Cyber Crime Statistics Worldwide: The 2026 Global Picture

Global cybercrime is on track to cost the world $10.5 trillion annually in 2025 according to Cybersecurity Ventures, with the same research firm now forecasting roughly $12.2 trillion by 2031. The pace of victimization is keeping up. In a single year, the FBI Internet Crime Complaint Center fielded 859,532 complaints from the United States alone, with reported losses topping $16.6 billion, a 33% jump on the previous year. The Verizon 2025 Data Breach Investigations Report analyzed more than 22,000 incidents across 139 countries, and found ransomware present in 44% of confirmed breaches. The story of cyber crime in 2026 is no longer regional; it is a coordinated, cross-border industry.

Summary: key worldwide cyber crime statistics at a glance

• $10.5 trillion is the projected annual global cost of cybercrime in 2025, up from $3 trillion in 2015 (Cybersecurity Ventures).
• $16.6 billion in losses were reported to the FBI in 2024 across 859,532 complaints (FBI IC3 2024 Annual Report).
• 22,052 security incidents and 12,195 confirmed breaches were analyzed across 139 countries (Verizon DBIR, 2025).
• 44% of global breaches involved ransomware, up from 32% the prior year (Verizon, 2025).
• 4,875 cyber incidents were observed across the European Union in one 12-month window (ENISA Threat Landscape 2025).
• $9.9 billion was sent to crypto scams in 2024, with pig butchering revenue up 40% year over year (Chainalysis, 2025).
• $6.5 billion was lost to cryptocurrency investment fraud reported to the FBI in 2024 alone (FBI IC3, 2024).
• 204 nationally significant cyber incidents hit the United Kingdom in 12 months, a 130% increase (UK NCSC Annual Review 2025).
• $3 billion in documented cybercrime losses across Africa between 2019 and 2025 (INTERPOL, 2025).
• 80%+ of phishing emails analyzed in late 2024 and early 2025 used AI to some extent (ENISA, 2025).

‍

The global cost of cybercrime

The headline number that defines this category is Cybersecurity Ventures' forecast that global cybercrime damages will hit $10.5 trillion in 2025, a figure the firm has been compounding upward from $3 trillion in 2015 and $6 trillion in 2021. The estimate folds in stolen funds, fraud, productivity loss, intellectual property theft, post-attack remediation, regulatory fines, and reputational harm. To put the figure in scale, if cybercrime were measured as a national economy, it would rank as the third largest in the world, behind only the United States and China.

The growth curve appears to be slowing as the underground economy matures, with the same researchers now suggesting the total could plateau in the $12.2 trillion range by 2031 (Cybersecurity Ventures), implying a more modest 2.5% annual increase from 2026 onward. Whether that plateau holds depends largely on how quickly governments, banks, and platforms can disrupt the cross-border infrastructure that ransomware crews, scam compounds, and crypto launderers depend on.

What the reported numbers actually look like

Underneath the trillion-dollar headline sit the verifiable, government-collected figures that journalists most often cite. The FBI Internet Crime Complaint Center published its 25th annual report covering 2024 and recorded 859,532 complaints with reported losses exceeding $16.6 billion, a 33% increase over 2023. Of those complaints, 256,256 reported an actual financial loss, averaging $19,372 per victim. Cryptocurrency investment fraud was the single most damaging category, with reported losses topping $6.5 billion. Victims over the age of 60 absorbed nearly $5 billion of total losses and filed the largest number of complaints.

In Europe, the ENISA Threat Landscape 2025 analyzed 4,875 incidents between July 2024 and June 2025. Of all cybercrime activity targeting EU organizations, 81.1% involved ransomware and 15.2% involved data breaches. Distributed denial of service attacks accounted for 77% of all incidents, largely driven by hacktivist groups, although only 2% caused actual service disruptions. Public administration was the most targeted sector at 38.5%, with transport (especially maritime and logistics) emerging as a new high-value target.

In the United Kingdom, the NCSC Annual Review 2025 reported 204 nationally significant cyber incidents between September 2024 and August 2025, a 130% increase compared to the previous year. Of 1,727 incident tips received, 429 required NCSC support and 18 were categorized as highly significant. That averages out to four nationally significant cyber attacks every week, a rhythm that has fundamentally changed how UK CISOs plan capacity.

The picture for the Global South is harder to capture but no less consequential. The INTERPOL 2025 Africa Cyberthreat Assessment documented an estimated $3 billion in financial losses from cybercrime across the African continent between 2019 and 2025. Two-thirds of INTERPOL's surveyed African member states reported that cyber-related crime now accounts for a medium-to-high share of all reported crimes, rising to 30% in Western and Eastern Africa. Online scams (phishing in particular) topped the list, followed by ransomware, business email compromise, and digital sextortion. Sixty percent of African member countries reported an increase in digital sextortion, much of it now powered by AI-generated images.

Where worldwide cyber crime originates

Attribution is messy, but two reference points hold up across most credible analyses. The UK NCSC assesses that the greatest nation-state-sponsored cyber threats to the UK and its allies continue to emanate from China, Russia, Iran, and North Korea, with state-aligned actors increasingly blurring into financially motivated cybercrime crews. The Flax Typhoon botnet, exposed in 2024, was operated by a China-linked company called Integrity Technology Group and at one point controlled more than 260,000 compromised devices around the world.

On the criminal-enterprise side, the Europol 2025 Internet Organised Crime Threat Assessment (IOCTA) describes a mature, vertically integrated black market in which initial access brokers sell entry points to compromised networks, then resell those credentials to ransomware affiliates, fraud crews, and data resellers. The same Europol report warns that generative AI is rapidly lowering the skill floor for cybercrime, with large language models now routinely used to draft phishing lures, automate fraud conversations, and translate scams across languages. AI, encryption, and crypto, in Europol's framing, are the three forces driving the next wave of global cybercrime.

Crypto crime, pig butchering, and the scam economy

Few categories illustrate the cross-border character of modern cyber crime better than crypto-enabled scams. Chainalysis detected at least $9.9 billion sent to scam wallets in 2024, a number the firm expects to climb to $12.4 billion as additional illicit addresses are identified. Pig butchering scams, also known as romance baiting, drove much of that volume. Revenue from pig butchering operations grew almost 40% year over year, and the number of deposits into those scams rose more than 200%, even as the average deposit size fell roughly 55%. The drop in deposit size signals industrial-scale targeting: more victims, smaller individual losses, harder to investigate one by one.

The broader crypto crime picture, as captured by Chainalysis 2025 Crypto Crime Trends, shows roughly $40 billion in confirmed illicit crypto volume in 2024, with the eventual total likely to settle near $51 billion once historical patterns are applied. Illicit activity made up 0.14% of all on-chain volume, down from 0.61% the prior year, a sign that legitimate use is scaling faster than crime even as the absolute dollars stolen continue to grow. Pig butchering scam compounds across Southeast Asia, many run by trafficked workers, sit at the center of the laundering pipeline.

The fraud type with the deepest reach into ordinary household finances is investment fraud, where US victims alone lost $6.5 billion in 2024 according to the FBI IC3. Combined with $2.9 billion in business email compromise losses and the $5 billion absorbed by older victims, internet-enabled fraud is now a primary driver of consumer harm at scale.

Ransomware and the data resale market

Ransomware-as-a-service has matured into a global supply chain. The Verizon 2025 DBIR found ransomware present in 44% of breaches worldwide, up from 32% the prior year. The disparity by company size is striking: ransomware was a factor in 39% of large-enterprise breaches but in 88% of small and mid-size business breaches. That asymmetry reflects affiliate economics. SMBs offer faster payouts and fewer specialized defenders, so volume-driven ransomware affiliates concentrate there.

The Verizon dataset also shows that the median ransom payment fell to $115,000 in 2024 (from $150,000), and 64% of victim organizations refused to pay, versus 50% two years ago. That refusal rate is meaningful for 2026 forecasting because it constrains affiliate revenue and forces more crews into bulk extortion of small targets. On the data side, the Europol IOCTA 2025 documented a thriving secondary market for stolen credentials and personally identifiable data, where ransomware crews now monetize a single intrusion across multiple channels: extortion payment, data resale on cybercrime forums, and downstream account takeover.

Third-party access is the most consequential structural change in this year's breach data. Verizon's third-party involvement metric doubled to 30% in the 2025 report, a jump that reframes vendor risk management as one of the highest-leverage controls IT teams can apply going into 2026. Vulnerability exploitation as an initial access vector surged 34% globally as well (Verizon, 2025), reflecting how quickly criminal crews now weaponize newly disclosed CVEs.

Country-level victimization and the cross-border picture

Reported losses cluster heavily in the largest digital economies, but per-capita victimization tells a different story. The FBI IC3 figures cover the United States, the United Kingdom, Canada, India, and Australia among the top complaint origins, with the US accounting for the bulk of dollar losses. The ENISA figures show Germany, France, Italy, and Spain absorbing the bulk of EU cyber incident volume, with Eastern European member states facing disproportionate hacktivist DDoS pressure tied to the war in Ukraine.

Beyond raw totals, Europol's IOCTA 2025 highlights that 79.4% of EU-tracked cyber incidents in the latest period were ideology-driven, primarily hacktivist DDoS campaigns, while 13.4% were financially motivated and 7.2% linked to state-aligned cyberespionage. That mix is the inverse of the US picture, where financially motivated fraud dominates IC3 reporting. The implication for multinational organizations is straightforward: regional threat models do not transfer cleanly, and a global compliance posture has to account for both motive profiles.

Emerging trends and what is new in 2026

The defining shift in worldwide cyber crime data for 2026 is the operationalization of artificial intelligence on the offensive side. ENISA reported that over 80% of phishing emails analyzed between September 2024 and February 2025 used AI to some extent, whether to draft the lure, personalize it, or translate it across languages. The Europol IOCTA 2025 echoes the finding, describing AI, encryption, and crypto as the three accelerants powering the next wave of global cybercrime.

A second 2026 signal is the explosive growth of digital sextortion, particularly outside the United States. INTERPOL reported that 60% of surveyed African member countries saw a rise in digital sextortion in 2025, often involving AI-generated explicit content used to coerce payment. Asia has seen similar growth, with INTERPOL also flagging residential proxy services as a new threat vector enabling scam compounds to mask their true origin.

A third trend is the industrialization of the data resale market. The Europol IOCTA 2025 devoted its 2025 edition to mapping the underground economy in stolen data, where credentials, identity documents, financial records, and access tokens trade in structured marketplaces. The economic logic is now simple: a single intrusion can be monetized three or four times across ransomware payment, data resale, account takeover, and follow-on fraud. That changes the calculus for any organization considering whether early containment is worth the operational pain.

Finally, the gap between attacker tempo and defender capacity continues to widen. The UK NCSC bluntly states that the United Kingdom is now experiencing four nationally significant cyber attacks every week and that the gap between threat volume and national defensive capacity is growing. That assessment, from one of the most resourced cyber agencies in the world, sets a sobering baseline for what smaller national teams and private-sector defenders face going into 2026.

For broader context on the trends above, see our cyber crime statistics and data breach statistics roundups.

How swif.ai helps reduce worldwide cyber crime exposure

swif.ai gives IT and security teams a single console to enforce device, identity, and compliance controls across the macOS, Windows, and Linux endpoints behind the numbers above. Explore swif.ai unified endpoint management to see how it works.