Cybercrime victims lose an estimated $318 billion annually

When it comes to cybercrime costs, astronomical figures are often involved. So, you’d be forgiven for thinking each country has in-depth reports on the subject and knows the cost of these crimes within their country. However, as our report demonstrates, cybercrime is still severely underreported by police and government entities and the true monetary value remains largely unknown.

Our team of researchers examined the top 100 countries by GDP, looking at the cybercrime reports available and the figures and categories involved. We found figures for 67 countries but only 15 reports of the monetary values involved.

Below, we explore what the true cost of cybercrime to victims may be, what each country’s reporting rate is, and how the cybercrime landscape has changed in each country.

Key findings

According to our estimates:

  • 71.1 million fall victim to cybercrimes globally each year (this equates to nearly 900 victims per 100,000 people)
  • The average victim loss is $4,476 per crime
  • Victims lose $318 billion to cybercrime annually

Calculating the cost of cybercrime to victims

According to our estimates, over $129 billion has been lost to the victims of cybercrime across the 67 countries we’ve covered. Globally, this amounts to $318 billion.


The countries with the biggest losses are:

  • United States: 5.28 million victims losing $28 billion
  • Brazil: 5.8 million victims losing over $26 billion
  • United Kingdom: 4.88 million victims losing $17.4 billion
  • Russia: 3.4 million losing over $15.2 billion

Based on our estimate that 899.57 victims per 100,000 people fall victim to cybercrime each year, this amounts to 71.1 million victims of cybercrime globally. At a cost of $4,476 to each crime, this equates to a victim loss of more than $318 billion each year.

An astronomical figure, but, when we compare it to other ones that are quoted (e.g. experts anticipate the global cost of cybercrime to reach $6 trillion this year and as much as $10.5 trillion in 2025), it’s a drop in the ocean. However, our figures account for victim loss only. They do not take into account the various other factors we mention below.

How did we estimate the cost of cybercrime?

To try and estimate the cost of cybercrime for each country based on the reported figures available (those released by the police or government–not estimated by other entities or studies), it’s important we discuss the significant limitations of any cybercrime cost estimates.

First, the term “cybercrime” can entail a whole host of things. From an online data breach to a flurry of botnet attacks, the sheer scale of cybercrime is vast and, to some extent, unknown. While our study focuses less on automated, wide-scale attacks and more on targeted crimes that seek to exploit individuals, steal someone’s data, or illegally access computer systems or networks, there’s still a vast difference between each police or government report on cybercrime.

For example, Panama recorded just 156 cybercrimes for 2020, while Brazil recorded 875,327 crimes. Brazil’s figures feature targeted attacks such as DDoS attacks and phishing campaigns as well as cases of online fraud through fake web pages and trojan horses. No breakdown is available for Panama.

Second, cybercrimes are heavily underreported both in terms of victims reporting the crimes (the FBI suggests only 15 percent of cybercrimes are reported) and governments creating reports about cybercrime levels in their countries.

Third, different cybercrimes have vastly different average losses, from tens to thousands of dollars. We only need to look at the IC3’s latest report to see this. On average, victims of cybercrime lost $5,304. But victims of phishing scams lost $225, while victims of BEC/EAC scams lost more than 425 times this amount–$96,373.

These are three dramatically different figures. Figures may also vary depending on what the reporting entity includes within its losses and whether or not lost time, replacement computers, police time, recovery costs, and a whole host of other factors are added in.

However, if we focus on victim losses only (which all of the reports we’ve found focus on), we can create an “across-the-board” average for each country that encompasses a number of different cybercrimes. If we incorporate this with the other known figures across various different countries and reports, we can start to create a global average for the cost of cybercrimes which we can tentatively use to create estimates for other countries and worldwide.

Here are the monetary figures we were able to find for 13 countries:

We also found figures for Ghana and Kenya. In 2019, Ghana lost $105 million to cybercrime but no precise victim numbers are given (we only have figures for 2019/20). In 2018, Kenya lost $295 million to cybercrime–but, again, we have no exact figures for this period, just 2020’s figures.

Based on the figures we do have, however, we can calculate an average loss per cybercrime case for the countries where monetary values are unavailable. We know that $7,597,783,040 was lost to 1,697,276 victims, which creates an average loss to each cybercrime case of $4,476.

We can then apply this figure to the number of reported crimes we found in each country. Across the 67 countries we covered, we found 4.38 million reports of cybercrime, which equated to an average of 135 reports per 100,000 people. Based on the fact that only 15 percent of cybercrimes are reported, this allows us to estimate that the real number of victims is actually over 29 million, which equates to nearly 900 victims per 100,000 people.

This gives us a figure of $129.5 billion in victim losses across the 67 countries we covered and $318 billion globally.

Which countries have seen the biggest increases or decreases in cybercrimes year on year?

According to the annual reports from the countries we’ve covered, we can see which countries have seen the biggest increases or decreases in the number of cybercrimes reported. Only those with reporting figures available for 2018 to 2019 or 2019 to 2020 have been included to ensure the most recent data is used.

The country with the largest increase is Sri Lanka with a 359 percent year-on-year increase (from 2019 to 2020). There, crimes increased from 3,566 to 16,376. 15,895 of those reported related to social media crimes, increasing by nearly 500 percent from 2019 (2,662). CERT suggests this could be due to the increased use of these platforms during the pandemic.

Four other countries also saw increases of 100 percent or more. These were:

  • Belarus with an increase of 176 percent from 10,665 in 2019 to 29,441 in 2020
  • Indonesia with an increase of 140 percent from 6,029 in 2019 to 14,456 in 2020
  • Puerto Rico with an increase of 125 percent from 839 in 2019 to 1,886 in 2020
  • Panama with an increase of 100 percent from 78 in 2019 to 156 in 2020

In contrast, five countries saw decreases in their figures:

  • Croatia with a decrease of 59 percent from 2,930 in 2019 to 1,188 in 2020
  • Paraguay with a decrease of 58 percent from 4,986 in 2019 to 2,101 in 2020
  • Kuwait with a decrease of 27 percent from 4,550 in 2019 to 3,300 in 2020
  • Australia with a decrease of 7 percent from 64,567 in 2018/19 to 59,806 in 2019/20
  • China with a decrease of 5 percent from 59,000 in 2020 to 56,000 in 2020

Algeria also saw a year-on-year decrease but this is based on older figures with 1,500 crimes being reported in 2017 and 1,140 in 2018 (a 24 percent decrease). And the UK saw a very marginal increase (less than one percent) from 726,122 in 2019/20 to 731,820 in 2020/21.

Countries with the highest cybercrime reporting rates

The below figures are based on the number of cybercrimes reported per 100,000 people. It’s important to note here that this is not a country-by-country comparison of cybercrime rates. As we’ve seen, a country with a high number of reported cybercrimes isn’t necessarily suffering from a higher rate of cybercrimes than a country with a lower figure. Rather, the reporting system there may be more acute and the umbrella term “cybercrime” may include crimes that other countries don’t recognize or include in their statistics.

Based on the figures each reporting entity has received, the UK has the highest number of cybercrime victims per 100,000 people. With 731,820 reports to its population of just over 66.8 million that means 1,095 per 100,000 people may have reported cybercrime in 2020 (one person may have submitted more than one).

The other four countries in the top five are Denmark (514 per 100,000 people), Spain (463 per 100,000 people), Brazil (415 per 100,000 people), and Austria (404 per 100,000 people).


When you analyze the monetary values involved and see the minimal amounts that tend to be recovered from cybercrime cases, it’s not hard to see why many criminals are eyeing up the cyber market. With such huge gains and little to no risk, it’s arguably a win-win for cybercriminals and a lose-lose for the rest of us.

Furthermore, with the lack of transparency and reporting around these types of crimes, it is difficult to gauge the true extent of the problem. Many industry reports create astronomical figures that are difficult to comprehend, but until we’re able to see the real cost of these crimes on a country-by-country basis, cybercriminals will continue to have the upper hand. Lack of reporting will lead to a loss in victim confidence (and a reluctance to report the crime), gaps in the awareness of these types of crimes, and inadequate legislation and criminal procedures to hold cybercriminals to account.

A country-by-country breakdown of cybercrime figures

Below, you can see the latest reporting figures for each country we’ve covered. Stats include the year-to-year changes and the types of cybercrimes that are being reported.


  • According to a national police statement, there were 1,140 cybercrime cases in 2018 compared to 1,500 in 2017–a 24 percent decrease
  • Reports suggest a 22.63 percent increase in cybercrimes in 2020, compared to 2019 (no figures provided)


  • 1,569 reports of cybercrime offenses reported to a non-profit organization in 2020–a 62 percent increase on 2019’s figures (971)
  • Over 18 percent related to fraud, nearly 17 percent to data theft, online extortion, and cyberbullying (each), and nearly 12 percent to slander


  • 59,806 reports of cybercrime to the government/national police from July 2019 to June 2020–a 7 percent decrease from the same time period a year earlier (64,567)
  • Almost 40 percent of the reports related to fraud (e.g. investment, shopping, or romance scams), over 32 percent to identity theft, and more than 22 percent to cyber abuse
  • 2,266 separate cybersecurity incidents were also registered to the Australian Cyber Security Centre (ACSC)
  • Of the 2,266 cybersecurity incidents, over 35 percent were targeted at government agencies
  • 27 percent of cybersecurity incidents were malicious emails and over 24 percent were compromised systems


  • 35,915 cybercrimes reported to the government/federal police in 2020–a percent increase of over 26 percent from 2019 (28,439 cases)
  • More than 52 percent of cases (18,780) related to internet fraud, and just under 5 percent of cases (1,700) to online child abuse–an 11.6 and 2 percent increase respectively


  • 1,154 reported incidents to the government in 2020–an increase of nearly 27 percent from 2019 (910)
  • 547 cases reported in 2021 so far (up to June 2021) with a month-on-month increase in the six months so far


  • 25,561 cybercrimes reported to the government in 2020–a 143 percent increase from 2019 (10,539)
  • Additional 3,880 cases through the Kufar website (an eBay/Gumtree style website),. 102 of these were reported in the first half of 2020 but more than 97 percent were reported in the second half (3,778). A mere 126 were reported in 2019, demonstrating an increase of nearly 2,990 percent


  • 43,730 cases reported to national police in 2020–an increase of around 33 percent from 2019 (32,943 cases)
  • Nearly 79 percent of cases related to fraud (34,374), nearly 8 percent (7,688) relate to cyber harassment, and almost 7 percent (7,424) relate to phishing–some figures may overlap
  • Fraud cases increased by 40 percent from 32,943 cases in 2019 to 34,374 cases in 2020
  • In 2019, the average loss to fraud was €1,060 ($1,255) per victim. Using this average figure for 2020’s number of victims, this places losses in the region of €36.4 million ($41.3 million)


  • 539 computer crimes reported to the Computer Crime Observatory between January and August 2020


  • 875,327 incidents reported in 2019–a 29 percent increase from 2018’s figure of 676,514
  • 318,697 incidents reported in 2020 (from January to June), suggesting lower figures for 2020, especially considering 28 percent of the attacks registered in 2019 occurred in June
  • 39,419 reports of fraud in 2019, 87.05 percent related to fake webpages and 6.29 percent to trojan horses
  • 18,024 reports of fraud in the first half of 2020, over 85 percent of these cases related to financial phishing, over 11 percent to non-financial phishing, and nearly 4 percent to trojan horses


  • 2,100 cybercrimes registered by the National Computer Security Incident Response Team (National CERT)–a 9 percent increase from 2019’s figures of
  • 47 percent of incidents related to fraud and 38 percent to malicious code (malware)


  • 44,136 cybercrime incidents reported to the national police in 2019–an increase of 30 percent from 2018 (33,893)
  • Nearly 48 percent of incidents related to fraud (21,047), just over 22 percent related to harassment/threats (9,877), and 12 percent relate to child porn (5,304)


  • 0.5 percent of crimes reported to the police related to computer crimes, equating to around 1,183
  • 4,685 complaints of computer crimes from 2014 to first 6 months of 2019, of which 3,416 correspond to computer sabotage, 800 (17%) to computer espionage, 270 (6%) to grooming, 169 (4%) to phishing, and 30 (1%) to pharming
  • The Policiá de Investigaciones (PDI) also investigated 4,124 cases of sexual exploitation of minors through the internet in 2019


  • 56,000 cases of cybercrime investigated by the government/police in 2020–5 percent less than those reported in 2019 (59,000)
  • 6,524 cases of infringement of citizens’ personal information were investigated (over 30 percent more than 2019), 1,782 cases of hacking and new technology crimes in 2020
  • In 2019, there were more than 8,200 cases related to online gambling, 5,000 to the infringement of citizens’ personal information, 3,300 to online obscenity and pornography, and 2,200 to hacker attacks and sabotage
  • 2019 reports also suggest that over 100 key sources were wiped out, taking 468 million pieces of personal information with them. These cases relate to infringements of citizens’ personal information, online routine loans, false investment fraud, and candid photography and photography


  • 45,104 cybercrime cases in 2020–a net increase of 89 percent on 2019
  • 37,000 of the cases were reported from March to December, suggesting the COVID-19 pandemic led to the vast increase in cases
  • 5,440 cases related to phishing which was a 303 percent increase on 2019’s figures
  • 9,487 cases related to the violation of personal data (leakage and theft)–a 174 percent growth from 2019
  • Over 16,000 cases related to theft by computer means–a 37 percent growth from 2019. The most common method was the theft of online banking log-ins

Costa Rica

  • 2,035 cases relating to computer crimes in 2019–a 33 percent increase on 2018’s figures (1,531)
  • The majority related to scams (647 or 32%) and identity theft (577 or 28%)
  • Reports suggest that the level of scams increased by 20 percent to 777 and the level of identity thefts by over 11 percent to 643
  • By May 2020, there had been 624 cases reported–a 2 percent increase on the same time period of 2019 when 612 cases had been reported. While computer scams had decreased, the spreading of false information had increased by 40 percent while impersonation had increased by 9 percent. Computer espionage cases also leaped by 367 percent from 9 cases from January to May 2019 to 42 cases from January to May 2020
  • In San José, losses of CRC 500 million (USD 805,000) were reported to have been lost to telephone or computer scams by the beginning of May 2020

Côte d’Ivoire

  • 4,505 cases/complaints were handled by the Platform for Combatting Cybercrime alongside the national police–an increase of nearly 58 percent from 2,860 in 2018
  • The financial loss of these cybercrime cases was estimated at FCFA 4,919,102,133 (USD 8.9m)–a decrease of 12 percent from FCFA 5,595,075,998 (USD 10.1m) in 2018
  • In 2018, 19 percent concerned mobile money, 14 percent related to identity theft, and 13 percent concerned threats/harassment/defamation


  • 1,188 cases recorded in 2020–a 59 percent decrease on 2019’s figures (2,930)
  • In 2019, 61 percent of cases (1,785) related to computer fraud and 32 percent of cases (946) to computer forgery


  • 8,417 cases reported in 2019–a 24 percent increase from 2018 (6,815)
  • Fraud is the most commonly reported case (no figures given) and 11 percent (930) related to hacking


  • 29,905 IT-related financial crimes were reported in 2020–an 11 percent increase from 2019’s figures (26,923)
  • Commercial fraud accounted for the highest portion (42 percent) of crimes reported with 12,706 in total. Of these, 9,933 (78 percent) related to physical goods, 2,029 (16 percent) to tickets, and the remainder to housing rentals and virtual effects. Facebook (primarily its Messenger service) was the most common platform used
  • A recent victim survey suggests approximately 74 percent of victims do not report commercial fraud to the police. This study also found that those unreported cases see losses of less than DKK 2,999 (USD 479) in 87 percent of cases. In 32 percent of cases, this figure was less than DKK 499 (USD 79.70)


  • 10,279 cases reported in 2019–a 7.4 percent increase on 2018 (9,571) and a 22 percent increase on 2017 (8,421)
  • Nearly half (4,607) of the cases reported in 2019 related to identity theft, followed by the forgery and use of a false document (3,231) and fraudulent appropriation by electronic means (1,451) – similar proportions also witnessed in the 8 months of 2020 covered
  • Latest figures show 5,048 computer crimes reported in 2020 from January to August, suggesting a lower figure than 2019 if the trend continued


  • 19,884 cybercrimes reported in 2020
  • Just under 15,000 cases of online fraud were reported to the police in 2019–an increase of around 3,000 (25 percent) from 2018. 14,800 cases had also been reported by the end of Q3 2020, placing estimates at 20,000 for 2020
  • Over 4,022 cases of identity theft were reported in 2019
  • By the end of October 2020, the amount lost to online fraud stood at more than €20 million ($23.7 million)


  • 67,890 cybercrimes reported in 2018
  • The majority of these (75 percent) were fraud


  • 108,474 cases of cybercrime reported in 2020–an 8 percent increase on 2019 (100,514)
  • In 2020, 82,761 (76.3%) related to computer fraud, 10,895 (10%) related to counterfeit data/data processing, 3,770 related to data and computer sabotage (3.5%) and 10,763 (10%) relate to spying on data
  • Total damage recorded in 2019 to computer fraud and the abusive use of telecommunication services (the exploitation of gaps or weak processes in telephone systems or routers) was €88 million ($104.3 million). This was a 43 percent increase on 2018’s figure of €61.4 million. In 2019, there were 78,201 cases of computer fraud and 327 cases of abusive use of telecom services


  • 11,550 cases from October 2019 to October 2020
  • Loses to cybercrime in Ghana were reported to be around USD 9.8 million in 2018 and USD 105 million in 2019–a year-on-year increase of more than 971 percent
  • The Bank of Ghana recorded 114 cyber/email fraud cases in 2019–a 34 percent decrease on 2018 (174)
  • The Bank of Ghana reported losses of 50.54 million GH¢ (USD 8.5m). Almost 72 percent of the money was successfully recovered, meaning actual losses of 14.31 million GH¢ (USD 2.4m)


  • 410 cybercrimes reported from January to June 2020
  • 117 of these cases (28.5%) related to cyber abuse

Hong Kong

  • 12,916 cybercrimes reported in 2020, rising by 55 percent from 2019 (8,322)
  • Included within the reports were 6,678 reports of internet shopping fraud (an increase of over 200 percent from 2,194 in 2019) and 905 cases of online romance fraud (almost double the figure in 2019)
  • The amount lost to these crimes in 2020 reached HKD 2.96 billion (USD 380.9m USD)
  • HKD 120 million (USD 15.4m) was lost to internet shopping fraud in 2020–an increase of 350 percent from 2019 (HKD 27.3m)
  • HKD 212 million (USD 27.3m) was lost to romance scams in 2020


  • 44,546 cybercrimes reported in 2019–a 58 percent increase from 2018 (28,248)
  • Identity theft made up the highest percentage (27.5%) of the crimes with 12,255 cases in total
  • Fraud also made up a large portion (14%) of cases with 6,233 in total. Of these, 2,903 (33.6%) were online banking fraud and 2,067 (33.2% were ATM fraud)
  • The above appears to be a fraction of the cases, however. 18 months after setting up the National Cyber Crime Reporting Portal on August 30, 2019, for citizens to report all types of cybercrime incidents online, 317,439 cybercrime incidents had been submitted. From this 5,771 First Information Reports (FIRs) were created. These are handled by state and national law enforcement agencies (and may cross over with the figures above)
  • Rs 1.25 lakh (USD 1,675) lost, on average, to Indian IT companies in 2019
  • A further 394,499 cybersecurity incidents were reported in 2019


  • 2,259 reports of cybercrime to the national police in 2020–a 50.7 percent decrease from 2019 (4,586)
  • 12,197 additionally reported through the cybercrime unit–a 745 percent increase from 2019 (1,443)
  • The largest proportion (54%) of all these cases relate to fraud (7,773 cases in total)
  • 1.12T IDR (USD 76.89m) lost in 2020 (to the crimes reported through the cybercrime unit)–a 2,160 percent increase on the 49.55bn IDR (USD 3.4m) lost in 2019


  • 529 cases were opened by the Guarda National Cyber Crime Bureau in 2019, with an additional 405 cases being closed in the same year (no comparison to 2018 available)
  • The majority of cases (295) related to child pornography–a 19 percent increase on 2018’s figures (248)
  • OSAC suggests the Irish government has yet to report fully on the extent of cybercrime in the country


  • 14,300 reports of cyber incidents were reported in 2020 with approximately 9,100 of these being verified–a 50 percent increase from 2019
  • 60 percent of the crimes (around 5,460) that were verified related to hacking of social media accounts


  • 26.8 cybercrimes were reported per 100,000 people in 2019. With a population of 60.36m in 2019, this equates to around 16,177 crimes
  • The rate reported in 2018 was 22 per 100,000 people. With a population of 60.48 million in 2018, this equates to around 13,306 crimes


  • 9,875 cybercrimes recorded in 2020–a 4 percent increase from 2019 (9,519)
  • 609 related to unauthorized computer access, 563 to crimes relating to electromagnetic records, 2,015 to child prostitution and porn, and 1,297 to frauds
  • 887 cases in 2020 related to the coronavirus pandemic, including fraud and suspicious emails/sites


  • 9,500 cases registered in 2020–a 27 percent increase from 2019 (7,500)


  • 14,000 crimes committed in 2020, with a further 1,700 registered in January 2021
  • Fraud accounts for 10 percent of all crimes


  • Some estimates suggest there are as many as 3,000 cybercrimes committed in Kenya each month, putting yearly figures in the region of 36,000
  • However, the national Computer Emergency Response Team (CERT) was asked to help in 1,179 cases throughout 2020. Impersonation is often the most reported crime
  • KSh18 billion (USD 160m) lost to cybercrime in 2016, KSh21 billion (USD 190m) lost in 2017, and an estimated KSh31.9 billion (USD 295m) in 2018. This is a 16.7 percent increase from 2016 to 2017 and a 47.6 percent increase from 2017 to 2018
  • BEC scams are noted as the most popular way to defraud businesses


  • 3,300 cases of cybercrime were recorded in 2020–a 27.5 decrease on 2019’s figure (4,550)
  • 750 cases have also been recorded in the first quarter of 2021


  • 4,330 cybercrime incidents were reported in 2020–a 34 percent increase from 2019’s figures (3,241)
  • Malware was the highest reported incident (1,966) followed by phishing (962)


  • Over 1,500 cybercrimes recorded in 2020


  • 531 cases reported in 2020–a 96.7 percent increase from 2019
  • Credit card online consumption saw the biggest increase (251.3%) but online dating fraud saw a decrease (17.3%)


  • 14,229 cybercrime cases were reported to the Royal Malaysian Police (PDRM) in 2020–a 20 percent increase from 2019’s figures (11,875)
  • Losses from these crimes amounted to RM 498 million ($118 million USD) in 2020–a 21 percent increase from 2019’s recorded amount of RM 413 million ($98 million USD)
  • As of the end of March 2021, 4,327 cybercrimes had been reported
  • 10,790 cybercrimes were also reported to CERT in 2020–a marginal increase of 0.16 percent from 10,772 (some of these cases may be included in the PDRM’s figures as they may be referred to them)
  • Of the crimes reported, 7,593 (70.4 percent) related to fraud
  • As of June 2021, 5,737 cybercrimes have been reported to CERT


  • 1,091 cybercrime cases were reported in 2018–a 42.6 percent increase from 2017 (765)


  • 780 cybercrimes reported in 2018–a 41.8 percent increase from 2017 (550)

The Netherlands

  • 10,770 cybercrimes reported in 2020–a 128.4 percent increase from 2019 (4,715)
  • 7,317 registered in the first half of 2021 suggesting an even higher rate of cybercrimes will be recorded this year
  • 25,590 data breach complaints were also reported to the Dutch Data Protection Authority in 2020–an 8 percent decrease from 2019 (27,850)

New Zealand

  • 7,809 incidents reported to CERT in 2020–a 65 percent increase from 2019 (4,740)
  • Phishing and harvesting made up the most reports with 3,410 in total (43.7 percent), followed by scams and fraud reports (1,920 or 24.6 percent) and malware reports (1,560 or 19 percent)
  • 14 percent of reports suffered financial loss, with a total value of NZD 16.9 million (USD 11.7 million)
  • Scams and fraud accounted for nearly NZD 12 million (USD 8.31 million) of these losses. Almost NZD 5.4 million (USD 3.74 million) was lost to falsified or unauthorized money transactions, more than NZD 2.4 million (USD 1.66 million) was lost to scams when donating, buying, or selling goods online, and nearly NZD 1.5 million (USD 1.04 million) was lost to scams about business opportunity or employment offers


  • Over 94,500 complaints regarding online crimes were registered in 2020–a 96 percent increase on 2019’s figures (48,301)
  • 22,256 complaints (23.6 percent) related to harassment and 44,481 (47 percent) to fraud


  • 156 cybercrimes registered in 2020–a 100 percent increase from 2019 (78)
  • During the first quarter of 2021, 204 had already been registered–a 31 percent increase on 2020’s figures in just three months


  • 2,101 reports of cybercrime received in 2020–a 58 percent decrease from 2019 (4,986)
  • 755 related to compromised systems (36%) and 726 to malware (35%)


  • 4,162 cases of cybercrimes were investigated in 2020–a 39 percent increase from 2019’s figure of 2,999
  • 2,615 of these cases (62.8 percent) related to fraud–an increase of over 25 percent from 2019 (2,085). Identity theft more than doubled, too, rising from 247 to 572

The Philippines

  • 4,852 cybercrimes were registered from January to November 2019–an 18 percent increase on 2018’s figures (which covered the entire year). 4,103 cybercrime cases were investigated in 2018, which was nearly 80 percent higher than the 2,284 cases of 2017
  • In 2019, the majority of cases (24 percent) related to online libel with 1,166 reported in total. This was closely followed by scams (1,016), photo and video voyeurism (615), identity theft (466), and online threats (394)
  • From March to October 2020, 869 online scam cases had been reported, suggesting the figure would be higher than previous years


  • Nearly 55,000 cybercrimes were reported in 2020 in total, almost double the figure that was reported four years prior
  • Ransomware attacks were the most frequently reported attacks


  • 22,076 computer crimes were registered by the national police in 2020–a 22 percent increase on 2019’s figures (18,158)
  • Most of the crimes reported to the police (19,855 or 90 percent) related to fraud
  • 1,418 cases were registered by CERT.PT in 2020–an 88 percent increase on 2019’s figure of 754 (these cases may then be referred to the police).
  • The majority of cases reported to CERT (47 percent), with 663 in total, related to phishing attacks
  • 1,164 cases were reported through the Linha Internet Segura helpline (these cases may then be referred to CERT or the police). This was a 41 percent increase from 2019’s figure of 827
  • The majority of the helpline’s calls pertain to threats or abuse with 15 percent relating to abuse, 4 percent to defamation/injuries, 3 percent to domestic violence, and 3 percent to sextortion

Puerto Rico

  • 1,886 people were victims of cybercrime in Puerto Rico in 2020 which amounted to losses of $13,275,104–a 125 percent increase in victims (839 in 2019) and a 73 percent increase in the amount lost ($7,668,517 in 2019)
  • Average losses per victim were $7,039 in 2020 and $9,140 in 2019. So while cases have gone up, monetary losses (on average) have gone down
  • 572 cases related to various types of fraud, accounting for just over 30 percent of all of the crimes reported to the IC3. Non-payment/non-delivery was the highest reported fraud making up 60 percent of fraud cases
  • The biggest monetary losses were to BEC/EAC scams with just under $7 million lost here. With just 42 victims, that’s an average loss of $166,129


  • 4,874 cybercrimes registered in 2020–a 5 percent increase on 2019’s figures (4,645)


  • 510,396 cybercrimes registered in 2020–an increase of 73 percent from 2019 (294,409)
  • Fraud made up the vast majority of these cases, accounting for 237,074 in total (46 percent), followed by data theft (173,416 cases in total)
  • Cyber attacks are estimated to have cost Russian companies RUB 3.6 trillion (USD 49 billion) in 2020
  • From January to June 2021, 271,145 cybercrimes had been reported


  • 16,117 cybercrime cases reported in 2020, up from 9,349 in 2019–a 72 percent year-on-year increase
  • Cybercrime cases accounted for 43 percent of overall crime in 2020
  • 12,251 cases related to online fraud–a 62 percent increase from the 7,580 cases reported in 2019
  • 47,000 phishing URLs with Singaporean links were also detected in 2020


  • 2,733 cybersecurity incidents investigated in 2019–a 12 percent increase from 2018’s figure (2,431)
  • Fraud was the highest reported cybercrime with 1,840 cases in total (67 percent). Included in this is 435 cases of phishing and 291 cases of extortion
  • The average intrusion damage into business communication cost €65,000 ($76,766) with a maximum of €200,000 ($236,000)
  • The average loss to fraud by prepayment was €4,700 ($5,550) and €520 ($614) to online shopping fraud
  • One extortion virus attack resulted in a loss of €2.4m ($2.83m)

South Korea

  • 180,499 cases of cybercrime reported to the police in 2019–an increase of 21 percent on 2018’s figures (149,604)


  • 218,302 cybercrime cases registered in 2019–a 36 percent increase from 2018’s figures (160,729)
  • 88 percent of the cases (192,375) related to fraud. A further 6 percent (12,782) related to threats and coercion
  • The age group with the largest percentage of victims (32 percent) was 26 to 40 years old

Sri Lanka

  • 16,376 cybercrimes reported in 2020–an increase of nearly 360 percent from 2019 (3,566)
  • 15,895 of those reported related to social media crimes–an increase of nearly 500 percent from 2019 (2,662). CERT suggests this could be due to the increased use of these platforms during the pandemic


  • 24,398 cybercrimes reported to the police in 2020. Of these, the majority (56 percent) related to fraud. With 13,613 cases of digital fraud, cybercrimes accounted for 70.4 percent of all fraud crimes
  • 10,694 cyber incidents recorded by the National Cybersecurity Center in 2020
  • 5,855 of these crimes (55 percent) also related to fraud


  • 2,334 seizures related to cybercrime were registered in 2020


  • 256 cybercrimes reported in 2020–a 3 percent increase on 2019’s figures (248)
  • Fraud accounted for the most cases with 59 in total (23 percent), followed by false pretenses with 38 cases (15 percent)
  • Cybercrimes led to a loss of UGX 15,949,236,000 (USD 4.49m) in 2020. UGX 7,720,000 (USD 2,173) was recovered

United Arab Emirates

  • 25,000 cybercrimes were reported to Dubai Police in 2020–a 79 percent increase from 2019 (14,000)
  • UAE residents are directed toward to report crimes, which is where the above figures are derived from

United Kingdom

  • Action Fraud received 875,622 fraud reports in 2020/21. 80 percent of reports are cyber-enabled, giving us an approximate figure of 700,498 online fraud crimes committed in 2020/21. This is a marginal increase (0.22 percent) on the figures reported in 2019/20 (822,276 reports were received in total but 85 percent were cyber-enabled)
  • In 2020/21, 103,254 reports related to online shopping and auctions fraud
  • Those aged 20 to 39 reported the highest number of crimes while those aged 50 to 69 lost the most amount of money
  • £2.36bn ($3.3bn) was lost to fraud in 2020/21–80 percent of this equates to £1.88bn ($2.6bn)
  • Action Fraud also received 31,322 cybercrime reports–a 15 percent increase from 2019’s figures (27,187)
  • The majority of cybercrimes reported in 2020/21 related to hacking social medial and email accounts–13,271 or 42 percent of the crimes reported
  • £9.6m ($13.4m) was lost to cybercrimes in 2020/21–a 78 percent increase from 2019’s figures (£5.4m)
  • £3.4m ($4.7m) was lost to hacking (extortion), £2.6m ($3.6m) to hacking (social media and email), and £1.7m ($2.4m) to computer virus/malware/spyware

United States

  • 791,790 cybercrime complaints were received in 2020–a 69 percent increase from 2019’s figures (467,361)
  • Phishing/vishing/smishing/pharming accounted for the largest chunk of these complaints (241,342)–30 percent of the total. This was followed by non-payment/non-delivery which accounted for 14 percent of the total (108,869)
  • $4.2 billion lost to these cybercrimes in 2020–a 20 percent increase on 2019’s figure ($3.5 billion)
  • BEC/EAC scams saw the most money lost, accounting for around 45 percent of the total losses with $1.87 billion in total


  • 2,798 cyber incidents reported in 2020–a 26 percent increase on 2019’s figures (2,217)
  • The majority of cases (30.7 percent) related to improper access to computer systems, closely followed by malware (30.5 percent)


  • 1,156 complaints of identity theft, fraud, and cybercrime in 2019–a 43 percent increase from 2018

Data researchers: George Moody, Rebecca Moody