How many cyberattacks occur in the US?
Over the past five years, the FBI’s Internet Crime Complaint Center received an annual average of 863,000 cyberattack complaints.
In 2024, 859,532 cybercrimes were reported in the US. While the total number of reported cyberattacks was lower than in 2023 (880,418), financial losses rose over 30%, from $12.5 billion in 2023 to $16.6 billion in 2024.
Cyberattacks have more than doubled since 2018.
Cyberattack complaints reported to the FBI's Internet Crime Complaint Center (IC3), 2018–2024
Between 2018 and 2024, the Federal Bureau of Investigation (FBI) received 5.0 million complaints about cyber-attacks, with reported losses totaling $56.7 billion.
Financial losses from cyberattacks have increased by 33% since 2023.
Financial losses from cyber-attack complaints reported to IC3, 2018–2024
Cyber-attacks and cyber-fraud are a mounting problem for both individuals and the government. Although these are a fraction of total crimes, the financial losses are severe, demonstrating the need for a robust law enforcement response, according to the Government Accountability Office.
What is a cyber-attack?
The National Institute of Standards and Technology's (NIST) Computer Security Resource Center defines a cyberattack as “any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.” This includes both technical attacks involving data breaches, as well as personal cons where the victim is communicating with the fraudster.
Types of cyber-attacks include:
- Phishing/spoofing
- Data breaches
- Non-payment/non-delivery scams
- Malware
- Ransomware
- Distributed Denial of Service (DDoS) attacks
Phishing attacks made up over 20% of total cybercrimes in 2024.
Who monitors cyberattacks in the US?
The FBI leads national efforts to identify, prosecute, and reduce cybercrimes. These complaints are recorded and investigated by the FBI’s Internet Crime Complaint Center, also known as IC3.
In 2018, the US also established the Cybersecurity and Infrastructure Security Agency (CISA), responsible for defending the nation’s critical infrastructure from large-scale cyber attacks.
What cyberattacks are most common?
In 2024, the three most common cyberattacks reported were phishing, extortion, and personal data breaches.
Cybercrimes involving investment fraud, particularly using cryptocurrency, led to the most losses in 2024: $6.6 billion.
Phishing is the most common cybercrime, but investment scams cause the most loss.
Reported cybercrimes by victim count and financial loss, 2024
Who is most affected by cybercrimes?
The 60+ age group reported 30% of all financial losses from cybercrimes in 2024, the largest percentage among all age demographics.
Adults aged 60 and up also reported the most crimes (147,127) — 30% higher than the next highest cohort, adults aged 40 to 49 (112,755).
Adults over 60 reported the most cybercrimes and the highest losses.
Cybercrime complaints and losses by reported age groups, 2024
What is a cybersecurity threat?
Cyber (or cybersecurity) threats—like ransomware, malware, and data breaches—aim to steal or damage data and disrupt digital systems.
The IC3 received over 4,800 reports from critical infrastructure organizations, with ransomware and data breaches being the most common threats.
Ransomware hit critical infrastructure the hardest, while healthcare faced the most data breaches.
Number of ransomware attacks and data breaches against critical infrastructure, by sector, 2024
How to report a cyber attack
You can report internet-enabled crime against yourself or someone else via the Internet Crime Complaint Center. The IC3 processes complaints to determine their accuracy and completeness then investigates to return lost documents, information, and financial assets, if possible.
For more info on crime in the US
