able to conduct a
variety of fraudulent activities using these social networking platforms. For
example, they can engage in financial fraud, romance/dating fraud, and
impersonate major brands across all channels including major platforms like
Facebook, Twitter, and LinkedIn.

29 — The data of 1.3+ billion social networking users has
been compromised within the past 5 years

We’ve all seen the headlines about businesses being breached
and user accounts being compromised. Social platforms are no different. In
fact, according to Bromium, the accounts of more than 1.3 million social media
users have been compromised in the past five years.

This statistic doesn’t really come as a surprise to me. It
seems like every couple of months I receive obvious phishing messages from
friends’ compromised Facebook accounts. The messages try to get me to click on
a link. Or, I’ll even receive a friend request from a fake account
impersonating them that’s trying to add me as a friend.

Nice try, hackers. Keep phishing, ‘cause I ain’t bitin’.

Cybercrime Statistics: Predictions and Trends in the Coming Years

There are some interesting and notable trends in the cybercrime
industry. In an article about cybercrime statistics, we’d be remiss to not at
least highlight some of the biggest predictions, forecasts, and trends from
experts within the industry.

So, without further ado, here are some notable trends and
predictions of what we can expect to see within the industry over the next few
years:

30 — Only 15% of firms report being notified by a
third-party vendor notifying them of a breach the vendor caused

A 2019 survey of 600 IT and security decision makers by eSentire and Spiceworks shows that of the 250 surveyed companies that indicated experiencing a breach, only 15% were notified of the breach by the respective vendor who caused it. Yeah, that’s some shady business right there.

In some ways, it’s unsurprising that vendors don’t want to
inform their corporate clients about the data breaches they cause. This could
be, in part, due to the reputational risks or accountability involved with
disclosing a cyber breach. But regardless of wounded egos or reputational
concerns, it’s the responsibility of every vendor to inform their customers of
any breaches they cause. Shame not everyone likes to live up to such ethical
standards.

31 — More than 70% of cryptocurrency transactions will involve
illegal activities by 2021

Cybersecurity Ventures predicts that the use of cryptocurrencies for nefarious activities will jump significantly in a little more than a year. The cybersecurity research firm forecasts that these illicit activities will jump from current estimates of 20% of the five major cryptocurrencies by 2021.

32 — The amount of data stored in the cloud will increase
100x by 2021

It’s no secret that cloud storage for data is on the rise.
No matter whether you’re talking about public clouds, private clouds owned by
businesses, or government ones that are accessible by the public, Cybersecurity
Ventures predicts that the number will increase one hundredfold by 2021. This
makes for an incredibly data-rich target environment for cybercriminals.

33 — Cybercrime breaches are anticipated to increase
nearly 70% by 2024

The cost of data breaches to businesses is on the rise. Experts expect costs (direct and indirect) relating to cybercrime breaches to jump from $3 trillion to more than $5 trillion within the next five years! In their August 2019 press release, Juniper Research indicates that the costs of cybercrime will show an average annual growth of 11%. This data comes from their report “The Future of Cybercrime & Security: Threat Analysis, Impact Assessment & Mitigation Strategies 2019-2024.”

But if computers are so dangerous, why are companies and
individuals increasingly reliant on them? It’s because digital technologies and
the internet are staples in the modern economy — and in our modern lives as a
whole. They’re essential to not only ecommerce but to other aspects of our
lives as well — everything from entertainment to business and government
operations. Why bother hand-delivering or mailing in a check when you can pay
bills online? And who doesn’t love the convenience of online banking?

Regardless of how or why we’re all using these things, the fact is
that we are using them. And with all the perks of these conveniences and
benefits come certain risks as well. This is why businesses, governments, and
other organizations and institutions need to invest the time, money, labor, and
attention to addressing cyber security vulnerabilities. Every little bit helps
in the uphill battle against cybercriminals.