Reported cybercrime losses surpassed $16.6 billion in 2024, the latest annual report from the FBI’s Internet Crime Complaint Center (IC3) shows.
The reported losses increased 33% compared to 2023, but the number of complaints received by the IC3 was slightly lower in 2024, at nearly 860,000 (compared to over 880,000 the year before). Only 256,000 of last year’s complaints disclosed an actual loss, reads FBI’s report (PDF).
As Exabeam senior director Steve Povolny pointed out in an emailed comment, the reported losses show that cybercrime is no longer a threat, but a “thriving underground economy”.
“At $16.6 billion, cybercrime in 2024 out-earned the US box office, the entire U.S. airline industry’s net profits, and the U.S. recorded music market — combined. Hackers aren’t just stealing data; they’re surpassing the financial scale of major, everyday industries,” Povolny said.
Over the past five years, IC3 received a total of 4.2 million complaints of malicious activity, with the reported losses surpassing $50.5 billion for the timeframe. Since its inception in 2000, the FBI’s hub for reporting cybercrime has received over 9 million complaints.
The largest number of complaints reported phishing or spoofing attacks, with extortion attempts and personal data breaches rounding up the top three list.
Although it was only fifth by the number of received complaints, investment fraud caused the higher losses, at more than $6.57 billion, followed by BEC fraud ($2.77 billion), and tech support scams ($1.46 billion). Personal data breaches resulted in reported losses of more than $1.45 billion.
In 2024, cyber-enabled fraud accounted for almost 83% of all reported losses ($13.7 billion), although it accounted for only 38% of the complaints received by the IC3. Of these, call center scams (cryptocurrency exchange impersonation and tech support) caused $1.9 billion in reported losses.
Cyber threats caused over $1.57 billion in losses last year, accounting for over 260,000 of the received complaints. More than 4,800 complaints came from critical infrastructure organizations.
Ransomware and data breaches were the most reported cyber threats among critical infrastructure entities, with Akira, LockBit, RansomHub, Fog, and Play being the top five reported ransomware families. In 2024, the IC3 identified 67 new ransomware variants.
The FBI’s cybercrime reporting arm received complaints from 200 countries in 2024, with the US leading by far with over 102,000 complaints, followed by Canada with nearly 7,000 and India with more than 4,000 complaints.
“The biggest takeaway from this report is how popular and effective social engineering is as an attack vector. Phishing and extortion being the two most frequent crime types — with a combined 280,000 reported incidents in 2024 — shows that attackers are continuously exploiting human error and vulnerabilities and finding success, rather than technical weaknesses in defense systems,” AttackIQ’s Andrew Costis said in an emailed comment.
Related: 300 Arrested in Crackdown on Cybercrime Rings in Africa
Related: Cybercrime Threatens National Security, Google Threat Intel Team Says
Related: Russian Cybercrime Network Targeted for Sanctions Across US, UK and Australia
Related: Washington Man Admits to Role in Multiple Cybercrime, Fraud Schemes