Cybercrime & Cybersecurity Statistics for the US & UK

Experts predict the estimated cost of cybercrime will increase by around 70% between 2024 and 2029, eventually costing businesses worldwide around $15.83 trillion by 2029 (Statistica). Among the various types of cyber attacks, ransomware attacks are the most frequently detected, accounting for around 70% of all incidents (Statistica). This demonstrates the widespread and severe challenge of cyber threats that businesses and individuals around the world must contend with. These incidents often lead to substantial financial losses, reputational damage, and significant operational disruptions.

This article examines the latest statistics on cybersecurity threats in the UK and the US, exploring costs, methods, emerging trends, and discovering the prevalence of these types of crimes.

Cybersecurity statistics: Editor’s picks

• 75% of cyber attacks in 2023 began from data theft (CrowdStrike). 
• UK businesses encounter a new cyberattack every 44 seconds. That’s 5% more this year than in the same period of 2023, where companies experienced 180,714 attacks each between April and June (Beaming). 
• Over 32 million phishing emails have been reported to the Suspicious Email Reporting Service (SERS) of Action Fraud, the UK’s national fraud center (Action Fraud).
• About 1 in 5 consumers fell victim to scams, particularly phishing links (Norton).  
• The average cost of the most disruptive breach or attack at medium and large UK businesses is £10,830 (UK Government cyber security breaches survey 2024). 
• The US has the highest data breach costs of all countries worldwide, averaging $9.48 million in 2023-24 (Statistica). 
• 59% of US businesses do not have any cyber insurance coverage whatsoever (Insurance Information Institute). 

Global cybercrime statistics: how many cyber attacks happen per day worldwide?

Increasingly often, we hear about large companies having their data breached in the news. But just how regularly do these types of attacks take place? And what does this look like in the US vs the UK?

• More than 450,000 new pieces of malware are detected every day worldwide (AV-TEST). 
• Around 6 billion malware attacks were detected worldwide in 2023 (Statistica). 
• By 2031, a ransomware attack will occur on a business, consumer, or device every two seconds (Cybersecurity Ventures). 

How common is cybercrime in the UK?

Do cybercrimes occur regularly in the UK? How often are they reported? And what’s the average financial loss of a cybercrime victim? Here’s everything you need to know:

• The UK government’s most recent report estimates that in 2023-24, UK businesses experienced approximately 7.78 million cybercrimes of some form. 
• This means that on average in 2023-24, UK businesses were targeted by an average of 21,315 cyber attacks a day. 
• Even still, the year ending September 2023 saw approximately 898,000 reports of computer misuse* in England and Wales (up 30% from 690,000 in 2022) (Office of National Statistics). 

*A Computer Misuse Offense refers to the deliberate or reckless obtaining, disclosing, procuring and retention of personal data without the consent of the data controller (Crown Prosecution Service)

Cybercrime attacks on individuals in the UK

As well as targeting businesses, many cyberattacks also target individuals, taking the form of phishing emails, malware-laden attachments, and social engineering tactics designed to steal personal information, financial data, or identities. Our analysis of cyber-enabled crime data from Action Fraud (the UK’s national reporting center for fraud and cybercrime) found that:

• From June 2022 to May 2023, there were 200,000 reports of cyber-enabled crimes on individuals in the UK.

• These crimes resulted in financial losses of over £890 million (an average of £4,500 per individual).

• The most common type of cyber attack reported to Action Fraud by individuals between June 2022 and May 2023 were consumer fraud (50.5%), advance fee fraud (17.9%), and banking fraud (11.1%).

• 20-29 year-olds were the most likely to file reports of cybercrimes, with more than 1 in 5 people in this age group (20.4%) making a report of some kind.

Repeat cyber attacks

Our analysis of data from the Crime Survey for England and Wales found that many individuals who fall victim to cyber attacks do so on multiple occasions. In fact:

• When it comes to individuals who’ve had their personal information breached or hacked by an unauthorized person, 10% experience this again 2, 3, or 4 times, and 2% experience this on 5 or more occasions.

• A similar story can be seen with cyber attacks in the form of computer viruses, with 12% of victims experiencing repeat offenses 2, 3, or 4 more times after the initial attack.

Cybercrime attacks on UK businesses: the statistics

How many UK businesses are affected by cybercrime? And what impact does this have? Our research found:

• The government’s most recent report revealed that in 2024, nearly a quarter of businesses (22%) and 14% of charities experienced data breaches or attacks.
• Medium and large businesses were found to be the worst affected (45% and 58%, respectively).

• The average cost of the most disruptive breach or attack was also highest amongst medium and large businesses, averaging £10,830.
• The most common form of cyber attack on UK businesses in 2023-24 is phishing, with 90% of businesses who experienced cybercrime reporting incidents of this nature.

How common is cybercrime in the US?

So how about the United States? What impact has cybercrime had on businesses and individuals across the country? Let’s jump straight into the numbers:

• According to IBM’s latest Cost of Data Breach report, in 2023, the United States had the highest data breach costs of all counties worldwide for the 13th consecutive year.
• This averaged $9.48 million (up 0.4% from the previous year), and was followed by the Middle East, Canada, Germany, and Japan.
• Interestingly, though, according to Coveware, the percentage of ransomware attacks that resulted in the victim paying dropped to a record low of 34% in Q2 of 2023.

Cybercrime attacks on individuals in the US

Although they tend to be on a much smaller scale, cybercrimes against individuals can have a significant emotional impact. The fear of identity theft, loss of personal data, and frustration of dealing with compromised accounts can really take its toll. But just how much are people in the US affected by these types of attacks?

• A survey conducted on behalf of Anomali by The Harris Poll found that over a fifth of US adults (21%) have experienced a ransomware attack on a personal and/or work device.
• Amongst those who experienced an attack on a work device, 46% say their company paid the ransom. 
• The survey found that just 51% of US adults believe the government is effectively addressing the issue of cybersecurity.
• And that 61% would support a federal income tax increase to help fund government efforts to defend against cyberattacks.

Cybercrime on US businesses and organizations: the statistics

Now let’s talk business. Just how many US businesses have been subject to cyber attacks? And what impact does this have?

• Emsisoft’s The State of Ransomware in the U.S. report revealed that in 2023 alone, 141 hospitals, 108 school districts, and 95 government entities were directly impacted by ransomware, alongside thousands of private sector businesses.

*Hospital systems are comprised of multiple hospitals and school districts of multiple schools. The total number of hospitals and schools impacted is explained in the sector-specific sections below.

• One of the most recent, largest-scale data breaches in the US was that of the State of Maine, who suffered a data breach in May 2023 that led to the loss of over a million citizens’ data.
• The US healthcare sector has also been affected by many instances of cybercrime, with 46 individual ransomware attacks in 2023 (CNN). 
• Change Healthcare was the victim of a ransomware attack in April 2024, with an initial ransom of $22 million in Bitcoin. It is estimated that more than 90% of 70,000 pharmacies across the United States were compromised. This prompted Senators Elizabeth Warren, Bill Cassidy, and Richard Blumenthal to release a public demand to the Cybersecurity and Infrastructure Security Agency (CISA) to reveal their plans to prevent further attacks. 

NationalPublicData.com hack 

Recently, reports have come out of a cybersecurity incident involving the National Public Data, an online background check and fraud prevention service in the United States. It is alleged that a cybercriminal group, USDoD, instigated the data leak, which exposed the personally identifiable information (PII), such as Social Security Numbers, names, and addresses, of around 2.9 billion people. The ransom was set for $3.5 million, but has since been offered for free in a dark web forum.       

This has naturally sparked outrage for billions of people whose PII have now been compromised. As of the time of writing, there is a now a class action lawsuit from law firm, Schubert, Jonckheer & Kolbe. 

Are businesses prepared to defend against cybersecurity threats?

In 2022, BlackBerry and Corvus Insurance surveyed 415 IT and cybersecurity business decision-makers in North America and Canada, to find out more about how prepared they were to defend their business’ cybersecurity. The survey found:

• 45% of businesses do not have any cyber insurance cover whatsoever.

• Of those who do have coverage, more than a third (37%) aren’t covered for ransomware payments.

• Even amongst businesses that do have ransomware payment coverage, just 1 in 5 (19%) have limits greater than the median ransomware demand of $600,000.

• This figure drops even lower for SMBs with fewer than 1,500 employees (14%).

Most common types of cyber attacks

Given that so many individuals and businesses choose not to report incidents of cyber attacks to the authorities, it can be extremely difficult to determine just how often they occur and which types happen most frequently.

But as we all know, when most of us (especially us tech heads) are unsure of something, what do we do?… That’s right, Google it! Therefore, we headed over to our trusty search volume analysis tool Keyword Finder to do some digging into which types of cyber attacks are Googled most often.

Note: It’s important to note that although people are searching for these terms, it doesn’t necessarily mean they’ve been targeted by these scams. They may simply be wishing to find information on the topic. 

Most-searched cyber attack types in the US

• Our analysis found that in the US, the most-Googled type of cybersecurity threat in 2024 is phishing, with an average of 75,600 searches made for the term every month.
• This is followed by denial of service (40,200) and malware (38,700).
• With ransomware (30,800) and spoofing following close by (27,100).

Top 10 most-Googled types of cyber attacks in the US (as of April 2024)

Most-searched cyber attacks in the UK

• Phishing is also the most-searched form of cyber threat in the UK, averaging 22,200 monthly searches.
• However, malware is the second-most searched (15,100), followed by ransomware (9,900).
• Closely behind are denial of service (9,600) and spoofing (5,200).

Top 10 most-Googled types of cyber attacks in the UK (as of April 2024)

Most widespread branded scams

One of the most convincing ways hackers or cyber scammers succeed in tricking companies and individuals is by posing as brands they trust. This can take many forms, from texts pretending to be your energy provider to emails from a social media site or streaming platform you use on a regular basis. But which of these are most common?

To find out, we used the Keyword Finder tool once more to analyze searches for scams relating to some of the UK and US’ biggest brands.

Biggest branded scams in the US

• According to our analysis, the most-searched branded scam in the US is Facebook Marketplace, with 18,100 searches being conducted for the term on a monthly basis.
• This is followed by PayPal scams (14,100), Facebook (8,600) and Amazon (6,600).

Biggest branded scams in the UK

• Back across the pond in the UK, the most-searched branded scam is also Facebook marketplace, receiving an average of 8,800 searches per month.
• PayPal appears second once again (4,600), whilst Royal Mail comes in third with 4,300 average monthly searches.

How NinjaOne keeps your data secure from cybersecurity threats

NinjaOne’s #1 RMM software solution has built-in tools that improve your endpoint security in a single pane of glass. With its platform, you can easily manage applications, remotely edit registries, deploy scripts, and, most importantly, immediately detect and remediate vulnerabilities and threats. 

If you’re ready, request a free quote, sign up for a 14-day free trial, or watch a demo.