Cybercrime To Cost The World $9.5 Trillion USD Annually In 2024

It is estimated that the global cost of cybercrime will reach $9.5 trillion USD in 2024, according to Cybersecurity Ventures. If cybercrime were considered a nation, it would become the world’s third-largest economy, following the United States and China.

This estimate forecasts a 15 percent annual increase in global cybercrime costs over the next two years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015. This projection is based on historical data, the significant rise in nation-state-sponsored and organized cybercrime activities, and the anticipated substantial expansion of the cyberattack surface by 2025.

Cybercrime expenses encompass a wide range of damage, including data loss, stolen funds, lost productivity, intellectual property theft, personal and financial data theft, fraud, post-attack disruptions, forensic investigations, data and system restoration, reputation damage, legal expenses, and potential regulatory fines.

The proliferation of mobile devices, cloud services, the Internet of Things (IoT), and remote technologies has transformed how both consumers and businesses use technology. While this has fostered innovation and global business partnerships, it has also led to a significant increase in the digital attack surface.

Recent insights from the Allianz Risk Barometer, incorporating the views of over 2,700 risk management professionals from 94 countries and territories, indicate that cyber incidents are now the top cause of business disruption, concerning 45 percent of experts. This surpasses concerns related to natural disasters or energy issues.

A breakdown of the projected global cybercrime damage costs for 2024:

• $9.5 trillion USD per year
• $793 billion USD per month
• $182.5 billion USD per week
• $26 billion USD per day
• $1 billion USD per hour
• $18 million USD per minute
• $302,000 USD per second

The rising threat of ransomware, one of the most destructive forms of malware, has garnered significant attention. The U.S. government has classified ransomware as a top security threat, calling for a comprehensive approach to combat it.

Ransomware operators, such as Alphv, Hive, Conti, and LockBit, have even started offering Ransomware-as-a-Service (RaaS) to other criminal groups, providing access to advanced ransomware suites. Ransomware attacks target consumers through phishing campaigns, malicious email attachments, and drive-by downloads, while organizations face more complex attack vectors.

The expected annual cost of ransomware attacks is projected to reach $265 billion USD by 2031, up from $42 billion in 2024 and $20 billion in 2021. This forecast is based on a 30 percent year-over-year growth in damage costs over the next decade.

Several high-impact ransomware attacks in 2023 include MGM Resorts, Caesar’s Entertainment, MOVEit, Royal Mail, Capita, and the City of Dallas, demonstrating the diverse range of targets. These attacks have prompted organizations to pay substantial ransoms to avoid disruption, leading to a double-extortion strategy where data is stolen before being encrypted.

The use of cryptocurrencies has added a new dimension to cybercrime, with threat actors exploiting decentralized finance services and the ease of cryptocurrency transactions for criminal purposes. This includes rug pulls, exit scams, and pump-and-dump schemes, as well as investment scams targeting individuals.

Cybersecurity Ventures predicts that cryptocurrency-related crimes will cost the world $30 billion USD in 2025, almost double the $17.5 billion USD lost in 2021. Cryptocrime losses are projected to grow by 15 percent annually.

Notable cryptocurrency-related attacks in 2023 include those on Atomic Wallet, Euler Finance, Bitrue, Deus Finance, Multichain, and Stake. The rise of such incidents has also led to the arrest, prosecution, and sentencing of numerous cryptocriminals.

Cybercrime is a global issue, affecting various sectors and industries, including government services, utilities, consumer goods, and private enterprises. The Allianz Risk Barometer found that cyber incidents rank among the top perils faced by 19 countries. Geopolitical shifts and conflicts can elevate the risk of cyberattacks on a national level.

Small and mid-sized businesses (SMBs) are particularly vulnerable to cyberattacks, with more than half of all cyberattacks targeting them. Approximately 60 percent of SMBs go out of business within six months of experiencing a data breach.

The demand for skilled cybersecurity professionals is growing rapidly. The number of unfilled cybersecurity jobs worldwide has increased from one million in 2013 to 3.5 million in 2021. Despite industry efforts to close the skills gap, there are still around 3.5 million open positions in 2023, with approximately 750,000 of these in the United States.

To address this issue, companies are launching training and upskilling programs to bridge the cybersecurity skills gap. Prominent technology companies, including Microsoft, Google, and IBM, have pledged substantial investments in training and education to cultivate the next generation of cybersecurity talent.

However, the demand for experienced cybersecurity professionals remains high. Women and underrepresented groups represent an untapped resource in the field of cybersecurity, as diversity of talent can enhance defense strategies. While the number of cybersecurity positions is increasing, recruiting qualified candidates with the necessary experience remains a challenge.

As a result, cybersecurity leaders and organizations need to actively build cyber resilience and prioritize risk-based cybersecurity measures. With the evolving threat landscape and the increasing complexity of cyberattacks, a multi-layered security strategy, continuous vulnerability management, employee training, and 24/7 monitoring are vital to safeguarding businesses and minimizing the financial consequences of cybercrime.