Search the siteThis website aag‐it.com/the‐latest‐cyber‐crime‐statistics/ is currently offline.
Cloudflare's Always Online™ shows a snapshot of this web page from the
Internet Archive's Wayback Machine. To check for the live version, click Refresh.
Refresh
Menu
Business • Security
The Latest 2023 Cyber Crime
Statistics (updated June 2023)
As an experienced provider of IT Support Services,
we have created this essential guide. See how
cyber security has adapted to an ever-changing
threat landscape with the latest cyber crime
statistics, updated for June 2023.
02.06.23 • Charles Griffiths
We use cookies on our website to
give you the most relevant
experience by remembering your
preferences and repeat visits. By
clicking “Accept”, you consent to the
use of ALL the cookies. Read More
Cookie Settings
Accept
Headline Cyber Crime Statistics
Nearly 1 billion emails were exposed in a single year,
affecting 1 in 5 internet users.
Data breaches cost businesses an average of $4.35
million in 2022.
Around 236.1 million ransomware attacks occurred
globally in the first half of 2022.
1 in 2 American internet users had their accounts
breached in 2021.
39% of UK businesses reported suffering a cyber
attack in 2022.
Around 1 in 10 US organisations have no insurance
against cyber attacks.
53.35 million US citizens were affected by cyber crime
in the first half of 2022.
Cyber crime cost UK businesses an average of £4200
in 2022.
In 2020, malware attacks increased by 358%
compared to 2019.
The most common cyber threat facing businesses
and individuals is phishing.
Cyber Crime Overview
The global cyber security landscape has seen increased
threats in recent years. Through the pandemic, cyber
criminals took advantage of misaligned networks as
businesses moved to remote work environments. In
2020, malware attacks increased 358% compared to
2019.
From here, cyber attacks globally increased by 125%
through 2021, and increasing volumes of cyber attacks
continued to threaten businesses and individuals in
2022.
Russia’s invasion of Ukraine has had a massive impact
on the cyber threat landscape. Since the start of the
war, Russian-based phishing attacks against email
addresses of European and US-based businesses have
increased 8-fold. Nearly 3.6 million Russian internet users
have also experienced breaches in the first quarter of
2022, an 11% increase quarter-on-quarter.
To help protect Ukrainian critical infrastructure against
Russian attacks, the UK launched the ‘Ukraine Cyber
Programme’ in 2022. The UK mobilised an initial £6.35
million package in response to increased Russian cyber
activity immediately following the Ukraine invasion. This
programme provides incidence response to protect
Ukraine Government entities against attacks, as well as
DDoS protection so Ukrainian citizens can still access
critical information and firewalls to block attacks.
Phishing remains the most common form of crime
committed online. In 2021, 323,972 internet users
reportedly fell victim to phishing attacks. This means half
of the users who suffered a data breach fell for a
phishing attack. During the height of the pandemic,
phishing incidents rose by 220%.
2021 saw nearly 1 billion emails exposed, affecting 1 in 5
internet users. This may partly explain the continued
prevalence of phishing attacks.
Despite its prevalence, phishing had the lowest loss to
victims. Individuals have lost an average of $136 in
phishing attacks. This is well below the average data
breach cost of $12,124. Visit our phishing statistics page
for the latest information on global phishing trends.
In 2022, investment fraud was the most costly form of
cyber crime, with an average of $70,811 lost per victim.
It is clear that the rate and cost of data breaches are
increasing. Since 2001, the victim count has increased
from 6 victims per hour to 97, a 1517% increase over 20
years.
Covid-19 clearly impacted the number of hourly victims.
2019 cyber crime statistics show the hourly number of
victims was 53. In 2020, the first full year of the
pandemic, the hourly number of victims jumped to 90,
an increase of 69%.
The average cost of data breaches per hour worldwide
has also increased. In 2001, the average cost per hour to
individuals was $2054. Since then, the hourly loss rate
has increased, standing in 2021 at $787,671.
The cost of data breaches to businesses has steadily
increased as changes in the workplace and more
advanced penetration methods embolden cyber
criminals. In 2022, data breaches cost businesses an
average of $4.35 million – up from $4.24 million in 2021.
The increasing threat to organisations globally means
more are taking cyber security seriously. 73% of SMBs
agree that cyber security concerns now need action,
with 78% saying they will increase investment in cyber
security in the next 12 months.
A concerning statistic is that 67% of SMBs feel that they
do not have the in-house skills to deal with data
breaches. However, this issue is mitigated as increasing
numbers of SMBs are working with Managed Service
Providers for cyber security; 89% as of 2022, up from 74%
in 2020.
We work with many industries in which compliance and
regulation are major factors, and provide IT Support for
law firms and financial services companies among
others. We know it has never been more important to
take cyber security seriously.
Ransomware attacks continue to pose a serious threat
to individuals and organisations, with more advanced
attack methods forcing payouts from victims. Around
236.1 million ransomware attacks were reported
worldwide in the first half of 2022. For more information,
visit our ransomware statistics page.
Global Cyber Crime Statistics:
The UK had the highest number of cyber crime
victims per million internet users at 4783 in 2022 – up
40% over 2020 figures.
The country with the next highest number of victims
per million internet users in 2022 was the USA, with
1494, a 13% decrease over 2020.
1 in 2 North American internet users had their
accounts breached in 2021.
The UK and USA have disproportionately more victims
of cyber crime per million internet users compared to
other countries – the USA had 759% more victims in
2021 than the next-highest country, Canada.
The Netherlands has seen the greatest rise in victims
– 50% more than in 2020.
Greece has seen the largest decrease in victims –
down 75% over 2020.
In 2021, there were an average of 97 data breach
victims every hour worldwide.
2021 saw an average of $787,671 lost every hour due
to data breaches.
The top country on the National Cyber Security Index
(NCSI) in January 2023 is Greece, with a score of
96.10. The countries with the 5 highest scores on the
NSCI are:
Greece (96.10)
Greece (96.10)
Lithuania (93.51)
Belgium (93.51)
Estonia (93.51)
Czech Republic (92.21)
Between May 2020-2021, cyber crime in the AsiaPacific region increased by 168%. Japan experienced
a 40% increase in cyber attacks in May 2021
compared to previous months that year.
Between Q2 and Q3 of 2022, the countries that have
suffered the largest increases in data breaches are:
China (4852% amounting to 14,157,775 breached
accounts)
Japan (1423% amounting to 1,246,373 breached
accounts)
South Korea (1007% amounting to 1,669,124
breached accounts)
The countries with the largest decreases in data
breaches between Q2 and Q3 2022 are:
Sri Lanka (-99% amounting to 1,440,432 fewer
breached accounts)
Myanmar (-82% amounting to 17,887 fewer
breached accounts)
Iraq (-78% amounting to 16,113 fewer breached
accounts)
There was a 70% increase accounts breached in Q3
2022 compared to Q2.
108.9 million accounts were breached between
July-September in 2022.
This equates to 14 accounts being leaked every
second.
76% of respondents in a 2022 case study covering the
US, Canada, UK, Australia and New Zealand say their
organisation has suffered at least 1 cyber attack this
year. This is a large increase over the 55% figure in
2020.
From the same study, only 30% have cyber insurance,
with 69% fearful that a successful cyber attack could
put their SMB out of business entirely.
In 2021, Asian organisations suffered the most attacks
worldwide. The percentage of attacks against
organisations by continent in 2021 is as follows:
Asia (26%)
Europe (24%)
North America (23%)
Middle East and Africa (14%)
Latin America (13%)
In 2021, there was some variance in the attack types
used when breaching organisations:
In Asia, the main attack type experienced was
server access, with 20% of observed attacks. This
was ahead of ransomware (11%) and data theft
(10%).
In Europe, ransomware was the main attack type,
accounting for 26% of attacks in the continent.
Server access attacks (12%) and data theft (10%)
were the next most common attack types.
In North America, the main attack type was also
ransomware, with 30% of attacks. This was ahead
of business email compromise (12%) and server
access attacks (9%).
In the Middle East and Africa, the main attack type
observed was server access, making up 18% of
attacks. Server access attacks were also seen in
18% of attacks, followed by misconfiguration (14%).
In Latin America, the main attack type was
ransomware, making up 29% of attacks. This was
ahead of business email compromise and
credential harvesting (both seen in 21% of attacks).
The US IC3 department received reports from 24,299
victims of cyber crime. This amounted to more than
$956 million lost.
Romance scams and confidence fraud are prevalent
in the US – IC3 received reports from 24,299 victims in
2021, with losses amounting to more than $956
million.
32% of the victims were over 60 – the largest
proportion of victims in 2021.
16% were aged between 50-59.
Just 2% were under 20.
Sextortion is another prevalent issue in the US. Cyber
criminals threaten to release sensitive photos, videos
or information involving sexual acts of the victim if
their demands are not met.
The IC3 department received more than 18,000
complaints in 2021 relating to sextortion. Victim
losses amounted to more than $13.6 million.
Potential losses to cyber crime by individuals in the
US in 2022 totalled more than $10.2 billion. This is
significantly higher than in 2021 when individuals lost
an estimated $6.9 billion. Considering there were 5%
fewer complaints in the US in 2022 compared to 2021,
this suggests that cyber crime cost more per victim
than the previous year.
eCommerce fraud is expected to cost the retail
sector $48 billion globally in 2023.
Online payment fraud is predicted to cost businesses
$343 billion between 2023-2027.
Cyber Crime Trends 2022
Supply chain attacks
Supply chains are becoming increasingly
interconnected and complex as technology improves.
However, security vulnerabilities in one business can
expose partners they are connected with. Cyber
criminals are targeting these vulnerabilities, with up to
40% of cyber threats now occurring indirectly through
the supply chain.
Research highlights that cyber security leaders are
burnt out and in an ‘always on’ state as increased
digital connections demand more of their time.
Cyber criminals are using this fatigue to their
advantage. A study has revealed that just 23% of
security leaders monitor their partners and vendors in
real-time for cyber security risks. These organisations
also limit third-party coverage to their immediate
vendors and suppliers. This excludes their wider
ecosystem of customers, business partners, investors
and others.
Awareness of third-party risk is increasing. By 2025, it is
estimated that 60% of organisations will use cyber
security risk as a key factor when determining
transactions and business engagements with third
parties.
Recent research also highlights the worry of C-Suite
executives about vulnerabilities in the supply chain.
When 900 companies were asked what they thought
were the most likely types of cyber attacks on their
business, 60% responded with supply chain attacks. This
is the same as DDoS attacks, ahead of cyber espionage
(59%) and APT (57%), but less than ransomware and
data theft (66%).
Demonstrating the risks within the supply chain is
Atlassian. Used by 83% of Fortune 500 companies,
Atlassian products are hugely popular across the world,
with 180,000 customers in more than 190 countries.
However, cyber criminals exposed a severe vulnerability
in Atlassian Confluence in June 2022. As mentioned
above, Atlassian products are used by some of the
biggest organisations in the world; the consequences of
data leaks could be crippling. Research found that
almost 200,000 companies depend on organisations
that may have been affected by the vulnerability.
Internet of Things (IoT) devices
The IoT doesn’t require human interaction to function,
making IoT devices excellent assets in business to
automate tedious workflows and reduce the margin for
error. The use of sensors and software to collect and
process data means IoT devices offer new methods of
creation for revenue streams and better ways for
businesses to communicate with partners and
customers.
However, these devices are a prime target in cyber
crimes. GPS trackers, ‘smart’ wearables and other IoT
devices can hold valuable data, and those that do not
have robust security software are vulnerable.
This was discovered in the case of MiCODUS. The
MiCODUS MV720 GPS tracker is a popular automotive
tracking device, designed to help with vehicle fleet
management. It is hardwired into vehicles, enabling
anti-theft, fuel cut-off, geofencing and remote control
capabilities.
MiCODUS products are used in 169 countries by the
general public, government agencies, militaries, law
enforcement and businesses. 6 severe vulnerabilities
were found in the MV720. Exploiting these vulnerabilities
means attackers could track shipments, cut fuel to
emergency vehicles or extort ransoms by disabling
fleets.
The human element
The human element remains a critical vulnerability for
both businesses and individuals. 82% of breaches
against businesses involved a human element, through
issues like error and social engineering.
Phishing attacks are the most common form of cyber
threat, and more damaging attacks are often
dependent on the success of an initial malicious email.
Encouraging people to follow a link to a spoof website
and enter credentials, or download malware, gives
hackers the tools needed to escalate attacks. From
there, serious threats like ransomware can be delivered.
Cyber crime on social media
The growth of social media in recent years has given
cyber criminals another avenue of attack. Meta, the
parent company of Facebook, uncovered more than
400 malicious iOS and Android apps in 2022 that
targeted mobile users to steal their Facebook login
credentials.
43% of these apps were ‘photo editors’, including ones
that allowed the user to turn themselves into a cartoon.
A further 15% were ‘business utility’ apps, which claimed
to be able to provide hidden features not found in
official apps from reputable platforms. By creating fake
reviews, cyber criminals can artificially inflate the
ranking of their apps and disguise poor reviews that
highlight issues. Unsuspecting users then download the
app, where they are then asked to log in using
Facebook. Any details entered can be seen by the
hacker.
In Q2 of 2022 alone, Facebook removed 8.2 million items
of content that violated its policies on bullying and
harassment. In Q1 of 2022, 9.5 million pieces of policyviolating content were removed, the highest ever
number removed by the platform.
Cyber criminals will use social media to scope out and
target individuals for scams, such as romance scams.
This type of fraud involves the criminal establishing a
‘relationship’ with a target, before getting the
unfortunate victim to send money, purportedly for plane
tickets, an urgent operation or other ruses. In the UK,
romance scams cost victims £14.6 million in May 2021
alone. Half of romance scam victims in the UK in 2021
were women, with 39% men and the final 11%, not
specifying their gender.
Cyber Crime Trends 2023
The growing cost of cyber crime
As attack methods become increasingly sophisticated,
organisations globally have to invest in more advanced
security measures, update training, and, especially in
larger companies, hire dedicated cyber security staff.
When these companies are hacked, the costs of
rectifying the breach and recovering from downtime
can spiral into millions.
The average cost of a cyber breach in 2022 was $4.35
million. It’s predicted that cyber crime cost the global
economy around $7 trillion in 2022, and this number is
expected to rise to $10.5 trillion by 2025.
UK Cyber Crime Statistics:
32% of UK businesses reported suffering an attack or
breach between 2022-2023.
For medium businesses, this rises to 59%.
For large businesses, this rises to 69%.
The average cost of a breach against medium
and large businesses was £4960.
The proportion of micro-businesses listing cyber
security as a high priority has dropped to 68% in 2023
– down from 80% in 2022.
According to the NCSI, as of January 2023 the UK
ranks:
22nd on the NCSI, with a score of 77.92
2nd on the Global Cyber Security Index
5th on the ICT Development Index
10th on the Network Readiness Index
In 2022, 39% of UK businesses have experienced a
cyber attack, the same as in 2021. However, this has
dropped since 2020 (46%).
Of these businesses, 31% estimate they were attacked
at least once a week.
Cyber crime cost UK businesses an average of £4200
in 2021. For just medium and large businesses, this
number rises to £19,400.
The most common cyber threat facing UK businesses
in 2022 is phishing (83% of identified attacks).
82% of boards or senior management in UK
businesses see cyber security as a high priority. This
is an increase from 77% in 2021.
As of December 2022, 54% of UK businesses have
acted to identify cyber security risks, up from 52% in
2021. However, the 2022 figures have dropped
compared to 64% in 2020.
In addition, just 19% of businesses implement extra
training sessions after a cyber attack.
13% of UK businesses assess the risks posed by their
immediate suppliers.
Less than a fifth (19%) of UK businesses have a formal
incident response plan.
39% of UK businesses have assigned roles should a
cyber incident occur.
Just 6% of UK businesses had Cyber Essentials
certification in 2022, and 1% have Cyber Essentials
Plus certification – this is largely due to low
awareness of the schemes.
45% of UK businesses have employees that use
personal electronic devices for work purposes, or
have Bring Your Own Device policies.
16% of UK businesses still use older versions of
Windows.
For small businesses, this rises to 20%.
For large businesses, this rises to 23%.
23% of UK businesses have a formal cyber security
strategy in place.
Large UK businesses are above the average at
57%.
However, ‘micro’ businesses are below the UK
average at 20%.
In 2022, 43% of UK businesses were insured against
cyber attacks – an increase over 2020 when only 32%
were insured.
Phishing attacks are considered the most disruptive
form of cyber crime for UK businesses, tied with
threat actors impersonating the organisation in
emails or online.
Those aged 25-44 are most likely to be targeted by
phishing attempts.
Between March 2020 to March 2022, there was a 57%
increase in retail and consumer fraud.
In 2022, 4.8% of fraud in the UK was related to
Coronavirus. A common scam involved fraudsters
sending targets a link to book their next Covid-19
booster jab, asking them to enter their card details to
pay for the jab itself or an admin fee.
£11 million in client money was stolen from UK law
firms by cyber criminals between 2016-2017.
Cyber Crime In Asia
Cyber crime in Pakistan
Cyber crime has become an increasingly severe
problem in Pakistan in recent years. Financial fraud is
the most common type reported; in 2020, of 84,764 total
complaints, 20,218 Pakistanis reported falling victim to
financial fraud-related online crimes. This is ahead of
hacking (7966), cyber harassment (6023) and cyber
defamation (6004).
An increasing number of Pakistanis have experienced
cyber crime through social media. Between 2018-2021,
financial fraud through social media increased by 83%.
Of 102,356 complaints received in 2021, 23% of cyber
crimes used Facebook.
Cyber crime in India
Like many countries, India is suffering increasingly from
cyber crime. The number of cyber-related crimes
reported in 2018 was 208,456. In the first 2 months of
2022 alone, there were a reported 212,485 cyber crimes,
more than the entirety of 2018.
The figures rose more sharply through the pandemic,
with reported crime jumping from 394,499 cases in 2019
to 1,158,208 in 2020 and 1,402,809 in 2021. Between Q1 and
Q2 2022, cyber crime across India increased by 15.3%.
Additionally, there have been an increasing number of
Indian websites hacked in recent years. In 2018, some
17,560 sites were hacked. In 2020, an additional 26,121
sites were hacked.
78% of Indian organisations experienced a ransomware
attack in 2021, with 80% of those attacks resulting in the
encryption of data. In comparison, the average
percentage of attacks was 66%, with the average
encryption rate at 65%.
Cyber crime in Malaysia
79% of Malaysian organisations were targeted by
ransomware in 2021, with 64% of attacks resulting in the
encryption of data.
Cyber criminals have also been increasingly targeting
internet users in Malaysia. Over 20,000 cyber crimes
were reported in 2021, amounting to RM560 million ($123
million) lost from victims. Between 2017-2021, the total
amount lost to cyber crime in Malaysia was estimated
at RM2.23 billion ($490 million). From January to July
at RM2.23 billion ($490 million). From January to July
2022, there were 11,367 reported cases of cyber crime,
with the rate of crime increasing 61% from 2016 to 2022.
Cyber crime in Nepal
Despite its small population, cyber crime is still an issue
in Nepal. For the fiscal year 2020-2021, there were 3906
recorded cases of cyber crime. In just the first 3 months
of the current fiscal year (2021-2022), there have been
1547 reported cyber crime cases.
Nepal currently ranks 101st out of 160 countries on the
National Cyber Security Index, and 94th on the Global
Cyber Security Index. Nepal also ranks 140th on the ICT
Development Index.
Cyber Crime In North America
Cyber crime in Canada
Canada has experienced a marked increase in the rate
of cyber crime in recent years. Between 2017 and 2021,
reported cyber crime increased by 153%, from 27,829
cases in 2017 to 70,288 cases in 2021.
Coupled with this increase in cyber crime is an
increasing worry amongst Canadians about online
personal information usage. A 2020 study revealed that
48% of internet users in Canada were ‘extremely worried’
about their data being used in identity theft.
Canadian organisations have also been significantly
impacted by cyber crime. In 2017, $1.5 billion was lost
through cyber crime. In 2021, 85.7% of Canadian
organisations suffered at least one cyber attack. For
comparison, 89.7% of organisations in the USA were
attacked at least once in 2021; in the UK, this percentage
drops to 71.1%.
Phishing and online fraud continue to plague Canada. In
the first 6 months of the pandemic, 34% of Canadians
received at least 1 phishing email. In addition, in 2021,
Canadians lost $100 million to online fraud.
The most common form of online fraud involved
romance, which accounted for $42.2 million lost by
victims. Investment scams were also common.
Cyber crime in the United States
An estimated 53.35 million US citizens were affected by
cyber crime in the first half of 2022. Between July 2020
and June 2021, the US was the most targeted country for
cyber attacks, accounting for 46% of attacks globally.
US citizens lost $6.9 billion in 2021 to cyber-related
crimes, including romance scams ($956 million),
investment scams ($1.4 billion) and business email
compromise ($2.39 billion).
For businesses, ransomware is a serious threat to
security, with 60% of US organisations having their data
encrypted in successful ransomware attacks. The cost
to rectify these attacks cost an average of $1.08 million
in 2021, a decrease of 49% from 2020 ($2.09 million).
Just 50% of US organisations have cyber insurance with
full cover. A further 28% have cyber insurance with
exclusions or exceptions in the policy, meaning they
may not be covered for certain attacks or under certain
circumstances. Most worryingly, this means around 1 in
10 US organisations (12%) have no coverage against
cyber attacks, risking financial ruin should they suffer an
attack.
Cyber Crime In Oceania
Cyber crime in Australia
Cyber crime continues to be an issue in Australia.
Scams are one of the main concerns, with investment
scams having cost Australians more than $48 million so
far in 2022. In total, more than $72 million has been lost
through scams in 2022. In addition, 1 in 4 Australians
have fallen victim to identity fraud.
Australians are, on average, some of the wealthiest
people in the world. A study of the median wealth per
adult put Australians at the top of the rich list, with a
median wealth of $273,900 – ahead of Belgium
($267,890) and New Zealand ($231,260). This perhaps
partly explains why cyber criminals target Australian
individuals and organisations.
In September 2022, a major data breach at
telecommunications company Optus, affected around
2.1 million customers. 9.8 million individual records were
stolen, including addresses, names, dates of birth and, in
some cases, passport numbers. However, no bank
details were compromised in the attack.
On average, there is a cyber attack every 10 minutes in
Australia, with 43% of these attacks targeting SMEs.
Education, healthcare and government are the most
targeted areas.
From July 2021 to June 2022, cyber attacks in Australia
increased by 81%. Network traffic only increased by 38%
during the same period, highlighting the continuing
prevalence of cyber crime in the country. Attacks
targeting financial sites have risen more than 200% in
2022.
Cyber Crime In Africa
Cyber crime in Nigeria
In 2020, Nigeria was ranked 16th in the world for
countries most affected by cyber crime. A recent
development in Nigeria’s cyber threat landscape is
hackers tempting employees of Nigerian organisations
to act as insider threats. Research has revealed that
hackers have started offering money in return for
employees to divulge sensitive information on an
organisation’s network. While the report did not say
whether any staff had acted as insider threats, it is clear
that this is a growing area of concern.
In Q3 of 2022, Nigeria experienced a 1616% increase in
data breaches, from 35,472 in Q2 to 608,765 in Q3.
However, the Nigerian government is continuing to fight
against cyber crime. Since the start of 2022, Nigeria’s
Economic and Financial Crimes Commission (EFCC)
have convicted 2847 people in connection with cyberrelated crimes.
Cyber crime in Zambia
Zambia ranks 58th out of 161 countries on the National
Cyber Security Index and 73rd out of 194 countries on
the Global Cyber Security Index.
As a developing country, access to technology is
somewhat restricted – only 50% of Zambians own a
personal computer. However, around 75% own
smartphones, which makes scams via text a particular
issue. In 2021 alone, 10.7 million cyber crimes were
reported to the Zambia Computer Incident Response
Team (ZM-CIRT), which included mobile money reversal
scams and social media hijacking.
The GDP per capita of Zambia is $4000. Between 2020
and Q2 2022, the Zambian finance sector suffered
losses of over 150 million ZMK ($872,000). In the same
period, SMS fraud cost Zambians over 1 million ZMK
($58,000).
Cyber Crime In Europe
Cyber crime in Russia
Russia experiences high levels of cyber crime. In Q1 of
2022 alone, there were 42.92 million data breaches.
While this decreased to 28.78 million breaches in Q2 of
2022, it is clear that cyber crime is a serious threat in
Russia. There are an average of more than 249,000
cases of digital fraud annually. In a single day, over 8
billion phishing emails were sent from Russian
addresses.
In Q3 of 2022, 22.3 million Russian internet users had their
accounts breached, the highest of any country. The 5
countries with the highest amount of breached
accounts in Q3 of 2022 were Russia, France (13.8 million),
Indonesia (13.2 million), the US (8.4 million) and Spain
(3.9 million). These countries accounted for more than
half of the total breaches globally in Q3 2022. As of
November 2022, for every 1000 internet users, 153 have
had their accounts breached.
Cyber crime in Germany
A 2022 study suggested that 72.6% of German
organisations had suffered at least one successful
cyber attack in the preceding 12 months. In comparison,
Columbian organisations suffered the worst, with 93.9%
compromised by at least one successful attack. 74.3% of
German organisations indicated that further cyber
attacks in the next 12 months are more likely than not
going to occur.
However, German hackers are contributing to the global
phishing threat. In 2022, 5.19% of spam originated from
Germany. The top 5 countries of origin for spam were
Russia (29.82%), Mainland China (14%), the USA (10.71%),
Germany (5.19%) and the Netherlands (3.70%).
Cyber crime cost UK businesses an average of £4,200 in
2021
For just medium and large businesses, this number rises to £19,400
Notable Cyber Breaches
What happened in the 2021 JBS ransomware attack:
JBS is the largest meat processing company in the
world. On May 30th 2021, cyber criminals breached the
JBS network with ransomware, disrupting plants in the
USA, Canada and Australia. All JBS-owned beef
processing plants in the USA were temporarily
inoperative.
Impacts included the US Department of Agriculture
being temporarily unable to offer wholesale prices for
beef and pork, and highlighted vulnerabilities in the
meat processing supply chain.
On June 9th, JBS paid an $11 million ransom to the cyber
criminals, preventing further disruption and the potential
leaking of sensitive data. JBS stated that it spends over
$200 million annually on IT and employs more than 850
IT professionals worldwide.
What happened in the 2021 Robinhood hack:
Robinhood is a USA-based stock trading app. On
November 3rd 2021, data of 7 million users was stolen
and held to ransom by cyber criminals.
The hackers accessed this data through social
engineering, divulging employee login details to access
the network without using brute force. This led to 5
million users having their email addresses
compromised, with a further 2 million having their full
names exposed. 310 victims had more personal
information stolen, including dates of birth and US zip
codes.
The hackers demanded a ransom to prevent this data
from being leaked. Robinhood refused, hiring a cyber
security firm to investigate the breach.
What happened in the 2022 Uber hack:
On 16th September 2022, Uber’s AWS cloud account and
corporate Slack account were breached. It is likely that
the hacker purchased an Uber corporate password
used by a contractor, whose credentials had been
exposed after their personal device was infected with
malware.
The hacker used these credentials to repeatedly log in
to the contractor’s Uber account, which triggered MFA
approval requests. Repeated MFA requests caused ‘MFA
fatigue’ where the contractor became fed up with
receiving notifications. When the contractor eventually
accepted a request, the hacker gained access to the
account and escalated the attack.
Uber responded by identifying potentially compromised
accounts, either blocking them or resetting their
passwords. They also reset access to internal tools and
locked down the codebase to prevent any new code
changes. No public-facing applications were accessed,
meaning sensitive data such as customer credit card
details and bank account information remained secure.
What happened in the 2022 National Health Service (NHS)
cyber security breach:
On 4th August, Advanced, a key supplier of digital NHS
services like patient check-ins and NHS 111, suffered a
ransomware attack from an unknown hacking group.
The attack took several services offline, including
software used by medical professionals for patient
check-ins, patient records and NHS 111. GP practices
suffered as access to important patient information was
blocked, and notifications could not be electronically
sent between hospitals and GPs.
In-person visits had to be recorded manually, extending
wait times and piling extra work onto an already thinly
stretched NHS workforce.
From August 22nd, NHS 111 services started to return to
normal. Advanced worked on its security vulnerabilities
and is restoring impacted services in a new, secure
environment.
Nvidia cyber attack 2022
On 23rd February, Nvidia, a major microchip producer
suffered a data breach which saw source code fall into
the hands of cyber criminals.
The hacking group Lapsu$ claimed responsibility for the
attack, claiming it had stolen around 1TB of data. This
included employee information, such as account
passwords, and source code for graphics card drivers.
No ransomware was detected in the security breaches,
with the crime group instead demanding Nvidia make
their drivers open-source.
Nvidia responded by changing all staff members’
passwords, ensuring any leaked information would be
useless. Lapsu$ also claimed that Nvidia launched a
ransomware attack against them, encrypting the stolen
data so it couldn’t be leaked.
WannaCry cyber attack 2017
One of the most widespread cyber breaches in history,
WannaCry was a global ransomware attack that
affected more than 200,000 computers in over 150
countries.
WannaCry exploited a vulnerability in unpatched
versions of the Windows operating system. This
vulnerability was known as ‘EternalBlue’, and had
allegedly been developed in the US by the National
Security Agency. A hacking group known as ‘The Shadow
Brokers’ exposed the issue before the attack happened.
Microsoft released a patch that removed EternalBlue.
However, businesses and individuals across the world
ignored the update, not realising the danger their
computers were in.
As such, WannaCry was a devastating attack. The
ransomware infected hundreds of thousands of
computer systems across the globe. The attackers
encrypted data on the affected machines, demanding
the victims pay the attackers $300 in Bitcoin to avoid
having their data deleted.
WannaCry is estimated to have caused over $4 billion in
damages worldwide. In the UK, the NHS had to cancel
19,000 appointments, costing the health service around
£92 million.
Costa Rica ransomware attack 2022
A national emergency was declared in Costa Rica in
2022 in the face of a series of ransomware attacks
against critical institutions.
The first attacks ran from mid-April until the start of May,
with 27 government bodies targeted. The digital tax
service and the IT system for customs control were
crippled. An estimated 800 servers and several
terabytes of information in the finance ministry were
also impacted by the attacks.
The encryption of key data and systems meant trade
was affected, with losses from import and export
businesses estimated somewhere between $38 million
and $125 million per day. While a manual form of import
was implemented after 10 days, the increased
paperwork load still caused delays.
The second attack started on May 31st 2022. The main
target this time was the Costa Rican Social Security
Fund, which handles the country’s health service. An
estimated 10,400 computers and more than half of the
servers were impacted, with important healthcare
systems going offline and forcing doctors to cancel
appointments. In the first week following the attack,
around 34,677 appointments had to be rescheduled –
7% of all appointments that week across the country.
A ransomware group known as ‘Conti’ claimed
responsibility for the first series of attacks, demanding a
$10 million ransom to prevent the stolen information
from being leaked. The second series of attacks were
claimed by the HIVE ransomware group, which has
some links to Conti.
Marquard & Bahls supply chain attack 2022
On January 29th 2022, 2 subsidiaries of German fuel
trader Marquard & Bahls were hit with cyber attacks,
forcing companies like Shell to re-route shipments.
Oiltanking and Mabanaft were both targeted by
hackers, with their IT systems and supply chains
impacted. The knock-on effects of these attacks were
felt across Germany.
Aral, who operates the largest network of petrol stations
in Germany (around 2300 stations), had to source oil
from alternative sources after the attacks.
The companies produce 1.6 million litres of fuel oil and 2.1
million litres of fuel annually, and the disruption from
these attacks has affected 233 stations in northern
Germany. A spokesperson for the Federal Office for
Information Security said that the situation was ‘serious,
but not grave’. Both affected companies said in a joint
statement that they were working to resolve the issue as
soon as possible.
What is cyber crime?
Cyber crime is split into 2 categories:
Cyber-dependant crime: Crime that can only be
committed through the use of technology, ‘where the
devices are both the tool for committing the crime, and
the target of the crime.’ Examples include malware that
targets victims for financial gain and hacking to delete
or damage data.
Cyber-enabled crime: ‘Traditional’ crime that has
extended reach through the use of technology.
Examples include cyber-enabled fraud and data theft.
How much does cyber crime cost the economy?
Cyber crime cost global economies around $787,671 per
hour in 2021. Over the course of the year, this amounts to
$6,899,997,960 lost worldwide to cyber criminals.
How much does cyber crime cost the UK?
It is estimated that UK businesses lost around £736
million to cyber crime in 2021. Including consumers, as
much as £2.5 billion may have been lost in 2021 to cyber
criminals.
Why is cyber crime increasing?
Cyber crime against businesses in the UK had been
decreasing pre-Covid (from 46% of UK businesses
reporting suffering a cyber attack in 2017 to 32% in 2019).
However, the changes in the workplace brought about
by lockdowns through the pandemic caused cyber
crime to spike again as 46% of UK businesses reported
suffering a cyber attack in 2020.
Cyber crime against UK businesses has since slowly
decreased – in 2021 and 2022, 39% of UK businesses
reported suffering a cyber attack.
Cyber crime victim density in the UK increased 40% from
2020 to 2021, likely driven by using personal electronic
devices for work and generally using the internet more
during lockdowns.
Who does cyber crime affect?
Cyber crime affects everyone.
The least affected are typically those under 20, but
students switching to studying online during the
pandemic in 2020 contributed to a nearly 100% increase
in victims under 20 (from around 10,000 to more than
20,000).
Numbers have dropped by 36% in 2021, but remain 56%
above pre-Covid levels.
Pensioners (60+) are the group most vulnerable to
crime online. 2020 saw a 55% increase in victims over
the age of 60, and this trend has continued through 2021
to over 92,000 victims.
How often does cyber crime occur?
With an average of 97 cyber crime victims per hour, this
means there is a victim of cyber crime every 37
seconds.
In addition, 2 internet users have had their data leaked
every second in 2022. This is an improvement over 2021,
where 6 users had their data leaked every second.
Which country has the most cyber crime?
The latest cyber crime statistics highlight that hackers
target certain countries over others – in 2021, 71% of
countries had below the global average breach density
(16.5 leaked emails per 100 internet users).
The UK has the highest density of cyber crime victims
per million internet users – 4783. This is followed by the
USA with 1494.
Russia currently has over 3.5 million breached users –
the highest in the world in 2022. This is followed by the
USA with almost 2.5 million breached users.
What is hacking in cyber crime?
‘Hacking’ is the act of gaining unauthorised access to a
computer or data.
How common is hacking?
There is no single data source for how many people get
hacked. However, it is estimated that there is a victim of
cyber crime every 37 seconds. In 2021, 1 in 5 internet
users had their emails leaked online, which could lead to
hackers being able to access their accounts or target
the email in phishing attacks.
What is eavesdropping in cyber crime?
‘Eavesdropping’ enables hackers to view, intercept,
modify or delete data sent between 2 devices.
Eavesdropping can be passive, where the hacker
‘listens’ to data being transmitted but does not
otherwise interfere.
Active eavesdropping happens when hackers intercept
data packets on a network by pretending to be a
genuine connection. ‘Man-in-the-middle’ attacks are
the most common form of active eavesdropping.
Hackers access networks through social engineering or
malicious software, and can then steal, redirect or
delete data sent between devices on that network.
What is fraud in cyber crime?
Online fraud is when criminals use technology to gain
an advantage, usually financial, over a person or
business. Fraud cost the UK £137 billion in 2021, the losses
amounting to more than Jeff Bezos’ net worth.
What are the common types of cyber crime?
The most common forms of cyber crime include
phishing, ransomware and personal data breaches.
Phishing remains the most common form of cyber
Phishing remains the most common form of cyber
attack, with around 3.4 billion spam emails sent daily.
Phishing is often an ‘entry’ attack, where cyber criminals
collect sensitive information (like login details or credit
card numbers) that they can then use to launch further
attacks.
For instance, phishing is the most common entry point
for ransomware attacks. Hackers spam their targets
until the victim follows the link. That link could contain
ransomware or take them to a spoof website where the
victim unwittingly enters their login details. The hackers
can then use that information to get internal access to
a network, escalate their attack and inject ransomware.
Sources
Deep Instinct, Surfshark, IBM, World Economic Forum,
ConnectWise, Statista, Gartner, Bulletproof, Kaspersky,
Atlassian, BitSight, Verizon, NCSI, UK government, Pakistan
Federal Investigation Agency, CERT-IN, Statistics Canada,
Cyber Edge, Savvy, Optus, Credit Suisse, Imperva,
Deloitte, EFCC, Bloomberg UK, JBS, BBC, Uber, Nvidia,
Bloomberg, ZDNet, CPS, NCSC, National Fraud
Intelligence Bureau, Action Fraud, Crowe, Microsoft,
Sophos, Business Today, Commercial Crime
Investigation Department (Malaysia), Indian Cyber
Crime Coordination Centre, Nepal Police Cyber Bureau,
Meta, OSAC, ZM-CIRT, GCI, Reuters, IC3, Canadian AntiFraud Centre, Valimail, Cybersecurity Ventures, Juniper
Research, F5 Labs, SRA
Charles Griffiths
Director of Technology and Innovation
Last post
Next post
Related insights
Browse more articles from our experts and discover how to make better
use of IT in your business.
Business
Business
Business
How
Connecting
Recycle or
Nottingham
Nottingham:
donate your e-
Tech Firms are
The
waste in
Driving
technology
Nottingham
Innovation in
enhancing
the UK
community
22.06.23
Nottingham's tech
scene is vibrant,
teeming with
pioneering start-ups
and established
tech giants.
Discover how
Nottingham tech
firms are driving
innovation in the UK.
engagement
20.06.23
Community
engagement is
critical for success
in local government.
See how technology
is being used to
enhance
community
engagement in
Nottingham.
20.06.23
Unwanted
electronic devices
can have a new
lease of life if
donated or
recycled. Find the
best places to
recycle or donate
your e-waste in
Nottingham.
Unleash the power of technology. Unlock the potential of your business
Local
Contact us
Sitemap
Cookie Policy
Privacy Policy
Terms
© 2023 AAG • Registered Company: 08501614
This website has been part funded by the European Regional Development Fund