Cybercrime isn’t just a growing threat—it’s now a multibillion-dollar underground economy. According to the FBI’s newly released Internet Crime Complaint Center (IC3) report, cybercrime losses soared to more than $16.6 billion in 2024, despite a slight dip in the number of complaints filed.
The agency received close to 860,000 cybercrime complaints last year, down slightly from over 880,000 in 2023. Yet the financial damage grew by a staggering 33% year-over-year, signaling a rise in the scale and impact of online fraud and cyber-enabled crimes. Notably, only around 256,000 complaints disclosed actual financial losses, underscoring how costly a fraction of cyber incidents can be.
Industry experts say these figures highlight a dangerous shift. Steve Povolny, senior director at Exabeam, noted in a statement that cybercrime has become a full-blown industry of its own. With $16.6 billion in losses, it outpaced the combined net profits of the U.S. box office, commercial airline sector, and recorded music industry. As Povolny puts it, cybercriminals aren’t just stealing data anymore—they’re building a financial empire.
Investment Fraud Leads, But Phishing Dominates Volume
While phishing and spoofing topped the charts in terms of complaint volume, the financial impact was most severe in other categories. Investment fraud caused the greatest losses, totaling over $6.57 billion, followed by business email compromise (BEC) scams at $2.77 billion, and tech support scams at $1.46 billion. Personal data breaches weren’t far behind, accounting for another $1.45 billion in reported damages.
In total, cyber-enabled fraud drove $13.7 billion in losses—nearly 83% of the total amount—despite making up only 38% of total complaints. A key driver of this figure was a surge in call center scams, especially those impersonating cryptocurrency exchanges or tech support lines, which alone caused $1.9 billion in damages.
The IC3’s long-term data paints a sobering picture: over the past five years, the agency has logged 4.2 million complaints and recorded more than $50.5 billion in losses. Since its founding in 2000, IC3 has received over 9 million complaints.
Ransomware, Critical Infrastructure Attacks Still Rising
The IC3 also tracked a growing number of attacks on critical infrastructure, with over 4,800 complaints filed from organizations in vital sectors. Ransomware and data breaches remained the most reported threats, with Akira, LockBit, RansomHub, Fog, and Play being the most prevalent ransomware strains.
In total, the IC3 identified 67 new ransomware variants in 2024. Ransomware-related losses, along with broader cyber threat incidents, exceeded $1.57 billion and accounted for more than 260,000 complaints.
On a global scale, the U.S. remains the most targeted country, with over 102,000 complaints, followed by Canada and India, which reported around 7,000 and 4,000 complaints respectively. Victims from a total of 200 countries contacted the IC3 during the year.
Social Engineering Remains a Key Weapon
One of the report’s biggest revelations was the overwhelming reliance cybercriminals still place on social engineering tactics. Phishing and extortion alone contributed nearly 280,000 complaints, making clear that human error continues to be a preferred entry point over technical vulnerabilities.
Andrew Costis of AttackIQ emphasized that this trend proves how attackers are leveraging human psychology more than ever to breach systems, often bypassing advanced cybersecurity defenses altogether.
