Cyberattacks are on the Rise, and They're Costing Us Billions of Dollars

Major cybercrimes have become increasingly common, putting private information at risk and causing serious financial damage.

Consider the massive breach at background check company National Public Data caused by a third-party bad actor in late 2023. The company confirmed a leak had compromised the privacy of social security numbers, addresses, and other personal information published on the dark web in April 2024, but the information only became public after a proposed class action lawsuit against NPD was filed in August of the same year, resulting in more lawsuits for the company.

Though the exact numbers are unknown, malicious cyberattacks have nearly doubled since the COVID-19 pandemic, according to the International Monetary Fund's 2024 Global Financial Stability Report. Increased digital reliance across critical infrastructure such as energy grids, transportation systems, communications, and financial services has contributed to a surge in attacks, according to the report.

What's more, as risks to information technology systems grow, so does attackers' capacity to cause harm, amplifying existing threats. We examined analyst reports and news reports to see how much cyberattacks are costing companies and consumers around the world.

Email Scams, Ransomware, and Phishing All Lead to Cybercrimes

Hackers exploit cybersecurity vulnerabilities using various types of attacks including phishing, ransomware, and data breaches.

Business email compromises alone accounted for nearly $3 billion in losses in 2023, with the vast majority, 94%, of organizations reporting some type of email incident. These types of scams target legitimate business email accounts, often using fake vendor accounts, requests for cash for gift cards, or custodial accounts to conduct unauthorized funds transfers, according to the FBI's 2023 Internet Crime Report.

Data breaches, or the loss of an organization's sensitive information, reportedly cost $4.9 million on average in 2024 globally, an increase of 10% over the previous year. Large organizations are not the only groups to fall victim to malicious online behavior, however. Attackers now look for much smaller targets, with companies with fewer than 100 employees three times likelier than large companies to be targeted by cybercriminals, according to a 2022 report from IT security company Barracuda Networks.

Because many smaller businesses lack sufficient resources to cover the financial fallout, roughly 2 in 3 small to midsized businesses go out of business within six months of a cyberattack, according to a 2023 report from the United States Agency for International Development.

Though larger institutions may have more resources, cybercrimes still cause severe reputational damage in addition to the loss of funds and intellectual property. A data breach or hack at a financial institution, transportation service, or even a government agency could have a lasting impact on stakeholders ranging from national governments to individuals. The Treasury Department reported a loss of $1.2 billion to U.S. financial institutions in 2021.

Cybercrimes can also have broad economic consequences, including the costly disruption of critical business operations and increased cybersecurity across industries. Ransomware attacks on several major oil terminals in Germany, Belgium, and the Netherlands in early 2022 exposed the risks of supply chain disruptions, highlighting the impact of cybercrimes on the global economy. The resulting rising inflation and unemployment revealed how attacks can bring industries to their knees, potentially triggering a ripple effect throughout major economies and local communities.

As Cybercrimes Grow, Monitoring and Awareness Must Evolve

The growing accessibility and interconnectedness of online data creates more opportunities for cyberattacks. Linked systems—ATMs, security installations, control systems, personal tablets, or phones—add to the threat level of compromised data security. Online attackers are aware of these vulnerabilities. Accessing data in a linked system can create a dangerous domino effect, easily acquiring data from a variety of sources. There will always be an inherent risk to online activity.

Cyber attackers will continue to evolve over time, and as a result, cybersecurity must evolve along with them. Understanding that cyberattacks target the perceived value of data can help managers dictate what data requires the most precautions.

Embedding cybersecurity into core business properties, properly vetting third parties, and developing rapid responses to breaches can help organizations protect their data and enhance cybersecurity. Increasing awareness, monitoring data patterns, and having a framework for managing crises are some of the necessary steps to prevent attacks—and mitigate some of the damage when they do occur.

Both businesses and individuals can take steps to strengthen cybersecurity and reduce their vulnerability to cybercrimes. Using the same password on every platform is common, making it one of the most frequent cybersecurity mistakes. Using a password manager, prioritizing software updates, incorporating multi-factor authentication, and avoiding suspicious links can help protect data and enhance cybersecurity.