Cybercrime hit a new high in 2024, with reported losses soaring past $16.6 billion, according to the FBI’s latest report from its Internet Crime Complaint Center (IC3). That’s a 33% increase over 2023, despite a slight drop in the number of complaints filed.

Let’s put that number into perspective: cybercriminals in 2024 out-earned the U.S. box office, the airline industry’s net profits, and the entire recorded music market — combined.

This isn’t just a threat anymore. It’s a full-blown underground economy.

---

By the Numbers: A Record-Breaking Year

Here’s what stood out in the IC3’s 2024 report:

• Total complaints: Nearly 860,000 (down slightly from 880,000 in 2023)
• Complaints with financial losses: 256,000
• Total reported losses: $16.6 billion
• Total losses over past five years: $50.5 billion
• Top countries for complaints:
  • United States: 102,000+
  • Canada: ~7,000
  • India: ~4,000

The data makes it clear: the scale and impact of cybercrime are expanding — fast.

---

Which Attacks Are Costing Us the Most?

While phishing and spoofing topped the list in terms of frequency, it’s investment fraud that caused the most financial damage, accounting for $6.57 billion in reported losses.

Here’s a breakdown of the top loss categories:

• Investment fraud: $6.57B
• Business Email Compromise (BEC): $2.77B
• Tech support scams: $1.46B
• Personal data breaches: $1.45B

The report also noted that cyber-enabled fraud (scams using digital communication) accounted for 83% of total losses — showing how effective social engineering continues to be.

---

What’s Driving the Increase?

According to experts, the biggest factor is simple: people are still the easiest targets.

“Phishing and extortion being the two most frequent crime types — with a combined 280,000 incidents in 2024 — shows that attackers are continuously exploiting human error rather than technical weaknesses,” said Andrew Costis, from AttackIQ.

Add in increasingly realistic phishing lures, impersonation scams, and AI-generated messages, and it’s easy to see why attackers are doubling down on human-centric attacks.

---

Critical Infrastructure Also in the Crosshairs

It’s not just consumers and small businesses being targeted. In 2024, more than 4,800 complaints came from critical infrastructure organizations — including sectors like energy, healthcare, and manufacturing.

The top cyber threats in this space?

• Ransomware (with 67 new variants reported)
• Data breaches

The most active ransomware families included Akira, LockBit, RansomHub, Fog, and Play.

---

What IT and Security Teams Need to Focus On

The data paints a clear picture — dollars lost to cybercrime are rising faster than our defenses are improving. But this doesn’t mean we’re powerless. It means we need to shift focus from just building higher walls to understanding where attackers are actually succeeding.

Key takeaways for defenders:

• Double down on employee training: Especially around phishing, social engineering, and impersonation scams.
• Prioritize email security: BEC alone accounted for nearly $3 billion in losses.
• Monitor and validate outbound communications: Particularly for payment requests and financial transactions.
• Update incident response plans: Include scenarios for investment fraud, ransomware, and personal data breaches.
• Audit third-party relationships: Many scams leverage compromised or impersonated vendors.