Cyber attacks globally increased by 125% in 2021 compared to 2020, and increasing volumes of cyber attacks continued to threaten businesses and individuals in 2022.
Phishing remains the most common form of cyber crime.
In 2021, 323,972 internet users reported falling victim to phishing attacks. This means half of the users who suffered a data breach fell for a phishing attack. During the height of the pandemic, phishing incidents rose by 220%.
2021 saw nearly 1 billion emails exposed, affecting 1 in 5 internet users. This may partly explain the continued prevalence of phishing attacks.
How much does phishing cost victims?
Despite its prevalence, phishing had the lowest loss to victims. Individuals lose an average of $136 in phishing attacks. This is well below the average data breach cost of $12,124.
Visit our phishing statistics page for the latest information on global phishing trends.
Ransomware attacks continue to pose a serious threat to individuals and organisations, with more advanced attack methods forcing payouts from victims. Around 236.1 million ransomware attacks were reported worldwide in the first half of 2022.
For more information, visit our ransomware statistics page.
It is clear that the rate and cost of data breaches are increasing. Since 2001, the victim count has increased from 6 victims per hour to 97, a 1517% increase over 20 years.
The average cost of data breaches per hour worldwide has also increased. In 2001, the average cost per hour to individuals was $2054. Since then, the hourly loss rate has increased, standing in 2021 at $787,671.
The increasing threat to organisations globally means more are taking cyber security seriously. 73% of SMBs agree that cyber security concerns now need action, with 78% saying they will increase investment in cyber security in the next 12 months.
A concerning statistic is that 67% of SMBs feel that they do not have the in-house skills to deal with data breaches. However, this issue is mitigated as increasing numbers of SMBs are working with Managed Service Providers for cyber security; 89% as of 2022, up from 74% in 2020.
We work with many industries in which compliance and regulation are major factors, and provide IT Support for law firms and financial services companies among others. We know it has never been more important to take cyber security seriously.
What is the costliest type of cyber crime?
In 2022, investment fraud was the most costly form of cyber crime, with an average of $70,811 lost per victim.
How much does cyber crime cost businesses?
In 2022, data breaches cost businesses an average of $4.35 million – up from $4.24 million in 2021.
How did the pandemic affect cyber security?
The pandemic affected cyber security as businesses were forced to rapidly move to remote work environments. Cyber criminals took advantage of network misalignments and security gaps as these transitions happened. In 2020, malware attacks increased 358% compared to 2019.
Covid-19 clearly impacted the number of hourly victims. 2019 cyber crime statistics show the hourly number of victims was 53. In 2020, the first full year of the pandemic, the hourly number of victims jumped to 90, an increase of 69%.
Poland has the strongest cyber security, according to the National Cyber Security Index.
The NCSI measures a country’s ability to prevent cyber threats and manage cyber incidents. As of December 2023, the 5 countries with the highest scores on the NCSI are:
In 2021, Asian organisations suffered the most attacks worldwide. The percentage of attacks against organisations by continent in 2021 is as follows:
2021 saw an average of $787,671 lost every hour due to data breaches.
For an up to date guide on choosing an IT provider who can help keep you protected from Cyber Crime, check out Guide to Outsourcing IT Support.
32% of UK businesses reported suffering a cyber attack or breach in 2023. For medium businesses, this rises to 59%. 69% of large businesses reported an attack.
It is estimated that UK businesses lost around £736 million to cyber crime in 2021. Including consumers, as much as £2.5 billion may have been lost in 2021 to cyber criminals.
An estimated 53.35 million US citizens were affected by cyber crime in the first half of 2022. Between July 2020 and June 2021, the US was the most targeted country for cyber attacks, accounting for 46% of attacks globally.
US citizens lost $6.9 billion in 2021 to cyber-related crimes, including romance scams ($956 million), investment scams ($1.4 billion) and business email compromise ($2.39 billion).
For businesses, ransomware is a serious threat to security, with 60% of US organisations having their data encrypted in successful ransomware attacks. The cost to rectify these attacks cost an average of $1.08 million in 2021, a decrease of 49% from 2020 ($2.09 million).
Unfortunately, many US organisations are not adequately protected against cyber threats. Just 50% of US organisations have cyber insurance with full cover.
A further 28% have cyber insurance with exclusions or exceptions in the policy, meaning they may not be covered for certain attacks or under certain circumstances.
Most worryingly, this means around 1 in 10 US organisations (12%) have no coverage against cyber attacks, risking financial ruin should they suffer an attack.
Cyber crime has become an increasingly severe problem in Pakistan in recent years.
Financial fraud is the most common type reported; in 2020, of 84,764 total complaints, 20,218 Pakistanis reported falling victim to financial fraud-related online crimes. This is ahead of hacking (7966), cyber harassment (6023) and cyber defamation (6004).
An increasing number of Pakistanis have experienced cyber crime through social media. Between 2018-2021, financial fraud through social media increased by 83%. Of 102,356 complaints received in 2021, 23% of cyber crimes used Facebook.
Like many countries, India is suffering increasingly from cyber crime. The number of cyber-related crimes reported in 2018 was 208,456. In the first 2 months of 2022 alone, there were 212,485 reported cyber crimes, more than the entirety of 2018.
The figures rose more sharply through the pandemic, with reported crime jumping from 394,499 cases in 2019 to 1,158,208 in 2020 and 1,402,809 in 2021. Between Q1 and Q2 2022, cyber crime across India increased by 15.3%.
Additionally, there have been an increasing number of Indian websites hacked in recent years. In 2018, some 17,560 sites were hacked. In 2020, an additional 26,121 sites were hacked.
78% of Indian organisations experienced a ransomware attack in 2021, with 80% of those attacks resulting in the encryption of data. In comparison, the average percentage of attacks was 66%, with the average encryption rate at 65%.
What is the most common form of cyber crime in India?
The most common form of cyber crime in India is financial fraud. This accounted for 75% of cyber crime in India between 2020 and 2023, with a high point of over 77% of crimes committed during the period.
79% of Malaysian organisations were targeted by ransomware in 2021, with 64% of attacks resulting in the encryption of data.
How common is cyber crime in Malaysia?
Cyber crime is becoming increasingly common in Malaysia. Over 20,000 cyber crimes were reported in 2021, amounting to RM560 million ($123 million) lost from victims.
Between 2017-2021, the total amount lost to cyber crime in Malaysia was estimated at RM2.23 billion ($490 million). From January to July 2022, there were 11,367 reported cases of cyber crime, with the rate of crime increasing 61% from 2016 to 2022.
Despite its small population, cyber crime is still an issue in Nepal.
For the fiscal year 2020-2021, there were 3906 recorded cases of cyber crime. In just the first 3 months of the current fiscal year (2021-2022), there have been 1547 reported cyber crime cases.
Nepal currently ranks 109th out of 160 countries on the National Cyber Security Index, and 94th on the Global Cyber Security Index. Nepal also ranks 140th on the ICT Development Index.
Canada has experienced a marked increase in the rate of cyber crime in recent years. Between 2017 and 2021, reported cyber crime increased by 153%, from 27,829 cases in 2017 to 70,288 cases in 2021.
Coupled with this increase in cyber crime is an increasing worry amongst Canadians about the use of personal information online. A 2020 study revealed that 48% of internet users in Canada were ‘extremely worried’ about their data being used in identity theft.
How much do Canadian organisations lose to cyber crime?
Canadian organisations lost $1.5 billion in 2017 through cyber crime. In 2021, 85.7% suffered at least one cyber attack.
For comparison, 89.7% of organisations in the USA were attacked at least once in 2021; in the UK, this percentage drops to 71.1%.
Phishing and online fraud continue to plague Canada. In the first 6 months of the pandemic, 34% of Canadians received at least 1 phishing email. In addition, in 2021, Canadians lost $100 million to online fraud.
The most common form of online fraud involved romance, which accounted for $42.2 million lost by victims. Investment scams were also common.
Cyber crime continues to be an issue in Australia. Scams are one of the main concerns, with investment scams having cost Australians more than $48 million so far in 2022. In total, more than $72 million has been lost through scams in 2022. In addition, 1 in 4 Australians have fallen victim to identity fraud.
Australians are, on average, some of the wealthiest people in the world. A study of the median wealth per adult put Australians at the top of the rich list, with a median wealth of $273,900 – ahead of Belgium ($267,890) and New Zealand ($231,260). This perhaps partly explains why cyber criminals target Australian individuals and organisations.
In September 2022, a major data breach at telecommunications company Optus, affected around 2.1 million customers. 9.8 million individual records were stolen, including addresses, names, dates of birth and, in some cases, passport numbers. However, no bank details were compromised in the attack.
How often does cyber crime occur in Australia?
On average, there is a cyber attack every 10 minutes in Australia, with 43% of these attacks targeting SMEs. Education, healthcare and government are the most targeted areas.
From July 2021 to June 2022, cyber attacks in Australia increased by 81%. Network traffic only increased by 38% during the same period, highlighting the continuing prevalence of cyber crime in the country. Attacks targeting financial sites have risen more than 200% in 2022.
In 2020, Nigeria was ranked 16th in the world for countries most affected by cyber crime. A recent development in Nigeria’s cyber threat landscape is hackers tempting employees of Nigerian organisations to act as insider threats.
Research revealed that hackers have started offering money in return for employees to divulge sensitive information on an organisation’s network. While the report did not say whether any staff had acted as insider threats, it’s clear that this is a growing area of concern.
In Q3 of 2022, Nigeria experienced a 1616% increase in data breaches, from 35,472 in Q2 to 608,765 in Q3.
However, the Nigerian government is continuing to fight against cyber crime. Since the start of 2022, Nigeria’s Economic and Financial Crimes Commission (EFCC) have convicted 2847 people in connection with cyber-related crimes.
Zambia ranks 58th out of 161 countries on the National Cyber Security Index and 73rd out of 194 countries on the Global Cyber Security Index.
As a developing country, access to technology is somewhat restricted – only 50% of Zambians own a personal computer. However, around 75% own smartphones, which makes scams via text a particular issue.
In 2021 alone, 10.7 million cyber crimes were reported to the Zambia Computer Incident Response Team (ZM-CIRT), which included mobile money reversal scams and social media hijacking.
The GDP per capita of Zambia is $4000. Between 2020 and Q2 2022, the Zambian finance sector suffered losses of over 150 million ZMK ($872,000). In the same period, SMS fraud cost Zambians over 1 million ZMK ($58,000).
Russia experiences high levels of cyber crime. In Q1 of 2022 alone, there were 42.92 million data breaches.
While this decreased to 28.78 million breaches in Q2 of 2022, it is clear that cyber crime is a serious threat in Russia. There are an average of more than 249,000 cases of digital fraud annually. In a single day, over 8 billion phishing emails were sent from Russian addresses.
In Q3 of 2022, 22.3 million Russian internet users had their accounts breached, the highest of any country.
The 5 countries with the highest amount of breached accounts in Q3 of 2022 were Russia, France (13.8 million), Indonesia (13.2 million), the US (8.4 million) and Spain (3.9 million).
These countries accounted for more than half of the total breaches globally in Q3 2022. As of November 2022, for every 1000 internet users, 153 have had their accounts breached.
A 2022 study suggested that 72.6% of German organisations had suffered at least one successful cyber attack in the preceding 12 months. In comparison, Columbian organisations suffered the worst, with 93.9% compromised by at least one successful attack.
74.3% of German organisations indicated that further cyber attacks in the next 12 months are more likely than not going to occur.
However, German hackers are contributing to the global phishing threat. In 2022, 5.19% of spam originated from Germany. The top 5 countries of origin for spam were Russia (29.82%), Mainland China (14%), the USA (10.71%), Germany (5.19%) and the Netherlands (3.70%).
As attack methods become increasingly sophisticated, organisations globally have to invest in more advanced security measures, update training, and, especially in larger companies, hire dedicated cyber security staff.
When these companies are hacked, the costs of rectifying the breach and recovering from downtime can spiral into millions.
The average cost of a cyber breach in 2022 was $4.35 million. It’s predicted that cyber crime cost the global economy around $7 trillion in 2022, and this number is expected to rise to $10.5 trillion by 2025.
The average cost of a cyber breach in 2022 was $4.35 million.
Supply chains are becoming increasingly interconnected and complex as technology improves.
However, this connection presents risks if businesses in the chain aren’t adequately protected. Security vulnerabilities in one business can expose partners they are connected with.
Cyber criminals are targeting these vulnerabilities, with up to 40% of cyber threats now occurring indirectly through the supply chain.
Research highlights that cyber security leaders are burnt out and in an ‘always on’ state as increased digital connections demand more of their time.
Cyber criminals are using this fatigue to their advantage. A study has revealed that just 23% of security leaders monitor their partners and vendors in real-time for cyber security risks. These organisations also limit third-party coverage to their immediate vendors and suppliers. This excludes their wider ecosystem of customers, business partners, investors and others.
Is awareness of cyber risk increasing?
Awareness of third-party risk is increasing. By 2025, it is estimated that 60% of organisations will use cyber security risk as a key factor when determining transactions and business engagements with third parties.
Supply chain attacks are seen by 60% of C-Suite executives as the most likely type of cyber threat that would affect their business.
Recent research also highlights C-Suite executives’ worry about vulnerabilities in the supply chain.
When 900 companies were asked what they thought were the most likely types of cyber attacks on their business, 60% responded with supply chain attacks. DDoS attacks were seen as equally likely, ahead of cyber espionage (59%) and APT (57%), but less than ransomware and data theft (66%).
Atlassian demonstrates the risks within the supply chain. Used by 83% of Fortune 500 companies, Atlassian products are hugely popular across the world, with 180,000 customers in more than 190 countries.
However, cyber criminals exposed a severe vulnerability in Atlassian Confluence in June 2022. As mentioned above, Atlassian products are used by some of the biggest organisations in the world; the consequences of data leaks could be crippling.
Research found that almost 200,000 companies depend on organisations that may have been affected by the vulnerability.
The IoT doesn’t require human interaction to function, making IoT devices excellent assets in business to automate tedious workflows and reduce the margin for error.
However, these devices are a prime target in cyber crimes. GPS trackers, ‘smart’ wearables and other IoT devices can hold valuable data but often don’t have robust security software.
This was discovered in the case of MiCODUS. The MiCODUS MV720 GPS tracker is a popular automotive tracking device, designed to help with vehicle fleet management. It is hardwired into vehicles, enabling anti-theft, fuel cut-off, geofencing and remote control capabilities.
MiCODUS products are used in 169 countries by the general public, government agencies, militaries, law enforcement and businesses. 6 severe vulnerabilities were found in the MV720.
Exploiting these vulnerabilities means attackers could track shipments, cut fuel to emergency vehicles or extort ransoms by disabling fleets.
The human element remains a critical vulnerability for both businesses and individuals. 82% of breaches against businesses involved a human element through issues like error and social engineering.
Phishing attacks are the most common form of cyber threat, and more damaging attacks are often dependent on the success of an initial malicious email. Encouraging people to follow a link to a spoof website and enter credentials or download malware gives hackers the tools needed to escalate attacks. From there, serious threats like ransomware can be delivered.
The growth of social media in recent years has given cyber criminals another avenue of attack. Meta, the parent company of Facebook, uncovered more than 400 malicious iOS and Android apps in 2022 that targeted mobile users to steal their Facebook login credentials.
43% of these apps were ‘photo editors’, including ones that allowed the user to turn themselves into a cartoon. A further 15% were ‘business utility’ apps, which claimed to be able to provide hidden features not found in official apps from reputable platforms.
By creating fake reviews, cyber criminals can artificially inflate the ranking of their apps and disguise poor reviews that highlight issues. Unsuspecting users then download the app, where they are then asked to log in using Facebook. The hacker can see any details entered.
How common is cyber crime on social media?
Cyber crime is very common on social media. In Q2 of 2022 alone, Facebook removed 8.2 million items of content that violated its policies on bullying and harassment. In Q1 of 2022, 9.5 million pieces of policy-violating content were removed, the highest-ever number removed by the platform.
Romance scams cost UK victims £14.6 million in a single month.
Cyber criminals will use social media to scope out individuals to target in crimes such as romance scams. This type of fraud involves the criminal establishing a ‘relationship’ with a target, before getting the unfortunate victim to send money, purportedly for plane tickets, an urgent operation or other ruses.
In the UK, romance scams cost victims £14.6 million in May 2021 alone. Half of romance scam victims in the UK in 2021 were women, with 39% men and the final 11%, not specifying their gender.
Russia’s invasion of Ukraine has had a massive impact on the cyber threat landscape. Since the start of the war, Russian-based phishing attacks against email addresses of European and US-based businesses have increased 8-fold.
Nearly 3.6 million Russian internet users have also experienced breaches in the first quarter of 2022, an 11% increase quarter-on-quarter.
What has the UK done to help Ukraine?
To help protect Ukrainian critical infrastructure against Russian attacks, the UK launched the ‘Ukraine Cyber Programme’ in 2022. The UK mobilised an initial £6.35 million package in response to increased Russian cyber activity immediately following the Ukraine invasion.
This programme provides incidence response to protect Ukraine Government entities against attacks, as well as DDoS protection so Ukrainian citizens can still access critical information and firewalls to block attacks.
JBS is the largest meat processing company in the world. On May 30th 2021, cyber criminals breached the JBS network with ransomware, disrupting plants in the USA, Canada and Australia. All JBS-owned beef processing plants in the USA were temporarily inoperative.
Impacts included the US Department of Agriculture being temporarily unable to offer wholesale prices for beef and pork, and highlighted vulnerabilities in the meat processing supply chain.
On June 9th, JBS paid an $11 million ransom to the cyber criminals, preventing further disruption and the potential leaking of sensitive data. JBS stated that it spends over $200 million annually on IT and employs more than 850 IT professionals worldwide.
Robinhood is a USA-based stock trading app. On November 3rd 2021, data of 7 million users was stolen and held to ransom by cyber criminals.
The hackers accessed this data through social engineering, divulging employee login details to access the network without using brute force.
This led to 5 million users having their email addresses compromised, with a further 2 million having their full names exposed. 310 victims had more personal information stolen, including dates of birth and US zip codes.
The hackers demanded a ransom to prevent this data from being leaked. Robinhood refused, hiring a cyber security firm to investigate the breach.
It is likely that the September 2022 Uber breach was able to occur as a contractor had their personal device infected with malware. The hacker was then able to purchase the exposed credentials on the dark web.
The hacker used these credentials to repeatedly log in to the contractor’s Uber account, which triggered MFA approval requests. Repeated MFA requests caused ‘MFA fatigue’ where the contractor became fed up with receiving notifications. When the contractor eventually accepted a request, the hacker gained access to the account and escalated the attack.
Uber responded by identifying potentially compromised accounts, either blocking them or resetting their passwords. They also reset access to internal tools and locked down the codebase to prevent any new code changes.
No public-facing applications were accessed, meaning sensitive data such as customer credit card details and bank account information remained secure.
What happened in the 2022 National Health Service (NHS) cyber security breach?
On 4th August, Advanced, a key supplier of digital NHS services like patient check-ins and NHS 111, suffered a ransomware attack from an unknown hacking group.
The attack took several services offline, including software used by medical professionals for patient check-ins, patient records and NHS 111. GP practices suffered as access to important patient information was blocked, and notifications could not be electronically sent between hospitals and GPs.
In-person visits had to be recorded manually, extending wait times and piling extra work onto an already thinly stretched NHS workforce.
From August 22nd, NHS 111 services started to return to normal. Advanced worked on its security vulnerabilities and is restoring impacted services in a new, secure environment.
On 23rd February, Nvidia, a major microchip producer suffered a data breach which saw source code fall into the hands of cyber criminals.
The hacking group Lapsu$ claimed responsibility for the attack, claiming it had stolen around 1TB of data. This included employee information, such as account passwords, and source code for graphics card drivers.
No ransomware was detected in the security breaches, with the crime group instead demanding Nvidia make their drivers open-source.
Nvidia responded by changing all staff members’ passwords, ensuring any leaked information would be useless. Lapsu$ also claimed that Nvidia launched a ransomware attack against them, encrypting the stolen data so it couldn’t be leaked.
One of the most widespread cyber breaches in history, WannaCry was a global ransomware attack that affected more than 200,000 computers in over 150 countries.
WannaCry exploited a vulnerability in unpatched versions of the Windows operating system. This vulnerability was known as ‘EternalBlue’, and had allegedly been developed in the US by the National Security Agency. A hacking group known as ‘The Shadow Brokers’ exposed the issue before the attack happened.
Microsoft released a patch that removed EternalBlue. However, businesses and individuals across the world ignored the update, not realising the danger their computers were in.
As such, WannaCry was a devastating attack. The ransomware infected hundreds of thousands of computer systems across the globe. The attackers encrypted data on the affected machines, demanding the victims pay the attackers $300 in Bitcoin to avoid having their data deleted.
WannaCry is estimated to have caused over $4 billion in damages worldwide. In the UK, the NHS had to cancel 19,000 appointments, costing the health service around £92 million.
A national emergency was declared in Costa Rica in 2022 in the face of a series of ransomware attacks against critical institutions.
The first attacks ran from mid-April until the start of May, with 27 government bodies targeted. The digital tax service and the IT system for customs control were crippled. The attacks also impacted an estimated 800 servers and several terabytes of information in the finance ministry.
The encryption of key data and systems meant trade was affected, with losses from import and export businesses estimated somewhere between $38 million and $125 million per day. While a manual form of import was implemented after 10 days, the increased paperwork load still caused delays.
The second attack started on May 31st 2022. The main target this time was the Costa Rican Social Security Fund, which handles the country’s health service. An estimated 10,400 computers and more than half of the servers were impacted, with important healthcare systems going offline and forcing doctors to cancel appointments.
In the first week following the attack, around 34,677 appointments had to be rescheduled – 7% of all appointments that week across the country.
A ransomware group known as ‘Conti’ claimed responsibility for the first series of attacks, demanding a $10 million ransom to prevent the stolen information from being leaked. The second series of attacks were claimed by the HIVE ransomware group, which has some links to Conti.
On January 29th 2022, 2 subsidiaries of German fuel trader Marquard & Bahls were hit with cyber attacks, forcing companies like Shell to re-route shipments.
Oiltanking and Mabanaft were both targeted by hackers, with their IT systems and supply chains impacted. The knock-on effects of these attacks were felt across Germany.
Aral, who operates the largest network of petrol stations in Germany (around 2300 stations), had to source oil from alternative sources after the attacks.
The companies produce 1.6 million litres of fuel oil and 2.1 million litres of fuel annually, and the disruption from these attacks has affected 233 stations in northern Germany. A spokesperson for the Federal Office for Information Security said the situation was ‘serious, but not grave’. Both affected companies said in a joint statement that they were working to resolve the issue as soon as possible.
Cyber crime is split into two categories:
Cyber-dependant crime: Crime that can only be committed through the use of technology, ‘where the devices are both the tool for committing the crime, and the target of the crime.’ Examples include malware that targets victims for financial gain and hacking to delete or damage data.
Cyber-enabled crime: ‘Traditional’ crime that has extended reach through the use of technology. Examples include cyber-enabled fraud and data theft.
Cyber crime cost global economies around $787,671 per hour in 2021. Over the course of the year, this amounts to $6,899,997,960 lost worldwide to cyber criminals.
It is estimated that UK businesses lost around £736 million to cyber crime in 2021. Including consumers, as much as £2.5 billion may have been lost in 2021 to cyber criminals.
Cyber crime against businesses in the UK had been decreasing pre-Covid (from 46% of UK businesses reporting suffering a cyber attack in 2017 to 32% in 2019). However, the changes in the workplace brought about by lockdowns through the pandemic caused cyber crime to spike again as 46% of UK businesses reported suffering a cyber attack in 2020.
Cyber crime against UK businesses has since slowly decreased – in 2021 and 2022, 39% of UK businesses reported suffering a cyber attack.
Cyber crime victim density in the UK increased 40% from 2020 to 2021, likely driven by using personal electronic devices for work and generally using the internet more during lockdowns.
Cyber crime affects everyone.
The least affected are typically those under 20, but students switching to studying online during the pandemic in 2020 contributed to a nearly 100% increase in victims under 20 (from around 10,000 to more than 20,000).
Numbers have dropped by 36% in 2021, but remain 56% above pre-Covid levels.
Pensioners (60+) are the group most vulnerable to crime online. 2020 saw a 55% increase in victims over the age of 60, and this trend has continued through 2021 to over 92,000 victims.
With an average of 97 cyber crime victims per hour, this means there is a victim of cyber crime every 37 seconds.
In addition, 2 internet users have had their data leaked every second in 2022. This is an improvement over 2021, where 6 users had their data leaked every second.
The latest cyber crime statistics highlight that hackers target certain countries over others – in 2021, 71% of countries had below the global average breach density (16.5 leaked emails per 100 internet users).
The UK has the highest density of cyber crime victims per million internet users – 4783. This is followed by the USA with 1494.
Russia currently has over 3.5 million breached users – the highest in the world in 2022. This is followed by the USA with almost 2.5 million breached users.
‘Hacking’ is the act of gaining unauthorised access to a computer or data.
There is no single data source for how many people get hacked. However, it is estimated that there is a victim of cyber crime every 37 seconds. In 2021, 1 in 5 internet users had their emails leaked online, which could lead to hackers being able to access their accounts or target the email in phishing attacks.
‘Eavesdropping’ enables hackers to view, intercept, modify or delete data sent between 2 devices. Eavesdropping can be passive, where the hacker ‘listens’ to data being transmitted but does not otherwise interfere.
Active eavesdropping happens when hackers intercept data packets on a network by pretending to be a genuine connection. ‘Man-in-the-middle’ attacks are the most common form of active eavesdropping. Hackers access networks through social engineering or malicious software, and can then steal, redirect or delete data sent between devices on that network.
Online fraud is when criminals use technology to gain an advantage, usually financial, over a person or business. Fraud cost the UK £137 billion in 2021, the losses amounting to more than Jeff Bezos’ net worth.
The most common forms of cyber crime include phishing, ransomware and personal data breaches.
Phishing remains the most common form of cyber attack, with around 3.4 billion spam emails sent daily. Phishing is often an ‘entry’ attack, where cyber criminals collect sensitive information (like login details or credit card numbers) that they can then use to launch further attacks.
For instance, phishing is the most common entry point for ransomware attacks. Hackers spam their targets until the victim follows the link. That link could contain ransomware or take them to a spoof website where the victim unwittingly enters their login details. The hackers can then use that information to get internal access to a network, escalate their attack and inject ransomware.
Deep Instinct, Surfshark, IBM, World Economic Forum, ConnectWise, Statista, Gartner, Bulletproof, Kaspersky, Atlassian, BitSight, Verizon, NCSI, UK government, Pakistan Federal Investigation Agency, CERT-IN, Statistics Canada, Cyber Edge, Savvy, Optus, Credit Suisse, Imperva, Deloitte, EFCC, Bloomberg UK, JBS, BBC, Uber, Nvidia, Bloomberg, ZDNet, CPS, NCSC, National Fraud Intelligence Bureau, Action Fraud, Crowe, Microsoft, Sophos, Business Today, Commercial Crime Investigation Department (Malaysia), Indian Cyber Crime Coordination Centre, Nepal Police Cyber Bureau, Meta, OSAC, ZM-CIRT, GCI, Reuters, IC3, Canadian Anti-Fraud Centre, Valimail, Cybersecurity Ventures, Juniper Research, F5 Labs, SRA, Future Crime Research Foundation
Browse more articles from our experts and discover how to make better use of IT in your business.
Technology is both an asset and a challenge for financial firms as they adapt to a more digital economy. Discover some of the biggest technology challenges in the finance sector and how firms can overcome them. Read More
Read the latest cyber crime statistics, updated for January 2025, and see how the threat landscape has changed in recent years. Read More
Ransomware is an ever-present threat to cyber security worldwide. See how it has affected individuals and organisations with the latest ransomware statistics, updated for January 2025. Read More