Cybercrime losses reported to the FBI surged to $16.6 billion in 2024, a 33% increase from 2023’s $12.5 billion. This rise in financial damage occurred even as the total number of complaints received by the agency declined slightly, with 859,000 incidents reported through the Internet Crime Complaint Center (IC3).
The trend continues a five-year pattern of escalating monetary losses from online fraud, scams, and attacks, even amid expanded enforcement efforts targeting cybercriminal operations worldwide.
Older Adults Faced the Highest Financial Impact
Victims aged 60 and older experienced the most severe financial harm. This age group filed 147,000 complaints and accounted for $4.8 billion in losses, the highest among all age brackets.
On a per-incident basis, individuals over 60 lost an average of $32,600, significantly more than the $19,300 average across all age groups. The data underscores a sustained pattern of targeting vulnerable users, often through socially engineered scams involving tech support, romance fraud, or impersonation of trusted institutions.
FBI Sees Increased Losses Despite Major Enforcement Actions
The FBI emphasized that the increase in losses came despite several high-profile operations aimed at disrupting cybercrime networks.
B. Chad Yarbrough, Operations Director for Criminal and Cyber at the FBI, highlighted the agency’s efforts to hinder cybercriminal activity. These actions included the dismantling of LockBit, a major global ransomware group, as well as the takedown of fraud and laundering syndicates, illicit online marketplaces, botnets, and fraudulent call centers. The FBI also arrested hundreds of individuals linked to cybercrime operations.
Yarbrough stated that the agency’s aggressive actions made it more difficult and costly for attackers to succeed. However, the scale and adaptability of cybercriminals continue to present serious challenges.
Phishing, Extortion, and Data Breaches Lead in Reported Incidents
Among all complaint categories, phishing and spoofing were the most frequently reported, with 193,000 cases filed in 2024. Extortion followed with 86,000 reports, while personal data breaches accounted for 65,000 complaints.
Other common schemes included non-payment and non-delivery scams (50,000 cases), and investment fraud (48,000 cases). These figures reflect the broad range of techniques used by cybercriminals to exploit individuals and organizations.
Investment Fraud and Crypto-Linked Scams Drove Record Financial Losses
Investment scams were the most financially damaging cybercrime type in 2024, accounting for $6.56 billion in losses. The FBI highlighted that a significant portion of these frauds involved cryptocurrency transactions.
In total, $9.3 billion worth of reported losses were associated with cryptocurrency, which the FBI uses to designate either the medium of payment or the method used to facilitate the crime.
This indicates the growing role of crypto in enabling fraud, laundering stolen funds, and creating new attack opportunities that bypass traditional financial controls.
Business Email Compromise Caused Nearly $3 Billion in Damages
Business Email Compromise (BEC) scams were the second most damaging in terms of financial impact. These scams, which often target finance departments and executives, led to $2.9 billion in losses from just 21,489 reported incidents.
Each BEC complaint represented an average loss of approximately $135,000, highlighting the continued threat to enterprise environments from carefully crafted social engineering campaigns.
Ransomware Losses Remain Underreported, FBI Warns
Despite widespread attention, ransomware cases made up a relatively small portion of complaints. In 2024, the FBI recorded only 3,156 ransomware incidents, with an estimated $12.5 million in reported losses.
However, the Bureau noted that many ransomware victims do not report financial damages, and the numbers do not account for business disruption, lost data, downtime, wages, or remediation costs. As a result, the true financial toll of ransomware is likely far higher.
Critical Infrastructure Organizations Among Top Targets
The FBI reported more than 4,800 complaints from entities operating within critical infrastructure sectors, including healthcare, energy, transportation, and manufacturing. Most of these incidents involved ransomware or data breaches.
These sectors remain prime targets due to their operational importance, perceived willingness to pay, and often complex, aging IT environments.
FBI Urges Victims to Report All Incidents
The IC3 continues to encourage individuals and organizations to report cybercrime, even when no financial loss occurs. According to the agency, timely and accurate reporting improves law enforcement’s ability to track emerging threats, identify attackers, and prevent future crimes.
