Cybercrime Statistics 2025: Rising AI Threats & Global Impact

In early 2025, a small biotech firm in California found itself locked out of its systems overnight. The attackers demanded a ransom in cryptocurrency, exploiting a vulnerability in a forgotten server. The breach didn’t just compromise proprietary research, it crippled investor confidence and cost millions in lost opportunities. This story isn’t unique anymore. Cybercrime has evolved beyond lone hackers in basements; today, it’s a billion-dollar industry run like any other enterprise, with HR departments, marketing, and service guarantees.

As we step into 2025, understanding the scale and diversity of cybercrime has never been more critical. This article unpacks the most recent statistics to help you grasp where threats are coming from, what’s driving them, and how different regions and industries are responding.

Editor’s Choice

$13.7 billion in global ransomware damage is projected for 2025, reflecting a sharp increase from under $2 billion just five years ago.
The FBI’s IC3 (Internet Crime Complaint Center) received 1.25 million.
Phishing attacks now account for 39% of all initial intrusion vectors in 2025, surpassing malware and brute-force entry.
The global average cost of a data breach hit $4.9 million in 2025, a record high driven by cloud-based attack vectors.
45% of all cyber attacks in 2025 targeted small to midsize businesses (SMBs), marking them as the most frequent victims by volume.
Cryptojacking incidents rose by 63% in 2025, making it the fastest-growing cybercrime tactic.
AI-powered threats like deepfake phishing have increased by 138% year-over-year in 2025, complicating detection and mitigation efforts.

Rising Global Cost of Cybercrime

The global cost of cybercrime is projected to reach a staggering $10.29 trillion in 2025, underscoring the increasing threat landscape.
By 2026, this figure is expected to climb to $11.36 trillion, reflecting both the growing number and sophistication of cyberattacks.
In 2027, the cost is forecasted to hit $12.43 trillion, driven by expanding digital footprints and evolving ransomware tactics.
By 2028, the estimated annual damage caused by cybercrime worldwide could soar to $13.82 trillion, highlighting the urgent need for stronger cybersecurity measures.

Global Cybercrime Incidence Rates

The global volume of reported cybercrimes is projected to surpass 7.8 million cases by the end of 2025.
India, Brazil, and the United States remain the top three countries in terms of reported cybercrimes in 2025, with the US accounting for 31% of global cases.
Financial services, healthcare, and education top the list of the most frequently targeted sectors in 2025.
84% of global organizations experienced at least one cyber attack attempt in the past 12 months, as of Q2 2025.
In 2025, IoT-related breaches saw a 77% increase from the previous year, mainly through smart home and industrial devices.
Cyber extortion cases, including non-ransom demands, rose to over 220,000 cases globally in 2025.
The average time to detect and contain a breach in 2025 is now 196 days.

Most Common Types of Cybercrime

Phishing remains the most prevalent type of cybercrime in 2025, involved in 39% of all attacks.
Business Email Compromise (BEC) scams caused $3.2 billion in damages in 2025, targeting primarily C-level executives.
Ransomware accounted for 27% of global cyber attacks in 2025, with the majority targeting critical infrastructure.
Credential stuffing attacks rose by 85% in 2025, driven by widespread reuse of passwords across platforms.
Online scams, including fake investment opportunities, led to $2.4 billion in user losses in the US alone in 2025.
Denial-of-Service (DoS) attacks reached an all-time high in Q1 2025, with over 850,000 incidents reported globally.
Malware attacks specifically targeting mobile devices increased by 59% year-over-year in 2025, as app stores struggled to vet malicious apps.
Fake job offer scams surged by 108% in 2025, exploiting economic anxieties and targeting LinkedIn and job board users.
Impersonation fraud, including fake customer service agents and company reps, grew by 92% globally in 2025.
Child exploitation-related cybercrimes sadly rose by 27% in 2025, highlighting ongoing gaps in global online safety policies.

Average Cost of a Data Breach by Industry

The Healthcare industry suffers the highest average cost per data breach at $9.77 million, making it the most targeted and costly sector.
Financial Services ranks second with an average data breach cost of $6.08 million, reflecting the sensitivity of financial data.
In the Manufacturing sector, the average breach costs around $5.56 million, highlighting increasing risks in industrial systems.
Higher Education institutions face an average breach cost of $3.65 million, showing vulnerabilities in academic networks.
The Retail industry sees an average data breach cost of $3.48 million, impacted by customer data exposure and transaction system hacks.

Financial Impact of Cyber Attacks

Global damages from cybercrimes are projected to exceed $13.8 trillion in 2025.
The average ransom paid during ransomware incidents in 2025 has climbed to $1.9 million, nearly doubling from two years ago.
Financial institutions have reported losses of over $2.1 billion from spear phishing and wire fraud attacks in 2025.
Cyber insurance claims rose by 48% in 2025, with policy premiums increasing by 33% due to heightened risks.
Healthcare sector breaches alone are expected to cost the industry $12.4 billion globally in 2025, the highest among all sectors.
SMBs collectively lost $4.3 billion to cyber incidents in 2025.
Intellectual property theft and corporate espionage cases have caused an estimated $760 billion in global losses in 2025.
The cost of business downtime due to cyber attacks reached an average of $560,000 per incident in 2025.
Cloud infrastructure breaches resulted in estimated losses of $2.6 billion in the first half of 2025.
Crypto scams, including rug pulls and phishing, caused losses of over $1.2 billion globally by mid-2025.

Geographic Distribution of Cybercrime

The United States remains the most targeted country in 2025, accounting for 31% of global cybercrime losses.
Europe experienced a 26% increase in reported cybercrimes in the first half of 2025, driven largely by ransomware and phishing.
Latin America has seen a 60% year-over-year increase in cyber attack volume as digital infrastructure expands without matching security.
Africa’s cybercrime reports rose by 82% in 2025, with Nigeria and South Africa leading in regional attack volumes.
Asia-Pacific recorded over 1.9 million cyber incidents in the first half of 2025, particularly affecting the financial and manufacturing sectors.
Middle Eastern nations faced a 42% rise in cyber threats in 2025, much of it driven by geopolitical tension and hacktivist groups.
Canada experienced a 19% increase in BEC scams, particularly targeting educational institutions and government agencies in 2025.
Russia and China remain focal points for cyber espionage activity in 2025, according to several intelligence sources.
In Scandinavia, phishing and identity theft are now the most common forms of cybercrime, with Sweden seeing a 31% jump in digital fraud in 2025.
Australia saw a 36% increase in cyber threats, largely through telecom and logistics service providers, in 2025.

Devices Most Vulnerable to Cybercrimes

Desktops and laptops are the most at risk, with 70% vulnerability, making them prime targets for cybercriminals.
Smartphones follow closely behind, with a 61% vulnerability rate, highlighting the risks of mobile access and apps.
Tablets show a 53% vulnerability, often overlooked but equally susceptible to threats.
Both wireless access points and servers/server rooms have a 50% vulnerability, signaling critical infrastructure weaknesses.
Routers and switches are also vulnerable, with a 47% exposure rate, emphasizing the need for secure networking equipment.

Cybercrime Trends by Device and Platform

Mobile devices are now the primary entry point for 29% of cyber attacks in 2025.
Smart TVs and connected home devices are involved in 11% of intrusion attempts in 2025, highlighting risks in IoT ecosystems.
Windows-based systems remain the most exploited OS, accounting for 58% of targeted attacks in 2025.
macOS vulnerabilities are growing, with a 28% increase in exploits year-over-year in 2025.
Linux servers are frequently targeted in DDoS attacks, making up 42% of server-side compromise cases in 2025.
Cloud platforms like AWS, Azure, and Google Cloud saw 17% more breaches than the previous year, driven by misconfigurations and identity theft in 2025.
Gaming platforms experienced a 39% rise in credential stuffing attacks in 2025, with players targeted for digital assets and payment data.
Wearables, such as smartwatches and health trackers, faced 12% more security breaches in 2025, mostly due to data leakage.
VPN services saw an unusual 14% increase in user-targeted phishing attacks, exploiting trust in encrypted networks in 2025.
Social media accounts, especially those on Instagram and TikTok, were victims in 25% of identity theft cases reported in 2025.

Ransomware and Phishing Attacks

Ransomware attacks are expected to impact over 72% of organizations globally at least once in 2025.
Phishing emails remain the top vector for initial compromise, responsible for 39% of all cyber incidents in 2025.
The average downtime from a ransomware attack in 2025 is now 23 days.
Double extortion tactics, where data is both encrypted and threatened for release, were used in 58% of ransomware attacks in 2025.
Email-based phishing campaigns increased by 41% in 2025, targeting sectors from logistics to healthcare.
QR code phishing or “quishing” emerged as a significant threat in 2025, with a 117% increase in incidents over the previous year.
Phishing simulation training reduced employee click-through rates to 6% on average in 2025.
Malicious browser extensions used for phishing grew by 33% in 2025, often disguised as productivity tools.
Whaling attacks targeting executives now make up 9% of phishing campaigns in 2025, a steady increase.
Smishing (SMS phishing) increased by 48% in 2025, especially targeting users in mobile-dominated markets.

Most Attacked Industries by Cybercriminals

Manufacturing tops the list, accounting for nearly 25% of all cyberattacks, making it the most targeted industry overall.
Finance & Insurance follows closely, experiencing around 20% of cyberattacks due to the sensitivity of financial data.
Consumer Businesses are hit with about 15% of attacks, driven by data-rich environments and e-commerce exposure.
The Education sector sees roughly 10% of attacks, often due to weaker infrastructure and open-access systems.
Healthcare is targeted in approximately 7% of cyberattacks, putting critical patient and medical data at risk.

Data Breach Volumes and Records Compromised

Over 6.9 billion records were compromised globally in the first half of 2025.
The largest single breach of 2025 exposed more than 410 million user records from a global social media platform.
Healthcare data continues to be the most compromised, with 28% of breaches affecting this sector in 2025.
Government agencies globally faced 300+ significant breaches in the first five months of 2025.
The average time to detect a data breach in 2025 is 172 days, slightly faster than the previous year’s 196 days.
Misconfigured cloud databases accounted for 34% of data breaches in 2025.
Stolen credentials were the initial attack vector in 42% of breaches reported in 2025.
Insider threats, both malicious and negligent, led to 21% of reported breaches globally in 2025.
Dark web listings for stolen data rose by 26% in 2025, driven by growth in cybercrime marketplaces.
Automated attack bots contributed to 19% of compromised record incidents in 2025, often bypassing basic security protocols.

Rise in Cybercrime-as-a-Service (CaaS)

CaaS marketplaces saw a 37% rise in vendor listings in 2025, offering turnkey hacking kits.
Ransomware-as-a-Service (RaaS) accounted for 58% of ransomware deployments in 2025, with some “affiliates” earning six-figure monthly revenues.
Phishing kits are now available for as little as $20 on dark web forums as of 2025.
Stolen credentials are being sold for an average of $15 per user account in 2025, depending on industry sensitivity.
DDoS-as-a-Service packages offering attacks for under $50/hour have proliferated in 2025.
Zero-day exploits are increasingly offered through subscription models, with listings rising by 44% in 2025.
Cybercrime groups now offer “customer support” and SLAs (service-level agreements), a trend noticed in 2025.
AI-generated phishing tools are becoming a standard feature in kits sold via CaaS channels in 2025.
Remote Access Trojans (RATs) are the top-selling item among CaaS toolkits in 2025, accounting for 34% of sales.
Dark web advertisements for “cybercrime internships” or training bootcamps have surfaced across forums in 2025.

Top Cybersecurity Concerns Among Business Owners

46% of business owners are most worried about GenAI model prompt hacking, as generative AI becomes more integrated into operations.
38% cite Large Language Model (LLM) data poisoning as a major threat, reflecting concerns over compromised AI training data.
37% are alarmed by the rise of Ransomware as a Service, which lowers the barrier for cybercriminals to launch attacks.
26% fear GenAI processing chip attacks, signaling vulnerabilities in the hardware that powers AI technologies.
24% are concerned about API breaches, which can expose sensitive data and disrupt interconnected systems.

Law Enforcement and Cybercrime Arrest Rates

Interpol and Europol coordinated over 160 international cybercrime arrests in the first half of 2025.
The FBI cyber division launched 280+ new investigations into ransomware groups during the first quarter of 2025.
Conviction rates for cybercrime in the US improved to 21% in 2025.
Crypto tracing technologies assisted in recovering over $900 million in ransom payments in 2025.
Global task forces have led to the dismantling of seven major CaaS operations by June 2025.
Cybercrime fugitives arrested in 2025 included operators from six different ransomware gangs, some on international watch lists.
Local law enforcement units in 42 US states now maintain cyber response teams as of 2025.
Public-private partnerships between law enforcement and tech companies expanded by 26% in 2025.
Interpol’s Operation Synergia seized assets worth over $76 million from cybercrime rings in early 2025.
Prosecution challenges continue due to jurisdictional issues, especially for crimes originating from non-extradition countries.

Cyber Security Spending and Protection Measures

Global cybersecurity spending is projected to reach $223 billion in 2025.
Endpoint security investments make up 18% of total security budgets in 2025, driven by mobile and IoT threats.
US federal agencies are expected to spend over $12.6 billion on cyber defense initiatives in 2025.
Zero Trust architecture adoption has reached 60% of enterprise networks globally by 2025.
AI-powered threat detection tools are being used by 54% of organizations in 2025.
Employee cybersecurity training budgets rose by 29% in 2025, with phishing simulation tools being the most funded.
Multi-Factor Authentication (MFA) is now used by 88% of mid to large enterprises as of 2025.
Supply chain cyber risk audits are standard practice in 64% of enterprises in 2025.
Cyber insurance coverage is now carried by 46% of companies with over 500 employees in 2025.
Bug bounty programs distributed more than $87 million in rewards globally in 2025.

Most Challenging Areas to Defend in Cybersecurity

57% of cybersecurity professionals identify mobile devices as the most difficult to protect, due to widespread usage and BYOD policies.
56% find data stored in the public cloud particularly challenging to secure, given its shared infrastructure and dynamic nature.
56% also struggle with monitoring and managing user behavior, which can introduce unpredictable risks and insider threats.

Recent Developments

The first AI-generated ransomware variant emerged in Q1 2025, using machine learning to evade standard detection tools.
Google and Microsoft rolled out AI-driven threat intel platforms across their cloud offerings in 2025.
Meta reported disrupting over 4,300 fake accounts linked to phishing rings in 2025.
Open-source vulnerabilities, like Log4Shell variants, are still being exploited in 2025, accounting for 11% of attacks.
US SEC’s 2025 compliance regulations now mandate near-immediate breach disclosures for public companies.
TikTok and Instagram launched real-time cyber awareness tools in-app as of 2025.
Quantum cryptography pilots began in the banking and defense sectors in 2025.
WhatsApp phishing filters improved dramatically with AI enhancements, cutting abuse reports by 46% in H1 2025.
AI voice spoofing tech caused $70 million in confirmed fraud cases by mid-2025.
Cybersecurity talent gap still exceeds 3.5 million roles globally as of 2025, hampering defense capability in critical sectors.

Conclusion

Cybercrime in 2025 is no longer a niche threat; it’s a systemic global issue touching every aspect of digital life. Whether you’re an individual with a smartphone or a multinational CEO, the statistics tell a clear story: attackers are more aggressive, better funded, and increasingly using AI to scale operations. Staying informed is your first defense. But proactive security investments, education, and international cooperation will ultimately shape how successfully we push back against this digital epidemic.