Cybercrime Statistics 2026
Last updated: May 28, 2026 | Update frequency: Quarterly | Next update: September 2026 Primary author: Axis Intelligence Research | Co-author: Marcus Chen, Cybersecurity Editor License: CC BY 4.0 — Download dataset (CSV)
In 2025, US cybercrime losses reached $20.877 billion — a 26% year-over-year surge and the first time reported losses have exceeded $20 billion — as the FBI’s Internet Crime Complaint Center received more than one million complaints for the first time in its 25-year history, averaging nearly 3,000 reports per day. Globally, the average cost of a single data breach fell to $4.44 million (IBM 2025), while the US average climbed to a record $10.22 million.
Key Findings
- $20.877 billion: Total US cybercrime losses reported to the FBI IC3 in 2025, a 26% increase over 2024’s $16.6 billion — the largest year-over-year jump in IC3 history. (FBI IC3 2025 Annual Report)
- Ransomware now present in 44% of all confirmed data breaches, a 37% increase from 2024, while paradoxically total ransomware payments fell 8% to $820 million as 64% of victims refused to pay. (Verizon DBIR 2025; Chainalysis 2026 Crypto Crime Report)
- AI-enabled crime generates 93% higher average losses per complaint than the IC3 portfolio average ($39,936 vs. $20,699), according to Axis Intelligence Research’s cross-calculation of FBI IC3 2025 data — a figure not stated in the primary report.
- Americans aged 60 and older lost $7.748 billion in 2025 — 37.1% of all reported cybercrime losses — despite comprising approximately 20% of the US population, producing a Senior Victim Concentration Ratio of 1.86x their population share. (FBI IC3 2025 Annual Report; US Census Bureau)
- Global cybersecurity spending is projected to reach $240 billion in 2026, a 12.5% increase from $213 billion in 2025, as organizations accelerate AI-powered defense investment in response to an expanding threat surface. (Gartner, July 2025)
Table of Contents
The Scale of Cybercrime in 2025
The FBI’s 2025 Internet Crime Complaint Center Annual Report, released April 6, 2026, is the primary benchmark for US cybercrime losses. It documents 25 years of complaint data and represents the first time annual filings have crossed one million.
Overall Loss and Complaint Trends
| Metric | 2025 | 2024 | Change | Source |
|---|---|---|---|---|
| Total reported losses | $20.877 billion | $16.6 billion | +26% | FBI IC3 2025 |
| Total complaints received | 1,008,597 | 859,532 | +17.3% | FBI IC3 2025 |
| Average daily complaints | ~2,763 | ~2,355 | +17.3% | Axis Intelligence calculation |
| Average loss per complaint | ~$20,699 | ~$19,313 | +7.2% | Axis Intelligence calculation |
| Cyber-enabled fraud losses | $17.697 billion | — | — | FBI IC3 2025 |
| Cyber-enabled fraud complaints | 452,868 | — | — | FBI IC3 2025 |
Context: IC3 data captures only reported crime; the FBI consistently notes that the actual financial toll of cybercrime significantly exceeds reported figures. Cybersecurity Ventures estimates global cybercrime damages at $10.5 trillion annually, though this figure encompasses a broader universe of costs (business disruption, lost productivity, reputational harm) beyond direct financial fraud.
Top Crime Types by Loss (2025)
| Crime Type | Losses | Complaints | Avg. Loss/Complaint | Source |
|---|---|---|---|---|
| Investment fraud | $8.6 billion | ~49,000 est. | ~$175,000 est. | FBI IC3 2025 |
| Business Email Compromise (BEC) | $3.047 billion | 24,768 | $123,000 | FBI IC3 2025 |
| Tech support scams | $2.1 billion | — | — | FBI IC3 2025 |
| Recovery scams | $1.4 billion | 10,516 | $133,120 | FBI IC3 2025 |
| AI-related complaints | $893 million | 22,364 | $39,936 | FBI IC3 2025 |
Top Crime Types by Complaint Volume (2025)
| Crime Type | Complaint Count | Source |
|---|---|---|
| Phishing / Spoofing | 191,561 | FBI IC3 2025 |
| Extortion | 89,129 | FBI IC3 2025 |
| Personal data breaches | — | FBI IC3 2025 |
| Non-payment / Non-delivery | — | FBI IC3 2025 |
| BEC | 24,768 | FBI IC3 2025 |
Note: Phishing leads by complaint volume but ranks far lower by total losses, illustrating that higher-volume crimes are not necessarily the highest-loss crimes. Investment fraud has the inverse profile: fewer complaints, vastly higher individual losses.
Financial Fraud — Investment Scams, BEC, Cryptocurrency
Cryptocurrency and Investment Fraud
Cryptocurrency-related fraud was the single largest driver of financial losses in 2025, accounting for more than half of all reported losses.
| Metric | 2025 Figure | Source |
|---|---|---|
| Total cryptocurrency-related losses | $11.36 billion | FBI IC3 2025 |
| Cryptocurrency-related complaints | 180,000+ | FBI IC3 2025 |
| Crypto investment scams (subset) | $7.2 billion | FBI IC3 2025 |
| Crypto share of investment fraud incidents | 72% | FBI IC3 2025 |
| Total on-chain ransomware payments | $820 million | Chainalysis 2026 Crypto Crime Report |
Cryptocurrency investment scams — commonly called “pig butchering” scams — are long-running social engineering campaigns where criminals build false trust before directing victims into fraudulent investment platforms. The $7.2 billion loss figure is the highest single crime-type concentration in IC3 history.
Business Email Compromise (BEC)
BEC remains the second-highest crime type by loss for the third consecutive year. Unlike investment fraud, BEC targets organizations rather than individuals and operates at scale through impersonation of executives, vendors, or partners.
| Metric | 2025 Figure | Source |
|---|---|---|
| Total BEC losses | $3,046,598,558 | FBI IC3 2025 |
| BEC complaint count | 24,768 | FBI IC3 2025 |
| Average BEC loss per complaint | ~$123,000 | Axis Intelligence calculation |
| BEC as % of total IC3 losses | 14.6% | Axis Intelligence calculation |
| AI-enabled BEC losses (sub-category) | Included in $893M AI total | FBI IC3 2025 |
Ransomware
The Ransomware Paradox of 2025
2025 produced a counterintuitive ransomware picture: attack volume surged to record levels while total payments fell. The Verizon DBIR 2025 found ransomware present in 44% of all confirmed breaches (up from 32% in 2024), while Chainalysis tracked only $820 million in total on-chain ransomware payments — down 8% from $892 million in 2024. The explanation: 64% of organizations now refuse to pay, per Verizon DBIR 2025, driven by improved backup capabilities, law enforcement disruption of major ransomware groups (LockBit), and evolving guidance discouraging payment.
Ransomware Key Metrics
| Metric | 2025 Figure | Source |
|---|---|---|
| Ransomware present in breaches | 44% of all breaches | Verizon DBIR 2025 |
| Ransomware increase year-over-year | +37% | Verizon DBIR 2025 |
| IC3 ransomware complaints | 3,611 | FBI IC3 2025 |
| IC3 ransomware losses (reported) | $32 million+ | FBI IC3 2025 |
| Median ransom demand (Verizon) | $115,000 | Verizon DBIR 2025 |
| Median paid ransom (Sophos) | $1.0 million | Sophos State of Ransomware 2025 |
| Total on-chain ransomware payments | $820 million | Chainalysis 2026 Crypto Crime Report |
| Organizations refusing to pay | 64% | Verizon DBIR 2025 |
| Organizations who paid, attacked again | 80% | Sophos State of Ransomware 2025 |
| Victims on leak sites globally (2025) | 7,874 (record; +50% YoY) | Chainalysis / NCC Group |
| New ransomware variants identified | 63 (~5.25/month) | FBI IC3 2025 |
| Average ransomware breach total cost | $5.08 million | IBM Cost of Data Breach 2025 |
Note: The $32M figure in the IC3 report represents only the ransom demands reported directly to IC3. IBM’s $5.08M figure captures total cost per ransomware incident (ransom + remediation + downtime + legal + notification) across a global sample. These figures measure different things and are not directly comparable.
Top Ransomware Variants by Critical Infrastructure Impact (2025)
| Rank | Variant | Primary Target Sectors | Source |
|---|---|---|---|
| 1 | Akira | Healthcare, manufacturing | FBI IC3 2025 |
| 2 | Qilin | Healthcare, government | FBI IC3 2025 |
| 3 | INC Ransom / Lynx / Sinobi | Healthcare, financial services | FBI IC3 2025 |
| 4 | BianLian | Government, IT | FBI IC3 2025 |
| 5 | Play | Critical manufacturing | FBI IC3 2025 |
Initial Ransomware Attack Vectors (2025)
| Attack Vector | Share of Ransomware Incidents | Source |
|---|---|---|
| Exploited vulnerabilities | 32% | Sophos State of Ransomware 2025 |
| Compromised credentials | 23% | Sophos State of Ransomware 2025 |
| Malicious email | 19% | Sophos State of Ransomware 2025 |
| Phishing | 18% | Sophos State of Ransomware 2025 |
Data Breaches — IBM Cost of a Data Breach 2025
IBM’s annual Cost of a Data Breach Report, now in its 20th year, is the primary benchmark for breach cost quantification globally. The 2025 edition (published July 2025, covering incidents from mid-2024 through mid-2025) studied 604 organizations across 17 industries and 16 countries.
Global and Regional Breach Costs
| Metric | 2025 Figure | 2024 Figure | Change | Source |
|---|---|---|---|---|
| Global average breach cost | $4.44 million | $4.88 million | –9% | IBM 2025 |
| US average breach cost | $10.22 million | — | +YoY record | IBM 2025 |
| Mean breach lifecycle (detect + contain) | 241 days | — | Lowest in 9 years | IBM 2025 |
| Multi-environment breach cost | $5.05 million | — | — | IBM 2025 |
| On-premises breach cost | $4.01 million | — | — | IBM 2025 |
The 9% global decline is the first decrease in five years. IBM attributes it to faster detection and containment enabled by AI-powered security tooling. The US continues to diverge from global trends, with the $10.22M average reflecting higher regulatory fines, more extensive litigation, and slower detection times than international peers.
Breach Costs by Industry (2025)
| Industry | Average Breach Cost | Source |
|---|---|---|
| Healthcare | $7.42 million | IBM 2025 |
| Financial services | ~$5.00 million | IBM 2025 |
| Technology | — | IBM 2025 |
| Industrial / Manufacturing | — | IBM 2025 |
| Retail | — | IBM 2025 |
| Ransomware (all industries) | $5.08 million | IBM 2025 |
Healthcare has recorded the highest average breach cost for 14 consecutive years (IBM). The $7.42 million figure is a slight decrease from 2024 but remains 67% above the global average — a gap Axis Intelligence Research calculates as the Healthcare Breach Premium™ using IBM’s own figures.
Initial Attack Vectors by Cost (2025)
| Initial Vector | % of Breaches | Avg. Cost | Source |
|---|---|---|---|
| Phishing | 16% | $4.80 million | IBM 2025 |
| Stolen credentials | — | — | IBM 2025 |
| Supply chain compromise | — | $4.91 million (longest to resolve) | IBM 2025 |
| Credential / identity-based | 22% (Verizon) | — | Verizon DBIR 2025 |
Phishing overtook stolen credentials as the most common initial attack vector in 2025 — the first time phishing has held this position in IBM’s report. The shift reflects AI-enhanced phishing campaigns that are increasingly difficult to detect.
Third-Party and Supply Chain Risk
| Metric | 2025 Figure | 2024 Figure | Source |
|---|---|---|---|
| Breaches involving a third party | 30% | 15% | Verizon DBIR 2025 |
| Vulnerability exploitation as initial vector | 20% of breaches | — | Verizon DBIR 2025 |
| Vulnerability exploitation increase | +34% | — | Verizon DBIR 2025 |
| Average supply chain breach cost | $4.91 million | — | IBM 2025 |
The doubling of third-party involvement in breaches (from 15% to 30%) is the single largest structural shift in the Verizon DBIR 2025. Edge devices and VPN exploitation grew nearly eightfold as an entry point, reflecting attackers’ shift toward targeting the perimeter rather than the interior of corporate networks.
AI-Enabled Cybercrime — The Axis Intelligence AI-Crime Premium™
The Original Metric: AI Complaints Cost 93% More Per Incident
2025 marked the first year the FBI IC3 formally tracked AI-enabled crime as a distinct complaint category. The dataset provides enough detail to calculate a figure no primary source states explicitly.
Axis Intelligence AI-Crime Premium™ calculation:
- AI-related complaints in 2025: 22,364 (FBI IC3 2025)
- AI-related losses in 2025: $893 million (FBI IC3 2025)
- Average AI-related loss per complaint: $39,936
- Total IC3 complaints: 1,008,597 (FBI IC3 2025)
- Total IC3 losses: $20.877 billion (FBI IC3 2025)
- Overall average loss per complaint: $20,699
- AI-Crime Premium: +92.9% — AI-enabled crimes generate 93% higher average losses per complaint than the IC3 portfolio average
This figure is not stated in the FBI IC3 2025 Annual Report. Axis Intelligence Research calculated it by dividing each loss figure by the corresponding complaint count using data from the same primary source.
| AI-Crime Metric | 2025 Figure | Source |
|---|---|---|
| AI-related complaints | 22,364 | FBI IC3 2025 |
| AI-related losses | $893 million | FBI IC3 2025 |
| Avg. AI loss per complaint | $39,936 | Axis Intelligence calculation |
| Overall IC3 avg. loss/complaint | $20,699 | Axis Intelligence calculation |
| AI-Crime Premium™ | +92.9% | Axis Intelligence Research |
| Largest AI crime category | Investment fraud ($632M) | FBI IC3 2025 |
| AI in breaches (attackers using AI) | 16% of all breaches | IBM 2025 |
| Most common AI attack method | Phishing (37% of AI attacks) | IBM 2025 |
| Second most common AI attack | Deepfake impersonation (35%) | IBM 2025 |
| Shadow AI in breaches | 20% of breaches | IBM 2025 |
| Shadow AI cost premium | +$670,000 per breach | IBM 2025 |
| Orgs without AI access controls (breached) | 97% | IBM 2025 |
| Orgs lacking AI governance policies | 63% | IBM 2025 |
AI voice cloning, synthetic video (deepfakes), and AI-generated phishing are the primary delivery mechanisms driving the higher-than-average loss rates. The FBI IC3 2025 notes that AI tools allow criminals to generate “convincing phishing emails, synthetic video content, and voice cloning” at scale.
Victims by Demographics — The Senior Concentration Problem
The Axis Intelligence Senior Victim Concentration Ratio™
Americans aged 60 and older bear a disproportionate share of cybercrime losses — a structural vulnerability that the FBI IC3 2025 data makes measurable in a form no primary source publishes.
Axis Intelligence Senior Concentration Ratio™ calculation:
- 60+ losses as share of total IC3 losses: $7.748B ÷ $20.877B = 37.1%
- US population aged 60+: approximately 20% (US Census Bureau, 2024 estimates)
- Senior Concentration Ratio: 1.86x — Americans 60+ absorb 37.1% of cybercrime losses despite comprising ~20% of the US population
| Demographic Metric | 2025 Figure | Source |
|---|---|---|
| Total losses, 60+ age group | $7.748 billion | FBI IC3 2025 |
| Complaints from 60+ victims | 201,266 | FBI IC3 2025 |
| 60+ losses as % of total IC3 losses | 37.1% | Axis Intelligence calculation |
| YoY change in 60+ losses | +59% | FBI IC3 2025 |
| YoY change in 60+ complaints | +37% | FBI IC3 2025 |
| Average 60+ loss per complaint | $38,500 | FBI IC3 2025 |
| Overall IC3 avg. loss per complaint | $20,699 | Axis Intelligence calculation |
| Seniors with individual losses >$100,000 | 12,444 | FBI IC3 2025 |
| 60+ Senior Concentration Ratio™ | 1.86x population share | Axis Intelligence Research |
Losses by Age Group (2025)
| Age Group | Complaints | Losses | Source |
|---|---|---|---|
| Under 20 | — | — | FBI IC3 2025 |
| 20–29 | — | — | FBI IC3 2025 |
| 30–39 | — | — | FBI IC3 2025 |
| 40–49 | — | — | FBI IC3 2025 |
| 50–59 | 124,820 | $3.7 billion | FBI IC3 2025 |
| 60+ | 201,266 | $7.748 billion | FBI IC3 2025 |
Note: The IC3 2025 report provides partial age breakdowns. The 50–59 and 60+ brackets are confirmed; granular data for younger brackets is listed in the full report appendix.
Top crime types affecting 60+ victims: investment fraud ($3.5B), tech support scams ($1.04B), and confidence/romance scams ($584M).
Sector-Specific Impact — The Healthcare Ransomware Aggregate Estimate
The Axis Intelligence Healthcare Ransomware Cost Estimate™
No primary source explicitly states the total aggregate cost of ransomware attacks against the US healthcare sector in 2025. Axis Intelligence Research derived this figure by cross-referencing two primary sources.
Methodology:
- FBI IC3 2025: 460 ransomware attacks against healthcare in 2025 (the sector with the highest reported ransomware attack count)
- IBM Cost of Data Breach 2025: $5.08 million average total cost per ransomware incident (including ransom, remediation, downtime, legal, notification)
- Cross-calculation: 460 × $5.08M = $2.337 billion
Axis Intelligence Healthcare Ransomware Cost Estimate™: $2.337 billion in 2025
Caveat: The IC3 figure captures reported US incidents only; IBM’s cost figure is a global sample average. This estimate assumes IBM’s average applies uniformly to US healthcare incidents, which may not hold given healthcare’s higher-than-average breach costs ($7.42M vs $4.44M). Using healthcare’s specific breach cost ($7.42M) would yield an upper estimate of $3.413 billion. The true figure lies between $2.34B and $3.41B. Neither bound appears in any primary source.
| Healthcare Cybercrime Metric | 2025 Figure | Source |
|---|---|---|
| Healthcare data breaches | 182 | FBI IC3 2025 |
| Healthcare ransomware attacks | 460 | FBI IC3 2025 |
| Healthcare: highest critical infra sector? | Yes | FBI IC3 2025 |
| Healthcare avg. breach cost | $7.42 million | IBM 2025 |
| Healthcare breach cost premium vs. global avg. | +67.1% | Axis Intelligence calculation |
| Healthcare avg. breach detection/contain | ~9 months | IBM 2025 |
| Est. aggregate healthcare ransomware cost | $2.34B–$3.41B | Axis Intelligence Research |
| 14 consecutive years as costliest industry | Yes | IBM 2025 |
Critical Infrastructure Sectors by Ransomware Attack Count (2025)
| Rank | Sector | Ransomware Attacks (IC3) | Source |
|---|---|---|---|
| 1 | Healthcare & Public Health | 460 | FBI IC3 2025 |
| 2 | Critical Manufacturing | — | FBI IC3 2025 |
| 3 | Financial Services | — | FBI IC3 2025 |
| 4 | Information Technology | — | FBI IC3 2025 |
| 5 | Government Facilities | — | FBI IC3 2025 |
The IC3 provides the sector ranking; granular counts for sectors 2–5 are available in the full report appendix.
Cybersecurity Spending 2025–2026
Global Security Spending Forecast
| Metric | 2025 | 2026 (forecast) | Source |
|---|---|---|---|
| Global cybersecurity spending | $213 billion | $240 billion | Gartner, July 2025 |
| Year-over-year growth | — | +12.5% | Gartner, July 2025 |
| Security software (2025) | ~$106 billion | ~$121 billion | Gartner, July 2025 |
| Security services (2025) | ~$84 billion | — | Gartner, July 2025 |
| Infosec as % of total IT spend | ~13.2% | — | IDC / Gartner |
| US federal cybersecurity budget | $25B+ | — | Palo Alto Networks / Deltek |
The 12.5% 2026 growth rate (Gartner) represents a significant acceleration from 2025’s approximately 10% growth, driven by three structural forces Gartner identifies: expanding cloud attack surfaces, AI weaponization by threat actors, and regulatory pressure (NIS2, DORA, SEC disclosure rules).
Workforce Gap
| Metric | Figure | Source |
|---|---|---|
| Organizations reporting critical skills shortages | 59% | ISC2 2025 Cybersecurity Workforce Study |
| Most urgent skill gaps | AI security, cloud security | ISC2 2025 |
| US infosec analyst job growth through 2032 | +32% | US Bureau of Labor Statistics |
Note: ISC2 declined to publish a global workforce gap headcount estimate in 2025 for the first time, shifting the framing from headcount deficit to skills deficit. The 2024 estimate was a gap of approximately 4.76 million professionals globally.
Methodology
Data collection: Axis Intelligence Research compiled statistics from the following primary sources, listed in order of priority:
- FBI Internet Crime Complaint Center (IC3) 2025 Annual Report — Released April 6, 2026. Covers complaints filed directly with IC3 by US victims. This is the definitive US cybercrime complaints and losses database.
- IBM Cost of a Data Breach Report 2025 — Published July 2025 by IBM Security, independently conducted by Ponemon Institute. Covers 604 organizations, 17 industries, 16 countries. Methodology: structured interviews, financial modeling of breach costs across detection, notification, lost business, and response phases.
- Verizon 2025 Data Breach Investigations Report (DBIR) — Published April 23, 2025. Analyzed 22,052 incidents and 12,195 confirmed breaches across 139 countries. Methodology: multi-source aggregation from contributing organizations globally.
- Gartner Worldwide Information Security End-User Spending Forecast (July 2025) — Quarterly updated forecast from Gartner Research.
- Chainalysis 2026 Crypto Crime Report — Annual blockchain transaction analysis tracking on-chain ransomware payments.
- US Bureau of Labor Statistics Occupational Outlook Handbook — Career projection data.
Coverage period: All statistics relate to calendar year 2025 unless otherwise noted. IBM CODB 2025 covers mid-2024 through mid-2025.
What this dataset measures: US cybercrime complaint and loss data (IC3), per-incident breach costs (IBM), breach pattern and attack vector analysis (Verizon DBIR), market spending (Gartner), and ransomware payment flows (Chainalysis).
What this dataset does NOT measure: Total global cybercrime cost (which includes unreported crime and is estimated by Cybersecurity Ventures at $10.5T annually using a methodology Axis Intelligence has not independently verified). State-sponsored espionage losses. Intellectual property theft not reported to IC3.
Original metrics and their limitations:
- AI-Crime Premium™: Calculated from two figures in the same FBI IC3 2025 report. Limitation: the FBI does not define “AI-related” with a published methodology; crimes may be double-counted across categories.
- Senior Concentration Ratio™: Population share from US Census Bureau 2024 estimates (60+ ≈ 20%); IC3 data from FBI IC3 2025. Limitation: the IC3 captures only reported crimes; older adults may under-report relative to their actual victimization rate.
- Healthcare Ransomware Cost Estimate™: FBI IC3 2025 for attack count; IBM CODB 2025 for cost-per-incident. Limitation: the IBM figure is a global average; applying it to US healthcare incidents assumes cost uniformity that may not hold. Range: $2.34B (using IBM average) to $3.41B (using healthcare-specific average).
Figures flagged as [older data]: The Verizon DBIR 2025 was published April 2025 and reflects incidents largely from 2024. We use it here as the most recent comprehensive breach pattern study available. The 2026 DBIR is expected in April 2026 (not yet released at time of publication).
About This Dataset
Update cadence: Quarterly — next update September 2026. Major new primary sources trigger an out-of-cycle update (e.g., the 2026 Verizon DBIR or IBM CODB 2026 when released).
License: Creative Commons Attribution 4.0 International (CC BY 4.0). You may share, reproduce, or adapt this data with attribution to Axis Intelligence Research.
Downloadable dataset: cybercrime-statistics-2026.csv — structured dataset with metric name, value, unit, source, source URL, year, and Axis Intelligence classification (primary source / derived calculation).
Changelog:
- June 1, 2026: Initial publication. Primary sources: FBI IC3 2025, IBM CODB 2025, Verizon DBIR 2025, Gartner (July 2025), Chainalysis 2026. Three original derived metrics introduced.
Cite This Research
APA: Axis Intelligence Research, & Chen, M. (2026, June 1). Cybercrime statistics 2026: The definitive data report. Axis Intelligence. https://axis-intelligence.com/cybercrime-statistics/
MLA: Axis Intelligence Research and Marcus Chen. “Cybercrime Statistics 2026: The Definitive Data Report.” Axis Intelligence, 1 June 2026, axis-intelligence.com/cybercrime-statistics/.
Chicago: Axis Intelligence Research and Marcus Chen. “Cybercrime Statistics 2026: The Definitive Data Report.” Axis Intelligence, June 1, 2026. https://axis-intelligence.com/cybercrime-statistics/.
Frequently Asked Questions
What is the total cost of cybercrime in 2025?
US reported cybercrime losses reached $20.877 billion in 2025, a 26% increase from $16.6 billion in 2024, according to the FBI IC3 2025 Annual Report — the primary government source for US cybercrime financial losses. This figure captures only crimes reported directly to IC3. Cybersecurity Ventures estimates global cybercrime damages at approximately $10.5 trillion annually when including business disruption, lost productivity, and unreported crime, though this estimate is derived from a proprietary model rather than primary incident data.
What is the average cost of a data breach in 2026?
The most recent available data is from the IBM Cost of a Data Breach Report 2025: the global average is $4.44 million (a 9% decline from 2024’s $4.88 million — the first decline in five years). The US average is $10.22 million (a new record). The IBM 2026 report is expected in July 2026 and will reflect incidents from mid-2025 through mid-2026.
What percentage of breaches involve ransomware?
According to the Verizon 2025 Data Breach Investigations Report — which analyzed 12,195 confirmed breaches across 139 countries — ransomware was present in 44% of all breaches, a 37% increase from 2024’s 32%. Despite this increase in prevalence, total ransomware payments fell 8% to $820 million as 64% of victims refused to pay.
Which sector is hit hardest by cybercrime?
Healthcare leads by several measures. The FBI IC3 2025 report recorded 460 ransomware attacks against healthcare — the highest of any critical infrastructure sector. IBM’s 2025 Cost of a Data Breach Report found healthcare’s average breach cost of $7.42 million is the highest of any industry for the 14th consecutive year, 67% above the global average. Axis Intelligence Research estimates the aggregate cost of healthcare ransomware attacks in 2025 at $2.34–$3.41 billion.
How much are cybercriminals targeting older Americans?
Disproportionately. Americans aged 60 and older reported $7.748 billion in cybercrime losses in 2025 — 37.1% of all IC3-reported losses — despite comprising approximately 20% of the US population. This produces an Axis Intelligence Senior Concentration Ratio™ of 1.86x: seniors absorb nearly twice their population-share of cybercrime financial losses. Their average loss per complaint ($38,500) is nearly double the IC3 overall average ($20,699).
Is AI making cybercrime worse?
Yes, in two ways. First, attackers are using AI: 16% of all data breaches in 2025 involved attackers using AI (primarily for phishing and deepfake impersonation), per IBM’s 2025 report. The FBI IC3 recorded 22,364 AI-related cybercrime complaints with $893 million in losses — implying an average loss of $39,936 per AI-related complaint, 93% above the IC3 portfolio average (Axis Intelligence calculation). Second, shadow AI (unauthorized AI tools used by employees) was a factor in 20% of breaches, adding $670,000 to average costs.
What are the biggest cybersecurity spending trends in 2026?
Gartner projects global cybersecurity spending to reach $240 billion in 2026, a 12.5% increase from $213 billion in 2025. Security software is the fastest-growing segment, driven by cloud migration and AI-powered defense tools. Organizations are accelerating investment in AI-assisted detection, which IBM’s 2025 report credits with reducing the mean breach lifecycle to 241 days — the lowest in nine years. Despite the spending increase, 59% of organizations report critical cybersecurity skills shortages (ISC2 2025), with AI security and cloud security representing the most urgent gaps.
Where can I download the full dataset?
The Axis Intelligence Cybercrime Statistics 2026 dataset is available as a CSV file under CC BY 4.0 license at https://axis-intelligence.com/wp-content/uploads/2026/05/cybercrime-statistics-2026.csv .The dataset includes metric name, value, unit, source, source URL, year, and Axis Intelligence classification. Attribution is required per the CC BY 4.0 license: “Axis Intelligence Research, Cybercrime Statistics 2026, axis-intelligence.com.”