IT Brief India - Technology news for CIOs & IT decision-makers
India
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
MFA
#
Phishing
#
Cybersecurity

Cybercrime losses soar to USD $16.6 billion in 2024, outpacing US box office

Today
Author image
By Shannon Williams, Journalist

Cybercriminal activity reached new and deeply troubling heights in 2024, with the latest Internet Crime Report from the US Federal Bureau of Investigation revealing that over USD $16.6 billion was stolen from individuals and organisations over the year. The annual report highlights a concerning trend: cybercrime is not only mounting in scale, but it is also outstripping the revenues of major American industries.

"At USD $16.6 billion, cybercrime in 2024 out-earned the US box office, the entire US airline industry's net profits, and the US recorded music market—combined," said Steve Povolny, Senior Director of Security Research at Exabeam. "Hackers aren't just stealing data; they're surpassing the financial scale of major, everyday industries. In an era where entire industries fight for margins, cybercrime continues to deliver windfall returns for bad actors. It's not just a threat—it's a thriving underground economy."

The FBI's data reflects an alarming evolution in cyber adversary tactics. Among the reported incidents, phishing, spoofing, extortion, and personal data breaches remained the most common techniques deployed by criminals. Together, phishing and extortion alone accounted for approximately 280,000 reported cases, demonstrating the persistent effectiveness of social engineering over technical exploitations.

Andrew Costis, Engineering Manager of the Adversary Research Team at AttackIQ, noted: "The biggest takeaway from this report is how popular and effective social engineering is as an attack vector. Phishing and extortion being the two most frequent crime types... shows that attackers are continuously exploiting human error and vulnerabilities and finding success, rather than technical weaknesses in defence systems."

Costis also emphasised the importance of adopting a realistic approach toward cyber threats. He advocates for an "assume breach" mindset, encouraging regular validation of security controls and real-world adversary emulation to better prepare for and mitigate risks from inevitable attacks.

While the staggering financial losses and the focus on older victims are concerning, many experts argue the more profound issue is the simple nature of the attacks. According to Randolph Barr, Chief Information Security Officer at Cequence: "While the total losses (USD $16.6 billion) and the number of victims over 60 are alarming, what really jumps out to me is that these attacks are not as complex as they seem. The reality is that many of today's bad actors aren't being challenged. They don't need advanced tools because too many individuals and organisations still haven't implemented foundational controls like MFA, phishing education, or patch management. As a result, they become easy targets."

Barr added that this ease of access for cybercriminals is fuelling a surge in attempts by new bad actors. "The barrier to entry is so low that we're seeing more people attempt these scams simply because of how easy and effective they are," Barr said. He further pointed out that older individuals continue to be disproportionately targeted. Their financial stability, trusting nature, and unfamiliarity with modern scam tactics make them especially vulnerable to attack.

The report and expert commentaries collectively highlight a shift in the cyber threat landscape, where the attack surface has moved significantly away from traditional data centres toward individuals—remote workers, personal devices, and unsecured home networks now represent the new battleground.

Barr issued a serious call for broader vigilance: "As the audience read this report or any similar reports, they should not just think about how to protect their company—think about how to educate their family, especially older loved ones."

Cybersecurity specialists agree that organisations and individuals alike must take proactive steps. This includes deploying multi-factor authentication, conducting regular security awareness training, and maintaining effective patch management as non-negotiable standards. The FBI report further raises the necessity of widespread cybersecurity education and resilience, emphasising that the fight against digital crime begins at both the enterprise and personal levels.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
AI use in enterprises soars but brings surge in cyber risks
Armis offers free access to real-time cyber threat database
Mandiant report finds rise in financially motivated cyber attacks
IRONSCALES launches Deepfake Protection to fight phishing surge
Swimlane launches AI-driven solution to ease compliance audits
Top stories
Why the model context protocol is not just an IT project
Zenity secures ChatGPT Enterprise use with expanded AI oversight
Law firms advised to strengthen tech basics before embracing AI
Most firms unprepared for GenAI surge despite competitiveness
Datadog acquires Metaplane to boost AI-ready data monitoring