An Analysis of Worldwide Cybercrime in 2021-2022

Alex Popa

By Alex Popa . 22 November 2023

Cybersecurity Journalist

Miklos Zoltan

Fact-Checked this

There have been 16,312 cybercrimes worldwide between November 2021 and October 2022. And that’s quite worrying. Cybercrime is at an all-time high right now and criminals have been getting smarter and smarter.

Moreover, the increase in cybercrimes incidents isn’t a sudden spike. Throughout the years, things have been getting progressively worse.

Let me show you what I’m talking about. Below, you’ll find the total number of cybercrimes from November 2021 to October 2022, by industry and organization size:

Industry Total Small Scale Large Scale Unknown Scale
Accommodation 254 4 2 248
Administrative 38 8 14 16
Agriculture 66 1 5 60
Construction 87 7 1 79
Education 496 63 15 418
Entertainment 432 13 3 416
Finance 1,829 70 30 1,729
Healthcare 522 28 15 479
Information 2,105 45 110 1,950
Management 9 1 0 8
Manufacturing 1,814 37 24 1,753
Mining 25 2 0 23

A few notes before we get into it:

  • Small-scale organizations have less than 1,000 employees
  • Large-scale organizations have more than 1,000 employees
  • Unknown-scale organizations have not been measured

In total, 16,312 cybercrime incidents have been reported worldwide in the assessed period.

According to Cybersecurity Ventures, the global cybercrime damage costs should reach a staggering $10.5 trillion annually by 2025.

Here’s what it predicted for 2021:

  • $6 trillion USD per year
  • $500 billion per month
  • $115.4 billion per week
  • $16.4 billion per day
  • $684.9 million per hour
  • $11.4 million per minute
  • $190,000 per second

Cybercrime costs include stolen money, embezzlement, fraud, theft of personal and financial data, destruction of data, lost company productivity, forensic investigations, post-attack business disruption, reputation damage, and more.

And this is only the damage that companies worldwide incur as a result of cyberattacks on their infrastructures.

But there’s also the cybersecurity market that witnessed an astounding growth over the years.

In 2004, it was worth around $3.5 billion, and in 2017, it grew to around $120 billion. That’s a 3,328.58% increase in the global spending on cybersecurity services and products.

Which Industry Is the Most Targeted and Why?

Based on the table above, the information industry has suffered the most data breaches in the recorded 1-year period.

You know it by another name – the Information Technology sector, or IT for short. This includes a wide range of companies like Amazon, Microsoft, Google, Apple, and others.

These are companies that deal with information. They create it, gather it, process it, and distribute it.

Telecommunications companies, computer programming, system design, market research, testing, all of this is part of the information industry.

Telecommunications

And hackers know that information is the most important asset in the 21st century. Think about it – what keeps your banking account secure? A username, a password, the bank’s security system. All of this is information.

Simply knowing that information gives you access to people’s entire livelihoods. Social media platforms also fall in the Information sector, and they’re notorious targets for cybercriminals for the same reason – information gathering.

Here are a couple of reasons why the Information sector is the most attractive target for cybercriminals:

1. Risk-Taking and Innovation

IT companies will often be at the forefront of technological advance, which means that they push boundaries and take risks.

New technologies often take the brunt of cyberattacks because there’s a higher chance that they have undiscovered security vulnerabilities.

Moreover, companies may cut some corners to go public with the new technology sooner. This could mean more bugs and more vulnerabilities.

2. Valuable Data

When it comes to data theft, hackers look for two things:

  • Personally Identifiable Information (PII)
  • Intellectual Property (IP)

And tech companies deal in just that. They often sell software to clients or hold their personal and financial data for access to their services and software.

This could mean credit card details, access credentials to accounts, and other valuable personal data that will fetch a good price on the dark web.

To get their hands on this data, hackers go to any length and use any methods available. Social engineering is often the most preferred tactic for data theft.

3. Cloud Technology

The advantage of cloud technology is clear – it allows for seamless collaboration with teams across the world, and the sharing of resources quickly.

However, cloud technology is also notorious for its data leaks and wonky security configurations. This often leads to leas of sensitive data publicly.

The fact that cloud technology connects multiple individuals or companies together also poses an inherent risk. If they hack the cloud, cybercriminals get access to all the business networks operating on it.

4. Supply Chains and Company Interconnection

IT companies often work with other third-party companies to establish a supply chain for the materials required to build their products.

This opens the way for supply-chain attacks, where infiltrating one company provides sensitive data on several other companies across the supply chain.

Software vendors are some of the most attractive targets to hackers, for instance. They fit the bill perfectly – they create a product for which they need materials (physical or digital).

And they get these materials from third-party entities.

5. Open-Ended Architecture

The IT industry is a fast-paced ecosystem where innovation relies on boundless creativity and freedom of expression.

To get that creativity, IT firms often implement remote work to find talents from around the world. This means a more open-ended architecture that leaves them vulnerable to attacks.

Remote work increases the attack surface and makes it harder for companies to establish good security for all employees.

It’s more difficult to ensure that your employees secure their devices accordingly and are aware of the risks involved.

What Is the Most Common Cybercrime Method?

The most common cybercrime method is phishing, according to a Statista study. Here are the most commonly-reported cybercrime methods in the US as of 2022:

Cybercrime Method Individuals Affected
Phishing 300,497
Personal Data Breach 58,859
Non-Payment / Non-Delivery 51,679
Extortion 39,416
Investment 30,259
Identity Theft 27,922
Credit Card / Check Fraud 22,985
BEC 21,832
Spoofing 20,649
Confidence Fraud / Romance 19,021
Employment 14,946
Harassment / Stalking 11,779
Real Estate 11,727
Government Impersonation 11,554
Advanced Fee 11,264
Overpayment 6,183
Lottery / Sweepstakes / Inheritance 5,650
Data Breach 2,795
Crimes Against Children 2,587
Ransomware 2,385
Terrorism / Threats of Violence 2,224
IPR / Copyright / Counterfeit 2,183
SIM Swap 2,026
Malware 762
Botnet 568
Other 9,966

There have been over 300,000 cases of reported phishing cases in 2022 in the US. That’s a single country out of 66 first-world countries.

Moreover, according to the World Economic Forum and the US Department of Justice, over 85% of all cybercrime goes unreported within organizations.

This means that the reality of cybercrime is much more grim than we thought. It’s one of the most spread-out sicknesses of the 21st century.

Why Is Phishing So Prevalent?

Phishing is incredibly common for a few key reasons:

Users lack security awareness

Lack of employee training is the number one reason why phishing tactics succeed. Security awareness should be mandatory to every company operating online, whether they’re handling sensitive data or not.

When employees don’t know what ransomware is or how a suspicious email looks like, they’re going to make mistakes that cost you hundreds of thousands of dollars in data theft. Or worse…

Fortunately, it seems that security awareness training has become more common across companies. An Osterman research study found companies have allocated more time to training employees on cybersecurity in 2021 compared to 2020.

For instance, in 2021, there are 4% of employees receiving zero security awareness training, compared to 12% in 2020. That’s a 66% increase in security awareness training.

Personal costs a lot on the dark web

If you’ve checked out our Dark Web Price Index in 2023, then you know just how valuable personal data is on the dark web.

A hacked Gmail account goes for $60, a hacked Facebook account costs around $25, and a Binance verified account goes for $410.

Information is expensive these days, and there are plenty of people willing to buy it. Consequently, you’ll always find criminals willing to sell it.

Tripwire claims that the cybercrime industry rakes in more profits than the drug trade.

Companies aren’t taking enough precautions

Many companies simply overlook the risk of phishing attacks. They don’t have enough backup processes in place to pre-mitigate a data theft situation, for instance.

They also fail to identify their least-aware employees that might need more training and awareness.

Technical security measures are also lacking for some companies. Take double confirmation for bank transfer requests, for instance. It would mitigate CEO fraud quite easily. But you don’t see it too often implemented.

Cybercriminals are well-funded

This might be counterintuitive but many cybercriminal groups are quite rich. Some statistics claim that they make up to $7,500 per month, which is more than enough to give them leeway in the attacks they commit.

With this much money, hackers can increase the number of attacks they carry out and prepare more sophisticated tactics.

They also have enough funds to hone their technical skills, learn new tricks, and increase their earning potential.

Cheap phishing tools

Hacking someone has never been cheaper as in 2023. The emergence of RaaS (ransomware-as-a-service) has completely changed cybercrime.

Criminals now have easy access to complex tools that they can use to carry out attacks on individuals and companies like.

Phishing kits are readily available and relatively cheap given the money-making potential they bring.

We have to face it – phishing is a lucrative business in 2023, and it’s no surprise we’ve seen an increase in the number of phishing attacks.

More sophisticated phishing programs

Have you heard about ransomworms? They’re a nasty piece of software that’s already made many victims.

It’s a self-replicating ransomware, basically. Regular ransomware programs can be easily eliminated from systems.

Not the ransomworm, though. They not only infiltrate systems faster but they’re much harder to destroy. The program keeps multiplying itself, hijacking whatever system it’s put in.

Is There Something We Can Do?

Certainly, there are many things we can do. For starters, we should become more aware of our surroundings when going online.

That link with a strange-looking URL? Indeed, it’s most likely a phishing attempt. Accessing a public Wi-Fi network? You’d rather not. They’re honeypots for hackers.

That password you reuse for half of your online accounts? It’s one of the worst things you can do in terms of online security.

We at Privacy Affairs strongly believe that being proactive is better than being reactive when it comes to cybersecurity.

It’s preferable to not have to react at all thanks to an airtight security system, rather than reacting to an attack after it occurs.

Make no mistake – cyber criminals employ increasingly sophisticated tools. But cyber-defense is also evolving at a rapid pace.

There are more and more tools you can use to defend yourself from data breaches:

  • Password managers like 1Password
  • End-to-end encrypted email providers like ProtonMail
  • Two-Factor Authentication (2FA) security keys like YubiKey
  • Virtual Private Networks (VPNs) like NordVPN
  • Virtual card services like Privacy.com
  • Premium antimalware software like Norton

I use four of the tools on this list myself. They’re a good step in the right direction but you still have to implement good online practices and common sense.

Nothing can replace data privacy and cybersecurity education!

Sources

StatistaGlobal Number of Cyber Crime Incidents from November 2021 to October 2022, by Industry and Organization Size
Cybersecurity VenturesCybercrime to Cost the World $10.5 Trillion Anually by 2025
WiredWant Job Security? Try Online Security
Privacy AffairsDark Web Price Index 2023
Privacy AffairsThe Art of Cyber Deception: Social Engineering in Cybersecurity
Insights Carnegie Mellon University12 Risks, Threats, & Vulnerabilities in Moving to the Cloud
Privacy AffairsCybersecurity Deep Dive: What Is a Supply-Chain Attack?
StatistaMost Commonly Reported Cyber Crime Categories in the United States in 2022, by Number of Individuals Affected
AnapayaThe Unseen Problem of Unreported Cybercrime
Privacy AffairsWhy Is Phishing so Common & How to Protect Against It?
Osterman ResearchSecurity Awareness Training as a Key Element in Changing the Security Culture
TripWireCybercrime and Money – Cause and Effect
PrivacyAffairs – Cybersecurity Deep Dive: What Is Cybercrime-as-a-Service?
Hotspot ShieldRansomworm – A Threat Worse than Ransomware

Leave a Comment