Services
Close

The Latest 2022 Cyber Crime Statistics (updated December 2022)

See how cyber security has adapted to an ever-changing threat landscape with the latest cyber crime statistics, updated for December 2022.
01.12.22 Charles Griffiths

The global cyber security landscape has seen increased threats in recent years. Through the pandemic, cyber criminals took advantage of misaligned networks as businesses moved to remote work environments. In 2020, malware attacks increased 358% compared to 2019.

From here, cyber attacks globally increased by 125% through 2021, and this upward trend is expected to continue in 2022.

Russia’s invasion of Ukraine has had a massive impact on the cyber threat landscape. Since the start of the war, Russian-based phishing attacks against email addresses of European and US-based businesses have increased 8-fold. Nearly 3.6 million Russian internet users have also experienced breaches in the first quarter of 2022, an 11% increase quarter-on-quarter.

Phishing remains the most common form of crime committed online. In 2021, a total of 323,972 internet users fell victim to phishing attacks. This means half of the users who suffered a data breach fell for a phishing attack.

2021 saw nearly 1 billion emails exposed, affecting 1 in 5 internet users. This may partly explain the continued prevalence of phishing attacks.

Despite its prevalence, phishing had the lowest loss to victims. Individuals have lost an average of $136 in phishing attacks. This is well below the average data breach cost of $12,124. Visit our phishing statistics page for the latest information on global phishing trends.

As of December 2022, investment fraud is the most costly form of cyber crime, with an average of $70,811 lost per victim.

It is clear that the rate and cost of data breaches are increasing. Since 2001, the victim count has increased from 6 victims per hour to 97, a 1517% increase over 20 years.

Covid-19 clearly impacted the number of hourly victims. 2019 cyber crime statistics show the hourly number of victims was 53. In 2020, the first full year of the pandemic, the hourly number of victims jumped to 90, an increase of 69%.

The average cost of data breaches per hour worldwide has also increased. In 2001, the average cost per hour to individuals was $2054. Since then, the hourly loss rate has increased, standing in 2021 at $787,671.

The cost of data breaches to businesses has seen steady increases, as changes in the workplace and more advanced penetration methods embolden cyber criminals. In 2022, data breaches cost businesses an average of $4.35 million – up from $4.24 million in 2021.

The increasing threat to organisations globally means more are taking cyber security seriously. 73% of SMBs agree that cyber security concerns now need action to be taken, with 78% saying they will increase investment in cyber security in the next 12 months.

A concerning statistic is that 67% of SMBs feel that they do not have the in-house skills to deal with data breaches. However, this issue is mitigated as increasing numbers of SMBs are working with Managed Service Providers for cyber security; 89% as of 2022, up from 74% in 2020.

In industries where compliance and regulation are major factors, such as the legal sector and financial services, it has never been more important to take cyber security seriously.

Ransomware attacks are continuing to pose a serious threat to individuals and organisations, with more advanced attack methods forcing payouts from victims. Around 236.1 million ransomware attacks have been reported worldwide in the first half of 2022. For more information, visit our ransomware statistics page.

the main threats to cyber security for business

Cyber crime trends 2022

Supply chain attacks

Supply chains are becoming increasingly interconnected and complex as technology improves. However, security vulnerabilities in one business can expose partners they are connected with. Cyber criminals are targeting these vulnerabilities, with up to 40% of cyber threats now occurring indirectly through the supply chain.

Research highlights that cyber security leaders are burnt out and in an ‘always on’ state as increased digital connections demand more of their time.

Cyber criminals are using this fatigue to their advantage. A study has revealed that just 23% of security leaders monitor their partners and vendors in real-time for cyber security risks. These organisations also limit third-party coverage to their immediate vendors and suppliers. This excludes their wider ecosystem of customers, business partners, investors and others.

Awareness of third-party risk is increasing. By 2025, it is estimated that 60% of organisations will use cyber security risk as a key factor when determining transactions and business engagements with third parties.

Recent research also highlights the worry of C-Suite executives about vulnerabilities in the supply chain. When 900 companies were asked what they thought were the most likely types of cyber attacks on their business, 60% responded with supply chain attacks. This is the same as DDoS attacks, ahead of cyber espionage (59%) and APT (57%), but less than ransomware and data theft (66%).

Demonstrating the risks within the supply chain is Atlassian. Used by 83% of Fortune 500 companies, Atlassian products are hugely popular across the world, with 180,000 customers in more than 190 countries.

However, cyber criminals exposed a severe vulnerability in Atlassian Confluence in June 2022. As mentioned above, Atlassian products are used by some of the biggest organisations in the world; the consequences of data leaks could be crippling. Research found that almost 200,000 companies depend on organisations that may have been affected by the vulnerability.

Internet of Things (IoT) devices

The IoT doesn’t require human interaction to function, making IoT devices excellent assets in business to automate tedious workflows and reduce the margin for error. The use of sensors and software to collect and process data means IoT devices offer new methods of creation for revenue streams and better ways for businesses to communicate with partners and customers.

However, these devices are a prime target in cyber crimes. GPS trackers, ‘smart’ wearables and other IoT devices can hold valuable data, and those that do not have robust security software are vulnerable.

This was discovered in the case of MiCODUS. The MiCODUS MV720 GPS tracker is a popular automotive tracking device, designed to help with vehicle fleet management. It is hardwired into vehicles, enabling anti-theft, fuel cut-off, geofencing and remote control capabilities.

MiCODUS products are used in 169 countries by the general public, government agencies, militaries, law enforcement and businesses. 6 severe vulnerabilities were found in the MV720. Exploiting these vulnerabilities means attackers could track shipments, cut fuel to emergency vehicles or extort ransoms by disabling fleets.

The human element

The human element remains a critical vulnerability for both businesses and individuals. 82% of breaches against businesses involved a human element, through issues like error and social engineering.

Phishing attacks are the most common form of cyber threat, and more damaging attacks are often dependent on the success of an initial malicious email. Encouraging people to follow a link to a spoof website and enter credentials, or download malware, gives hackers the tools needed to escalate attacks. From there, serious threats like ransomware can be delivered.

Cyber crime on social media

The growth of social media in recent years has given cyber criminals another avenue of attack. Meta, the parent company of Facebook, uncovered more than 400 malicious iOS and Android apps in 2022 that targeted mobile users to steal their Facebook login credentials.

43% of these apps were ‘photo editors’, including ones that allowed the user to turn themselves into a cartoon. A further 15% were ‘business utility’ apps, which claimed to be able to provide hidden features not found in official apps from reputable platforms. By creating fake reviews, cyber criminals can artificially inflate the ranking of their apps and disguise poor reviews that highlight issues. Unsuspecting users then download the app, where they are then asked to log in using Facebook. Any details entered can be seen by the hacker.

In Q2 of 2022 alone, Facebook removed 8.2 million items of content that violated its policies on bullying and harassment. In Q1 of 2022, 9.5 million pieces of policy-violating content were removed, the highest ever number removed by the platform.

Cyber criminals will use social media to scope out and target individuals for scams, such as romance scams. This type of fraud involves the criminal establishing a ‘relationship’ with a target, before getting the unfortunate victim to send money, purportedly for plane tickets, an urgent operation or other ruses. In the UK, romance scams cost victims £14.6 million in May 2021 alone. Half of romance scam victims in the UK in 2021 were women, with 39% men and the final 11%, not specifying their gender.

Cyber crime statistics worldwide 2022:

  • The UK has the highest number of cyber crime victims per million internet users at 4783 as of December 2022 – up 40% over 2020 figures.
  • The country with the next highest number of victims per million internet users as of December 2022 is the USA, with 1494, a 13% decrease over 2020.
  • 1 in 2 North American internet users had their accounts breached in 2021.
  • The UK and USA have disproportionately more victims of cyber crime per million internet users compared to other countries – the USA had 759% more victims in 2021 than the next-highest country, Canada.
  • The Netherlands has seen the greatest rise in victims – 50% more than in 2020.
  • Greece has seen the largest decrease in victims – down 75% over 2020.
  • In 2021, there were an average of 97 data breach victims every hour worldwide.
  • 2021 saw an average of $787,671 lost every hour due to data breaches.
  • The top country on the National Cyber Security Index (NCSI) in December 2022 is Greece, with a score of 96.10. The countries with the 5 highest scores on the NSCI are:
    • Greece (96.10)
    • Lithuania (93.51)
    • Belgium (93.51)
    • Estonia (93.51)
    • Czech Republic (92.21)
  • Between Q2 and Q3 of 2022, the countries that have suffered the largest increases in data breaches are:
    • China (4852% amounting to 14,157,775 breached accounts)
    • Japan (1423% amounting to 1,246,373 breached accounts)
    • South Korea (1007% amounting to 1,669,124 breached accounts)
  • The countries with the largest decreases in data breaches between Q2 and Q3 2022 are:
    • Sri Lanka (-99% amounting to 1,440,432 fewer breached accounts)
    • Myanmar (-82% amounting to 17,887 fewer breached accounts)
    • Iraq (-78% amounting to 16,113 fewer breached accounts)
  • 76% of respondents in a 2022 case study covering the US, Canada, UK, Australia and New Zealand say their organisation has suffered at least 1 cyber attack this year. This is a large increase over the 55% figure in 2020.
  • From the same study, only 30% have cyber insurance, with 69% fearful that a successful cyber attack could put their SMB out of business entirely.
  • In 2021, Asian organisations suffered the most attacks worldwide. The percentage of attacks against organisations by continent in 2021 is as follows:
    • Asia (26%)
    • Europe (24%)
    • North America (23%)
    • Middle East and Africa (14%)
    • Latin America (13%)
  • In 2021, there was some variance in the attack types used when breaching organisations:
    • In Asia, the main attack type experienced was server access, with 20% of observed attacks. This was ahead of ransomware (11%) and data theft (10%).
    • In Europe, ransomware was the main attack type, accounting for 26% of attacks in the continent. Server access attacks (12%) and data theft (10%) were the next most common attack types.
    • In North America, the main attack type was also ransomware, with 30% of attacks. This was ahead of business email compromise (12%) and server access attacks (9%).
    • In the Middle East and Africa, the main attack type observed was server access, making up 18% of attacks. Server access attacks were also seen in 18% of attacks, followed by misconfiguration (14%).
    • In Latin America, the main attack type was ransomware, making up 29% of attacks. This was ahead of business email compromise and credential harvesting (both seen in 21% of attacks).

UK cyber crime statistics:

  • According to the NCSI, as of December 2022 the UK ranks:
    • 22nd on the NCSI, with a score of 77.92
    • 2nd on the Global Cyber Security Index
    • 5th on the ICT Development Index
    • 10th on the Network Readiness Index
  • As of December 2022, 39% of UK businesses have experienced a cyber attack, the same as in 2021. However, this has dropped since 2020 (46%).
  • Of these businesses, 31% estimate that they were attacked at least once a week.
  • Cyber crime cost UK businesses an average of £4200 in 2021. For just medium and large businesses, this number rises to £19,400.
  • The most common cyber threat facing UK businesses as of December 2022 is phishing (83% of identified attacks).
  • 82% of boards or senior management in UK businesses see cyber security as a high priority. This is an increase from 77% in 2021.
  • As of December 2022, 54% of UK businesses have acted to identify cyber security risks, up from 52% in 2021. However, the 2022 figures have dropped compared to 64% in 2020.
  • 13% of UK businesses assess the risks posed by their immediate suppliers.
  • Less than a fifth (19%) of UK businesses have a formal incident response plan.
  • 39% of UK businesses have assigned roles should a cyber incident occur.
  • Just 6% of UK businesses have Cyber Essentials certification as of December 2022, and 1% have Cyber Essentials Plus certification – this is largely due to low awareness of the schemes.
  • 45% of UK businesses have employees that use personal electronic devices for work purposes, or have Bring Your Own Device policies.
  • 16% of UK businesses still use older versions of Windows.
    • For small businesses, this rises to 20%.
    • For large businesses, this rises to 23%.
  • 23% of UK businesses have a formal cyber security strategy in place.
    • Large UK businesses are above the average at 57%.
    • However, ‘micro’ businesses are below the UK average at 20%.
  • In 2022, 43% of UK businesses are insured against cyber attacks – an increase over 2020 when only 32% were insured.
  • Phishing attacks are considered the most disruptive form of cyber crime for UK businesses, tied with threat actors impersonating the organisation in emails or online.

Cyber crime in Asia

Cyber crime in Pakistan

Cyber crime has become an increasingly severe problem in Pakistan in recent years. Financial fraud is the most common type reported; in 2020 alone, of 84,764 total complaints, 20,218 Pakistanis reported falling victim to financial fraud-related online crimes. This is ahead of hacking (7966), cyber harassment (6023) and cyber defamation (6004).

An increasing number of Pakistanis have experienced cyber crime through social media. Between 2018-2021, financial fraud through social media increased by 83%. Of 102,356 total complaints received in 2021, 23% of cyber crimes used Facebook.

Cyber crime in India

Like many countries, India is suffering increasingly from cyber crime. The number of cyber-related crimes reported in 2018 was 208,456. In the first 2 months of 2022 alone, there were a reported 212,485 cyber crimes, more than the entirety of 2018.

The figures rose more sharply through the pandemic, with reported crime jumping from 394,499 cases in 2019 to 1,158,208 in 2020 and 1,402,809 in 2021. Between Q1 and Q2 2022, cyber crime across India increased by 15.3%.

Additionally, there have been an increasing number of Indian websites hacked in recent years. In 2018, some 17,560 sites were hacked. In 2020, an additional 26,121 sites were hacked.

78% of Indian organisations experienced a ransomware attack in 2021, with 80% of those attacks resulting in the encryption of data. In comparison, the average percentage of attacks was 66%, with the average encryption rate at 65%.

Cyber crime in Malaysia

79% of Malaysian organisations were targeted by ransomware in 2021, with 64% of attacks resulting in the encryption of data.

Cyber criminals have also been increasingly targeting internet users in Malaysia. Over 20,000 cyber crimes were reported in 2021, amounting to RM560 million ($123 million) lost from victims. Between 2017-2021, the total amount lost to cyber crime in Malaysia was estimated at RM2.23 billion ($490 million). From January to July 2022, there were 11,367 reported cases of cyber crime, with the rate of crime increasing 61% from 2016 to 2022.

Cyber crime in Nepal

Despite its small population, cyber crime is still an issue in Nepal. For the fiscal year 2020-2021, there were 3906 recorded cases of cyber crime. In just the first 3 months of the current fiscal year (2021-2022) there have been 1547 reported cyber crime cases.

Nepal currently ranks 101st out of 160 countries on the National Cyber Security Index, and 94th on the Global Cyber Security Index. Nepal also ranks 140th on the ICT Development Index.

Cyber crime in North America

Cyber crime in Canada

Canada has experienced a marked increase in the rate of cyber crime in recent years. Between 2017 and 2021, reported cyber crime increased by 153%, from 27,829 cases in 2017 to 70,288 cases in 2021.

Coupled with this increase in cyber crime is an increasing worry amongst Canadians about online personal information usage. A 2020 study revealed that 48% of internet users in Canada were ‘extremely worried’ about their data being used in identity theft.

Canadian organisations have also been significantly impacted by cyber crime. In 2017, $1.5 billion was lost through cyber crime. In 2021, 85.7% of Canadian organisations suffered at least one cyber attack. For comparison, 89.7% of organisations in the USA were attacked at least once in 2021; in the UK, this percentage drops to 71.1%.

Cyber crime in the United States

An estimated 53.35 million US citizens have been affected by cyber crime in the first half of 2022. Between July 2020 and June 2021, the US was the most targeted country for cyber attacks, accounting for 46% of attacks globally.

US citizens lost $6.9 billion in 2021 to cyber-related crimes, including romance scams ($956 million), investment scams ($1.4 billion) and business email compromise ($2.39 billion).

For businesses, ransomware is a serious threat to security, with 60% of US organisations having their data encrypted in successful ransomware attacks. The cost to rectify these attacks cost an average of $1.08 million in 2021, a decrease of 49% from 2020 ($2.09 million).

Just 50% of US organisations have cyber insurance with full cover. A further 28% have cyber insurance with exclusions or exceptions in the policy, meaning they may not be covered for certain attacks or under certain circumstances. Most worryingly, this means around 1 in 10 US organisations (12%) have no coverage against cyber attacks, risking financial ruin should they suffer an attack.

Cyber crime in Oceania

Cyber crime in Australia

Cyber crime continues to be an issue in Australia. Scams are one of the main concerns, with investment scams having cost Australians more than $48 million so far in 2022. In total, more than $72 million has been lost through scams in 2022. In addition, 1 in 4 Australians have fallen victim to identity fraud.

Australians are, on average, some of the wealthiest people in the world. A study of the median wealth per adult put Australians at the top of the rich list, with a median wealth of $273,900 – ahead of Belgium ($267,890) and New Zealand ($231,260). This perhaps partly explains why cyber criminals target Australian individuals and organisations.

In September 2022, a major data breach at telecommunications company Optus, affected around 2.1 million customers. 9.8 million individual records were stolen, including addresses, names, dates of birth and, in some cases, passport numbers. However, no bank details were compromised in the attack.

On average, there is a cyber attack every 10 minutes in Australia, with 43% of these attacks targeting SMEs. Education, healthcare and government are the most targeted areas.

From July 2021 to June 2022, cyber attacks in Australia increased by 81%. Network traffic only increased by 38% during the same period, highlighting the continuing prevalence of cyber crime in the country. Attacks targeting financial sites have risen more than 200% in 2022.

Cyber crime in Africa

Cyber crime in Nigeria

In 2020, Nigeria was ranked 16th in the world for countries most affected by cyber crime. A recent development in Nigeria’s cyber threat landscape is hackers tempting employees of Nigerian organisations to act as insider threats. Research has revealed that hackers have started offering money in return for employees to divulge sensitive information on an organisation’s network. While the report did not say whether any staff had acted as insider threats, it is clear that this is a growing area of concern.

In Q3 of 2022, Nigeria experienced a 1616% increase in the number of data breaches, from 35,472 in Q2 to 608,765 in Q3.

However, the Nigerian government is continuing to fight against cyber crime. Since the start of 2022, Nigeria’s Economic and Financial Crimes Commission (EFCC) have convicted 2847 people in connection with cyber-related crimes.

Cyber crime in Zambia

Zambia ranks 58th out of 161 countries on the National Cyber Security Index and 73rd out of 194 countries on the Global Cyber Security Index.

As a developing country, access to technology is somewhat restricted – only 50% of Zambians own a personal computer. However, around 75% own smartphones, which makes scams via text a particular issue. In 2021 alone, 10.7 million cyber crimes were reported to the Zambia Computer Incident Response Team (ZM-CIRT), which included mobile money reversal scams and social media hijacking.

The GDP per capita of Zambia is $4000. Between 2020 and Q2 2022, the Zambian finance sector suffered losses of over 150 million ZMK ($872,000). In the same period, SMS fraud cost Zambians over 1 million ZMK ($58,000).

Cyber crime in Europe

Cyber crime in Russia

Russia experiences high levels of cyber crime. In Q1 of 2022 alone, there were 42.92 million data breaches. While this decreased to 28.78 million breaches in Q2 of 2022, it is clear that cyber crime is a serious threat in Russia. There are an average of more than 249,000 cases of digital fraud annually, and in one day over 8 billion phishing emails were sent from Russian addresses.

In Q3 of 2022, 22.3 million Russian internet users had their accounts breached, the highest of any country. The 5 countries with the highest amount of breached accounts in Q3 of 2022 are Russia, France (13.8 million), Indonesia (13.2 million), the US (8.4 million) and Spain (3.9 million). These countries accounted for more than half of the total number of breaches globally in Q3 2022. As of November 2022, for every 1000 internet users, 153 have had their accounts breached.

Cyber crime cost UK businesses an average of £4,200 in 2021

For just medium and large businesses, this number rises to £19,400
it centralisation image, abstract server stacks

Notable cyber breaches

What happened in the 2021 JBS ransomware attack:

JBS is the largest meat processing company in the world. On May 30th 2021, cyber criminals breached the JBS network with ransomware, disrupting plants in the USA, Canada and Australia. All JBS-owned beef processing plants in the USA were temporarily inoperative.

Impacts included the US Department of Agriculture being temporarily unable to offer wholesale prices for beef and pork, and highlighted vulnerabilities in the meat processing supply chain.

On June 9th, JBS paid an $11 million ransom to the cyber criminals, preventing further disruption and the potential leaking of sensitive data. JBS stated that it spends over $200 million annually on IT and employs more than 850 IT professionals worldwide.

What happened in the 2021 Robinhood hack:

Robinhood is a USA-based stock trading app. On November 3rd 2021, data of 7 million users was stolen and held to ransom by cyber criminals.

The hackers accessed this data through social engineering, divulging employee login details to access the network without using brute force. This led to 5 million users having their email addresses compromised, with a further 2 million having their full names exposed. 310 victims had more personal information stolen, including dates of birth and US zip codes.

The hackers demanded a ransom to prevent this data from being leaked. Robinhood refused, hiring a cyber security firm to investigate the breach.

What happened in the 2022 Uber hack:

On 16th September 2022, Uber’s AWS cloud account and corporate Slack account were breached. It is likely that the hacker purchased an Uber corporate password used by a contractor, whose credentials had been exposed after their personal device was infected with malware.

The hacker used these credentials to repeatedly log in to the contractor’s Uber account, which triggered MFA approval requests. Repeated MFA requests caused ‘MFA fatigue’ where the contractor became fed up with receiving notifications. When the contractor eventually accepted a request, the hacker gained access to the account and escalated the attack.

Uber responded by identifying potentially compromised accounts, either blocking them or resetting their passwords. They also reset access to internal tools and locked down the codebase to prevent any new code changes. No public-facing applications were accessed, meaning sensitive data such as customer credit card details and bank account information remained secure.

What happened in the 2022 National Health Service (NHS) cyber security breach:

On 4th August, Advanced, a key supplier of digital NHS services like patient check-ins and NHS 111, suffered a ransomware attack from an unknown hacking group.

The attack took several services offline, including software used by medical professionals for patient check-ins, patient records and NHS 111. GP practices suffered as access to important patient information was blocked, and notifications could not be electronically sent between hospitals and GPs.

In-person visits had to be recorded manually, extending wait times and piling extra work onto an already thinly stretched NHS workforce.

From August 22nd, NHS 111 services started to return to normal. Advanced worked on its security vulnerabilities and is restoring impacted services in a new, secure environment.

Nvidia cyber attack 2022

On 23rd February, Nvidia, a major microchip producer suffered a data breach which saw source code fall into the hands of cyber criminals.

The hacking group Lapsu$ claimed responsibility for the attack, claiming it had stolen around 1TB of data. This included employee information, such as account passwords, and source code for graphics card drivers.

No ransomware was detected in the security breaches, with the crime group instead demanding Nvidia make their drivers open-source.

Nvidia responded by changing all staff members’ passwords, ensuring any leaked information would be useless. Lapsu$ also claimed that Nvidia launched a ransomware attack against them, encrypting the stolen data so it couldn’t be leaked.

WannaCry cyber attack 2017

One of the most widespread cyber breaches in history, WannaCry was a global ransomware attack that affected more than 200,000 computers in over 150 countries.

WannaCry exploited a vulnerability in unpatched versions of the Windows operating system. This vulnerability was known as ‘EternalBlue’, and had allegedly been developed in the US by the National Security Agency. A hacking group known as ‘The Shadow Brokers’ exposed the issue before the attack happened.

Microsoft released a patch that removed EternalBlue. However, businesses and individuals across the world ignored the update, not realising the danger their computers were in.

As such, WannaCry was a devastating attack. The ransomware infected hundreds of thousands of computer systems across the globe. The attackers encrypted data on the affected machines, demanding the victims pay the attackers $300 in Bitcoin to avoid having their data deleted.

WannaCry is estimated to have caused over $4 billion in damages worldwide. In the UK, the NHS had to cancel 19,000 appointments, costing the health service around £92 million.

siem services image

What is cyber crime?

According to the Crown Prosecution Service, cyber crime is split into 2 categories:

Cyber-dependant crime: Crime that can only be committed through the use of technology, ‘where the devices are both the tool for committing the crime, and the target of the crime.’ Examples include malware that targets victims for financial gain and hacking to delete or damage data.

Cyber-enabled crime: ‘Traditional’ crime that has extended reach through the use of technology. Examples include cyber-enabled fraud and data theft.

How much does cyber crime cost the economy?

Cyber crime cost global economies around $787,671 per hour in 2021. Over the course of the year, this amounts to $6,899,997,960 lost worldwide to cyber criminals.

How much does cyber crime cost the UK?

It is estimated that UK businesses lost around £736 million to cyber crime in 2021. Including consumers, as much as £2.5 billion may have been lost in 2021 to cyber criminals.

Why is cyber crime increasing?

Cyber crime against businesses in the UK had been decreasing pre-Covid (from 46% of UK businesses reporting suffering a cyber attack in 2017 to 32% in 2019). However, the changes in the workplace brought about by lockdowns through the pandemic caused cyber crime to spike again as 46% of UK businesses reported suffering a cyber attack in 2020.

Cyber crime against UK businesses has since slowly decreased – in 2021 and as of December 2022, 39% of UK businesses have reported suffering a cyber attack.

Cyber crime victim density in the UK increased 40% from 2020 to 2021, likely driven by using personal electronic devices for work and generally using the internet more during lockdowns.

Who does cyber crime affect?

Cyber crime affects everyone. The least affected are typically those under 20, but students switching to studying online during the pandemic in 2020 contributed to a nearly 100% increase in victims under 20 (from around 10,000 to more than 20,000).

Numbers have dropped by 36% in 2021, but remain 56% above pre-Covid levels.

Pensioners (60+) are the group most vulnerable to crime online. 2020 saw a 55% increase in victims over the age of 60, and this trend has continued through 2021 to over 92,000 victims.

How often does cyber crime occur?

With an average of 97 cyber crime victims per hour, this means there is a victim of cyber crime every 37 seconds.

In addition, 2 internet users have had their data leaked every second so far in 2022. This is an improvement over 2021, where 6 users had their data leaked every second.

Which country has the most cyber crime?

The latest cyber crime statistics highlight that hackers target certain countries over others – in 2021, 71% of countries had below the global average breach density (16.5 leaked emails per 100 internet users).

The UK has the highest density of cyber crime victims per million internet users – 4783. This is followed by the USA with 1494.

Russia currently has over 3.5 million breached users – the highest in the world as of December 2022. This is followed by the USA with almost 2.5 million breached users.

What is hacking in cyber crime?

‘Hacking’ is the act of gaining unauthorised access to a computer or data.

How common is hacking?

There is no single data source for how many people get hacked. However, it is estimated that there is a victim of cyber crime every 37 seconds. In 2021, 1 in 5 internet users had their emails leaked online, which could in turn lead to hackers being able to access their accounts or target the email in phishing attacks.

What is eavesdropping in cyber crime?

‘Eavesdropping’ enables hackers to view, intercept, modify or delete data sent between 2 devices. Eavesdropping can be passive, where the hacker ‘listens’ to data being transmitted but does not otherwise interfere.

Active eavesdropping happens when hackers intercept data packets on a network by pretending to be a genuine connection. ‘Man-in-the-middle’ attacks are the most common form of active eavesdropping. Hackers access networks through social engineering or malicious software, and can then steal, redirect or delete data sent between devices on that network.

What is fraud in cyber crime?

Online fraud is when criminals use technology to gain an advantage, usually financial, over a person or business. Fraud cost the UK £137 billion in 2021, the losses amounting to more than Jeff Bezos’ net worth.

Sources

Deep Instinct, Surfshark, IBM, World Economic Forum, ConnectWise, Statista, Gartner, Bulletproof, Kaspersky, Atlassian, BitSight, Verizon, NCSI, UK government, Pakistan Federal Investigation Agency, CERT-IN, Statistics Canada, Cyber Edge, Savvy, Optus, Credit Suisse, Imperva, Deloitte, EFCC, Bloomberg UK, JBS, BBC, Uber, Nvidia, Bloomberg, ZDNet, CPS, NCSC, National Fraud Intelligence Bureau, Action Fraud, Crowe, Microsoft, Sophos, Business Today, Commercial Crime Investigation Department (Malaysia), Indian Cyber Crime Coordination Centre, Nepal Police Cyber Bureau, Meta, OSAC, ZM-CIRT, GCI