Key Takeaways
- In 2023, the FBI's Internet Crime Complaint Center (IC3) received 880,418 complaints of cyber crime with total reported losses exceeding $12.5 billion USD.
- Business Email Compromise (BEC) scams caused $2.9 billion in losses in 2023 according to the FBI IC3 report.
- Investment fraud complaints rose to 69,000 in 2023 with losses of $4.57 billion as per FBI IC3 data.
- In 2023, over 300 million personal records were exposed in data breaches worldwide per Surfshark.
- MOVEit breach in 2023 affected 62 million individuals per HHS.
- Change Healthcare breach exposed 1/3 of Americans' health data in 2024 per HHS.
- Ransomware groups claimed 2,000 victims in 2023 per SOCRadar.
- LockBit claimed 2,539 victims in 2023 per Group-IB.
- Conti ransomware disbanded after infecting 1,773 organizations per Elliptic.
- Phishing emails rose 58% to 3.4 billion in 2023 per APWG.
- 300,000 phishing sites detected daily in 2023 per APWG.
- Smishing attacks up 47% in 2023 to 1.6 million per Zimperium.
- Global DDoS attacks surged 118% to 9.5 million in 2023 per Cloudflare.
- Cyber attacks on IoT devices up 107% in 2023 per SonicWall.
- AI-powered cyber attacks increased 50% in 2023 per Darktrace.
Cyber crime cost over $12 billion in damages last year alone.
Data Breaches
- In 2023, over 300 million personal records were exposed in data breaches worldwide per Surfshark.
- MOVEit breach in 2023 affected 62 million individuals per HHS.
- Change Healthcare breach exposed 1/3 of Americans' health data in 2024 per HHS.
- Equifax breach in 2017 exposed 147 million SSNs per FTC.
- Yahoo's 2013 breach affected 3 billion accounts per SEC filing.
- Marriott Starwood breach 2018-2020 exposed 383 million guest records per company notice.
- Capital One breach 2019 affected 106 million customers per AWS announcement.
- Twitter (X) breach 2022 exposed 200 million email addresses per Have I Been Pwned.
- Optus Australia breach 2022 leaked 10 million customer records per OAIC.
- Uber breach 2022 exposed 57 million user data per company blog.
- LinkedIn scraped 700 million user data in 2021 per Cybernews.
- T-Mobile 2021 breach affected 54 million customers per FCC fine.
- Sony Pictures 2014 breach leaked 47,000 SSNs and emails per FBI.
- Anthem breach 2015 exposed 78.8 million health records per HHS.
- eBay 2014 breach compromised 145 million user credentials per company.
- Adobe 2013 breach leaked 153 million user records per Krebs.
- LastPass 2022 breach exposed encrypted vaults of 30 million users per company.
- Snowflake breaches 2024 affected 165 organizations with millions of records per Mandiant.
- MGM Resorts 2024 breach cost $100 million and exposed guest data per SEC filing.
- Ascension Health 2024 ransomware breach disrupted services for millions per HHS.
- CrowdStrike outage 2024 not a breach but affected 8.5 million devices per company.
- AT&T 2024 breach leaked 109 million call records per company notice.
- National Public Data breach 2024 exposed 2.9 billion records per ClassAction.org.
- Change Healthcare 2024 breach impacted 190 million claims per UnitedHealth.
- Verizon DBIR 2024 notes 68% of breaches involve human element per Verizon.
- 5,200 data breaches reported in US 2023 per ITRC.
- Healthcare sector saw 540 major breaches in 2023 exposing 113 million records per HHS.
- Retail breaches averaged 15 million records exposed per incident in 2023 per IBM.
Data Breaches Interpretation
Emerging Threats and Trends
- Global DDoS attacks surged 118% to 9.5 million in 2023 per Cloudflare.
- Cyber attacks on IoT devices up 107% in 2023 per SonicWall.
- AI-powered cyber attacks increased 50% in 2023 per Darktrace.
- Deepfake incidents rose 550% in 2023 per Sumsub.
- Supply chain attacks up 42% in 2023 per ENISA.
- Zero-day exploits used in 25% of attacks per Google TAG.
- Cryptocurrency thefts totaled $3.7 billion in 2023 per Chainalysis.
- Nation-state attacks doubled to 40 per Mandiant M-Trends 2024.
- Mobile malware samples hit 12.7 million in 2023 per Kaspersky.
- OT/ICS attacks up 50% in 2023 per Dragos.
- Cloud misconfigurations caused 20% of breaches per Palo Alto.
- Generative AI misuse in attacks up 300% per CrowdStrike.
- 75% of orgs expect AI to change cyber threats per Gartner.
- Infostealer malware infections 300 million in 2023 per SpyCloud.
- Quantum computing threats to encryption by 2030 per NIST.
- 5G networks saw 15% attack increase per GSMA.
- Ransomware-as-a-Service groups grew to 150 in 2023 per SOCRadar.
- Insider threats up 44% in 2023 per Gartner.
- Cyber espionage campaigns 30% rise per Microsoft.
- Edge computing attacks projected 2x by 2025 per IDC.
Emerging Threats and Trends Interpretation
Financial Losses
- In 2023, the FBI's Internet Crime Complaint Center (IC3) received 880,418 complaints of cyber crime with total reported losses exceeding $12.5 billion USD.
- Business Email Compromise (BEC) scams caused $2.9 billion in losses in 2023 according to the FBI IC3 report.
- Investment fraud complaints rose to 69,000 in 2023 with losses of $4.57 billion as per FBI IC3 data.
- Cryptocurrency investment scams led to $4.57 billion in losses from 69,000 complaints in 2023 per FBI.
- Elder fraud complaints totaled 101,066 in 2023 with $3.4 billion losses reported to IC3.
- Global cybercrime costs are projected to reach $10.5 trillion annually by 2025 according to Cybersecurity Ventures.
- Ransomware damage costs are expected to hit $265 billion annually by 2031 per Cybersecurity Ventures.
- Average cost of a data breach in 2023 was $4.45 million according to IBM Cost of a Data Breach Report.
- Phishing attacks cost businesses an average of $4.91 million per incident in 2023 per Proofpoint.
- BEC attacks resulted in $43 billion global losses from 2016 to 2021 per FBI estimates.
- Tech support scams caused $862 million in losses in 2022 per FBI IC3.
- Romance scams led to $1.3 billion in losses from 70,000+ complaints in 2022 FBI data.
- Global cyber fraud losses reached $6 trillion in 2021 per Nilson Report.
- Average ransomware payment in 2023 was $1.54 million per Coveware report.
- U.S. businesses lost $5.1 billion to cybercrime in 2022 per Statista.
- Online shopping fraud losses hit $48 billion globally in 2023 per Juniper Research.
- Wire transfer fraud caused $1.8 billion losses in 2023 FBI IC3.
- Credit card fraud losses worldwide were $33 billion in 2022 per Nilson.
- Corporate account takeover losses averaged $140,000 per incident per FBI.
- Global cost of cybercrime expected to be $8 trillion in 2023 per Cybersecurity Ventures.
- Smishing attacks cost $1.5 million average per organization in 2023 per Proofpoint.
- Check fraud losses reached $20 billion in 2023 per ABA.
- Insurance claims for cyber incidents cost $2.5 billion in 2022 per Munich Re.
- Dark web data sales generated $1.5 billion revenue in 2023 per Recorded Future.
- Vishing scams led to $300 million losses in 2023 per FTC.
- Global ATM jackpotting fraud losses $50 million in 2022 per ATMIA.
- Payroll diversion fraud cost $250 million in 2023 per FBI.
- Cryptojacking revenue reached $2 billion in 2023 per Chainalysis.
- Merchant POS fraud losses $10 billion annually per LexisNexis.
- Average BEC loss per victim $120,000 in 2023 per FBI IC3.
Financial Losses Interpretation
Phishing Attacks
- Phishing emails rose 58% to 3.4 billion in 2023 per APWG.
- 300,000 phishing sites detected daily in 2023 per APWG.
- Smishing attacks up 47% in 2023 to 1.6 million per Zimperium.
- 84% of orgs faced phishing in 2023 per Proofpoint.
- BEC phishing caused 21,439 complaints with $2.9B losses in 2023 FBI.
- Vishing incidents up 168% in 2023 per Group-IB.
- 90% of data breaches start with phishing per Verizon DBIR 2024.
- Microsoft detected 2.3 billion phishing attempts daily in 2023 per DART.
- Spear-phishing success rate 71% vs 5% generic per Proofpoint.
- QR code phishing (quishing) up 51% in 2023 per KnowBe4.
- 1 in 5 users click phishing links per Google.
- Malicious SMS messages hit 12 billion in 2023 per GlobalSign.
- 36% of BEC attacks via phone per FBI 2023.
- Phishing kits sold on dark web for $50 average per Recorded Future.
- 4.7 million phishing-related complaints to IC3 in 2023 per FBI.
- Evilginx2 phishing framework used in 40% attacks per Netcraft.
- Brand impersonation in phishing up 59% in 2023 per Proofpoint.
- 98% of attacks rely on phishing per Egress.
- Average phishing email click time 1 minute per KnowBe4.
- 79% of orgs hit by credential phishing in 2023 per Verizon.
- WhatsApp phishing scams up 280% in 2023 per Kaspersky.
- 1.2 billion login credentials exposed via phishing in 2023 per SpyCloud.
- AI-generated phishing emails up 1,265% in 2023 per SlashNext.
Phishing Attacks Interpretation
Ransomware Incidents
- Ransomware groups claimed 2,000 victims in 2023 per SOCRadar.
- LockBit claimed 2,539 victims in 2023 per Group-IB.
- Conti ransomware disbanded after infecting 1,773 organizations per Elliptic.
- Cl0p exploited MOVEit vulnerability affecting 1,000+ orgs in 2023 per CISA.
- ALPHV/BlackCat extorted $300 million before FBI disruption in 2024 per DOJ.
- Akira ransomware hit 123 victims in Q1 2024 per Emsisoft.
- LockBit 3.0 used in 62% of ransomware attacks in 2023 per Sophos.
- Medusa ransomware emerged in 2023 claiming 60+ high-profile victims per Cyble.
- Rhysida hit 100+ orgs including hospitals in 2023 per CISA.
- Hive ransomware disrupted by FBI affecting 1,500+ victims per DOJ.
- REvil shut down after 400+ attacks costing $200 million per Chainalysis.
- DarkSide Colonial Pipeline attack 2021 led to $4.4 million ransom payment per DOJ.
- JBS meatpacking 2021 paid $11 million ransom after attack per company.
- Ireland HSE health service 2021 Conti attack disrupted services for weeks per HIQA.
- Costa Rica government 2022 Conti siege led to state of emergency per Reuters.
- Change Healthcare 2024 ALPHV attack disrupted US prescriptions per HHS.
- French hospital 2021 Ryuk attack caused patient death per Le Monde.
- Universal Health Services 2020 Ryuk hit 400 facilities per company.
- Ascension 2024 ransomware disrupted 140 hospitals per Becker's.
- CDK Global 2024 attack crippled 15,000 car dealers per Reuters.
- 236.1 million ransomware attacks in 2022 per Check Point.
- Q3 2023 saw 140 new ransomware groups per Cyble.
- 66% of orgs hit by ransomware in 2023 paid per Sophos.
Ransomware Incidents Interpretation
Sources & References
- Reference 1IC3ic3.govVisit source
- Reference 2CYBERSECURITYVENTUREScybersecurityventures.comVisit source
- Reference 3IBMibm.comVisit source
- Reference 4PROOFPOINTproofpoint.comVisit source
- Reference 5NILSONREPORTnilsonreport.comVisit source
- Reference 6COVEWAREcoveware.comVisit source
- Reference 7STATISTAstatista.comVisit source
- Reference 8JUNIPERRESEARCHjuniperresearch.comVisit source
- Reference 9ABAaba.comVisit source
- Reference 10MUNICHREmunichre.comVisit source
- Reference 11RECORDEDFUTURErecordedfuture.comVisit source
- Reference 12FTCftc.govVisit source
- Reference 13ATMIAatmia.comVisit source
- Reference 14CHAINALYSISchainalysis.comVisit source
- Reference 15RISKrisk.lexisnexis.comVisit source
- Reference 16SURFSHARKsurfshark.comVisit source
- Reference 17HHShhs.govVisit source
- Reference 18SECsec.govVisit source
- Reference 19NEWSnews.marriott.comVisit source
- Reference 20CAPITALONEcapitalone.comVisit source
- Reference 21HAVEIBEENPWNEDhaveibeenpwned.comVisit source
- Reference 22OAICoaic.gov.auVisit source
- Reference 23UBERuber.comVisit source
- Reference 24CYBERNEWScybernews.comVisit source
- Reference 25FCCfcc.govVisit source
- Reference 26FBIfbi.govVisit source
- Reference 27EBAYINCebayinc.comVisit source
- Reference 28KREBSONSECURITYkrebsonsecurity.comVisit source
- Reference 29BLOGblog.lastpass.comVisit source
- Reference 30CLOUDcloud.google.comVisit source
- Reference 31CROWDSTRIKEcrowdstrike.comVisit source
- Reference 32ABOUTabout.att.comVisit source
- Reference 33CLASSACTIONclassaction.orgVisit source
- Reference 34UNITEDHEALTHGROUPunitedhealthgroup.comVisit source
- Reference 35VERIZONverizon.comVisit source
- Reference 36IDTHEFTCENTERidtheftcenter.orgVisit source
- Reference 37SOCRADARsocradar.ioVisit source
- Reference 38GROUP-IBgroup-ib.comVisit source
- Reference 39ELLIPTICelliptic.coVisit source
- Reference 40CISAcisa.govVisit source
- Reference 41JUSTICEjustice.govVisit source
- Reference 42EMSISOFTemsisoft.comVisit source
- Reference 43SOPHOSsophos.comVisit source
- Reference 44CYBLEcyble.comVisit source
- Reference 45BLOGblog.chainalysis.comVisit source
- Reference 46INVESTORSinvestors.jbsfoodsgroup.comVisit source
- Reference 47HIQAhiqa.ieVisit source
- Reference 48REUTERSreuters.comVisit source
- Reference 49LEMONDElemonde.frVisit source
- Reference 50UHSINCuhsinc.comVisit source
- Reference 51BECKERSHOSPITALREVIEWbeckershospitalreview.comVisit source
- Reference 52RESEARCHresearch.checkpoint.comVisit source
- Reference 53DOCSdocs.apwg.orgVisit source
- Reference 54ZIMPERIUMzimperium.comVisit source
- Reference 55MICROSOFTmicrosoft.comVisit source
- Reference 56KNOWBE4knowbe4.comVisit source
- Reference 57BLOGblog.googleVisit source
- Reference 58GLOBALSIGNglobalsign.comVisit source
- Reference 59NETCRAFTnetcraft.comVisit source
- Reference 60EGRESSegress.comVisit source
- Reference 61KASPERSKYkaspersky.comVisit source
- Reference 62SPYCLOUDspycloud.comVisit source
- Reference 63SLASHNEXTslashnext.comVisit source
- Reference 64BLOGblog.cloudflare.comVisit source
- Reference 65SONICWALLsonicwall.comVisit source
- Reference 66DARKTRACEdarktrace.comVisit source
- Reference 67SUMSUBsumsub.comVisit source
- Reference 68ENISAenisa.europa.euVisit source
- Reference 69MANDIANTmandiant.comVisit source
- Reference 70SECURELISTsecurelist.comVisit source
- Reference 71DRAGOSdragos.comVisit source
- Reference 72PALOALTONETWORKSpaloaltonetworks.comVisit source
- Reference 73GARTNERgartner.comVisit source
- Reference 74NISTnist.govVisit source
- Reference 75GSMAgsma.comVisit source
- Reference 76IDCidc.comVisit source






