Cybercrime statistics

Looking at the total breaches in 2022, we see that 87.3% of our analyzed countries have breach densities lower than the global average (50 leaked email accounts per 1,000 internet users). This shows that hackers target some countries more than others.

One country — Russia — especially stands out, with nearly 17 times more leaked email accounts than the global average. To put this into perspective, 8 out of 10 Russian internet users were breached in 2022. France is second, with 3 out of 10 users breached.

In general, we see that hackers target developing countries a lot less often:

• On a continental level, the lowest breached email account rates are in Africa, with 4, and Asia, with 23 breached accounts per 1,000 internet users.
• Europe has the highest breach rates: 1 in 5 European internet users got breached in 2022. This number is over 4 times higher than the global average. Oceania comes second with 1 in 8 internet users breached.

For the third year in a row this decade, the U.K. tops the cybercrime density list with 4,371 victims per 1M internet users (albeit with an 8.6% drop compared to 2021). In fact, the top 4 are the same as the year before, with the U.S., Canada, and Australia comprising the rest. While neither of the ten countries saw sizable increases in cybercrime victims, the U.S. reported the highest one of around 8%. In contrast, four countries saw decreases of over 10%, with Greece experiencing the most-significant one of around 25%.

There is a great disparity in the types of cybercrimes that commonly affect people. For example, phishing continues to be the most common cybercrime for the third year in a row this decade. In 2022, there were a total of 300,497 phishing victims. Or in other words, every second individual that fell for an online crime fell for a phishing attack.

However, each cybercrime comes at a different cost. Phishing victims, on average, lost the least amount of money ($173 per victim), while people that fell victim to investment fraud lost the most ($108,479 per victim).

Another good example is SIM swapping which made an appearance in the Internet Crime Report for the first time. 2,026 victims reported having been targeted in 2022, resulting in a total of $72.7M in financial losses from the crime. This comes out to an average of $35,860 in losses per victim — one of the highest numbers on the list.

Cybercrime is constantly on the rise. Since 2001, the online crime victim count has increased by 16 times (from 6 to 91 victims every hour), and financial losses have grown over 570 times (from $2,000 to nearly $1.2 million losses per hour). In total, cybercrime claimed at least 7,303,267 victims and $36.4 billion in losses over the 22-year period.

We also see that cybercrime rates go in tandem with global events:

• 2009, the year after The Great Recession, resulted in a 115% increase in financial losses (from $260M in 2008 to $560M in 2009) to cybercrimes.
• In 2020, the first year of the COVID-19 pandemic, cybercrime victim count grew by 69% compared to 2019 (from 467K to 792K cybercrime victims per year). This was the highest cybercrime victim growth recorded since 2001.
• With prices soaring and inflation peaking in most parts of the world in 2022, the year also saw an all-time high of $10.3 billion in financial losses from cybercrime — a nearly 50% growth from the $6.9 billion seen in 2021. The $3.4 billion increase in yearly losses was the highest recorded this century.

The 30 to 39 age group became the most affected by cybercrime for the first time since 2015. The group saw the highest year-over-year increase (nearly 7%) in cybercrime victims, the number growing from 88.4k in 2021 to 94.5k in 2022. The FBI reported an unprecedented increase in the number of people affected by crypto-investment scams over this period, possibly contributing to the trend since the 30 to 39 age group was among the most affected.

Prior to 2022, seniors (over 60) had been generally the most vulnerable to cybercrime. The group reported the highest number of victims between 2016 (55k) and 2021 (92.4k). Although 2022 saw a decrease of around 4% in victims aged 60+, placing the group’s total of 88.3k in second.

Historically, the group most resilient to cybercrimes was always people under 20 years old. The group reported the least victims every year since 2015 (10.4k). However, the under-twenties saw the second-highest yearly increase (nearly 6%) in cybercrime victims, from 14.9k in 2021 to 15.8k in 2022.