/
/

Cybercrime & Cybersecurity Statistics for the US & UK

A graphic with an illustration of a red exclamation mark over a map representing Cybercrime & Cybersecurity Statistics for the US & UK

Experts predict the estimated cost of cybercrime will increase by around 70% between 2024 and 2029, eventually costing businesses worldwide around $15.83 trillion by 2029 (Statistica). Among the various types of cyber attacks, ransomware attacks are the most frequently detected, accounting for around 70% of all incidents (Statistica). This demonstrates the widespread and severe challenge of cyber threats that businesses and individuals around the world must contend with. These incidents often lead to substantial financial losses, reputational damage, and significant operational disruptions.

This article examines the latest statistics on cybersecurity threats in the UK and the US, exploring costs, methods, emerging trends, and discovering the prevalence of these types of crimes.

Secure your reputation and your systems. Learn how to embed a security-first approach into your IT operations. Explore the guide.

Cybersecurity statistics: Editor’s picks

  • 75% of cyber attacks in 2023 began from data theft (CrowdStrike). 
  • UK businesses encounter a new cyberattack every 44 seconds. That’s 5% more this year than in the same period of 2023, where companies experienced 180,714 attacks each between April and June (Beaming). 
  • Over 32 million phishing emails have been reported to the Suspicious Email Reporting Service (SERS) of Action Fraud, the UK’s national fraud center (Action Fraud).
  • About 1 in 5 consumers fell victim to scams, particularly phishing links (Norton).  
  • The average cost of the most disruptive breach or attack at medium and large UK businesses is £10,830 (UK Government cyber security breaches survey 2024). 
  • The US has the highest data breach costs of all countries worldwide, averaging $9.48 million in 2023-24 (Statistica). 
  • 59% of US businesses do not have any cyber insurance coverage whatsoever (Insurance Information Institute). 

Global cybercrime statistics: how many cyber attacks happen per day worldwide?

Increasingly often, we hear about large companies having their data breached in the news. But just how regularly do these types of attacks take place? And what does this look like in the US vs the UK?

  • More than 450,000 new pieces of malware are detected every day worldwide (AV-TEST). 
  • Around 6 billion malware attacks were detected worldwide in 2023 (Statistica). 
  • By 2031, a ransomware attack will occur on a business, consumer, or device every two seconds (Cybersecurity Ventures). 

How common is cybercrime in the UK?

Do cybercrimes occur regularly in the UK? How often are they reported? And what’s the average financial loss of a cybercrime victim? Here’s everything you need to know:

  • The UK government’s most recent report estimates that in 2023-24, UK businesses experienced approximately 7.78 million cybercrimes of some form
  • This means that on average in 2023-24, UK businesses were targeted by an average of 21,315 cyber attacks a day. 
  • Even still, the year ending September 2023 saw approximately 898,000 reports of computer misuse* in England and Wales (up 30% from 690,000 in 2022) (Office of National Statistics). 

*A Computer Misuse Offense refers to the deliberate or reckless obtaining, disclosing, procuring and retention of personal data without the consent of the data controller (Crown Prosecution Service)

Cybercrime attacks on individuals in the UK

As well as targeting businesses, many cyberattacks also target individuals, taking the form of phishing emails, malware-laden attachments, and social engineering tactics designed to steal personal information, financial data, or identities. Our analysis of cyber-enabled crime data from Action Fraud (the UK’s national reporting center for fraud and cybercrime) found that:

  • From June 2022 to May 2023, there were 200,000 reports of cyber-enabled crimes on individuals in the UK.
  • These crimes resulted in financial losses of over £890 million (an average of £4,500 per individual).
  • The most common type of cyber attack reported to Action Fraud by individuals between June 2022 and May 2023 were consumer fraud (50.5%), advance fee fraud (17.9%), and banking fraud (11.1%).

 A bar graph of Cyber Attacks on Individuals Reported by Type (2022-2023)

 

  • 20-29 year-olds were the most likely to file reports of cybercrimes, with more than 1 in 5 people in this age group (20.4%) making a report of some kind.

Repeat cyber attacks

Our analysis of data from the Crime Survey for England and Wales found that many individuals who fall victim to cyber attacks do so on multiple occasions. In fact:

  • When it comes to individuals who’ve had their personal information breached or hacked by an unauthorized person, 10% experience this again 2, 3, or 4 times, and 2% experience this on 5 or more occasions.
Unauthorized access to personal information (including hacking)
Number of times targetedPercentage
Once88
Two, three or four times10
Five or more times2
  • A similar story can be seen with cyber attacks in the form of computer viruses, with 12% of victims experiencing repeat offenses 2, 3, or 4 more times after the initial attack.
Computer virus attacks
Number of times targetedPercentage
Once88
Two, three or four times12
Five or more times0

Number of times victims were targeted by computer hacking (UK 2023)

 

Cybercrime attacks on UK businesses: the statistics

How many UK businesses are affected by cybercrime? And what impact does this have? Our research found:

  • The government’s most recent report revealed that in 2024, nearly a quarter of businesses (22%) and 14% of charities experienced data breaches or attacks.
  • Medium and large businesses were found to be the worst affected (45% and 58%, respectively).
Business sizePercentage that experienced cybercrime in the 12 months leading to April 2024
Micro businesses19%
Small businesses29%
Medium businesses45%
Large businesses58%
  • The average cost of the most disruptive breach or attack was also highest amongst medium and large businesses, averaging £10,830.
  • The most common form of cyber attack on UK businesses in 2023-24 is phishing, with 90% of businesses who experienced cybercrime reporting incidents of this nature.
Type of cybercrimePercentage (of all businesses who reported cybercrimes in 2023-24)
Phishing attacks90%
Hacking10%
Viruses, spyware or malware2%
Ransomware2%
Denial of service attacks1%

How common is cybercrime in the US?

So how about the United States? What impact has cybercrime had on businesses and individuals across the country? Let’s jump straight into the numbers:

  • According to IBM’s latest Cost of Data Breach report, in 2023, the United States had the highest data breach costs of all counties worldwide for the 13th consecutive year.
  • This averaged $9.48 million (up 0.4% from the previous year), and was followed by the Middle East, Canada, Germany, and Japan.
  • Interestingly, though, according to Coveware, the percentage of ransomware attacks that resulted in the victim paying dropped to a record low of 34% in Q2 of 2023.

A chart of All Ransomware Payment Resolution Rates

Cybercrime attacks on individuals in the US

Although they tend to be on a much smaller scale, cybercrimes against individuals can have a significant emotional impact. The fear of identity theft, loss of personal data, and frustration of dealing with compromised accounts can really take its toll. But just how much are people in the US affected by these types of attacks?

  • A survey conducted on behalf of Anomali by The Harris Poll found that over a fifth of US adults (21%) have experienced a ransomware attack on a personal and/or work device.
  • Amongst those who experienced an attack on a work device, 46% say their company paid the ransom. 
  • The survey found that just 51% of US adults believe the government is effectively addressing the issue of cybersecurity.
  • And that 61% would support a federal income tax increase to help fund government efforts to defend against cyberattacks.

Cybercrime on US businesses and organizations: the statistics

Now let’s talk business. Just how many US businesses have been subject to cyber attacks? And what impact does this have?

  • Emsisoft’s The State of Ransomware in the U.S. report revealed that in 2023 alone, 141 hospitals, 108 school districts, and 95 government entities were directly impacted by ransomware, alongside thousands of private sector businesses.

A bar graph showing the number of public sector organisations impacted by ransomware attacks overtime

 

*Hospital systems are comprised of multiple hospitals and school districts of multiple schools. The total number of hospitals and schools impacted is explained in the sector-specific sections below.

  • One of the most recent, largest-scale data breaches in the US was that of the State of Maine, who suffered a data breach in May 2023 that led to the loss of over a million citizens’ data.
  • The US healthcare sector has also been affected by many instances of cybercrime, with 46 individual ransomware attacks in 2023 (CNN). 
  • Change Healthcare was the victim of a ransomware attack in April 2024, with an initial ransom of $22 million in Bitcoin. It is estimated that more than 90% of 70,000 pharmacies across the United States were compromised. This prompted Senators Elizabeth Warren, Bill Cassidy, and Richard Blumenthal to release a public demand to the Cybersecurity and Infrastructure Security Agency (CISA) to reveal their plans to prevent further attacks. 

NationalPublicData.com hack 

Recently, reports have come out of a cybersecurity incident involving the National Public Data, an online background check and fraud prevention service in the United States. It is alleged that a cybercriminal group, USDoD, instigated the data leak, which exposed the personally identifiable information (PII), such as Social Security Numbers, names, and addresses, of around 2.9 billion people. The ransom was set for $3.5 million, but has since been offered for free in a dark web forum.       

This has naturally sparked outrage for billions of people whose PII have now been compromised. As of the time of writing, there is a now a class action lawsuit from law firm, Schubert, Jonckheer & Kolbe. 

Are businesses prepared to defend against cybersecurity threats?

In 2022, BlackBerry and Corvus Insurance surveyed 415 IT and cybersecurity business decision-makers in North America and Canada, to find out more about how prepared they were to defend their business’ cybersecurity. The survey found:

  • 45% of businesses do not have any cyber insurance cover whatsoever.
  • Of those who do have coverage, more than a third (37%) aren’t covered for ransomware payments.
  • Even amongst businesses that do have ransomware payment coverage, just 1 in 5 (19%) have limits greater than the median ransomware demand of $600,000.
  • This figure drops even lower for SMBs with fewer than 1,500 employees (14%).

Most common types of cyber attacks

Given that so many individuals and businesses choose not to report incidents of cyber attacks to the authorities, it can be extremely difficult to determine just how often they occur and which types happen most frequently.

But as we all know, when most of us (especially us tech heads) are unsure of something, what do we do?… That’s right, Google it! Therefore, we headed over to our trusty search volume analysis tool Keyword Finder to do some digging into which types of cyber attacks are Googled most often.

Note: It’s important to note that although people are searching for these terms, it doesn’t necessarily mean they’ve been targeted by these scams. They may simply be wishing to find information on the topic. 

Most-searched cyber attack types in the US

  • Our analysis found that in the US, the most-Googled type of cybersecurity threat in 2024 is phishing, with an average of 75,600 searches made for the term every month.
  • This is followed by denial of service (40,200) and malware (38,700).
  • With ransomware (30,800) and spoofing following close by (27,100).
KeywordAvg. Monthly Search Volume (US)
phishing75,600
denial of service40,200
malware38,700
ransomware30,800
spoofing27,100
smishing24,200
pretexting14,600
vishing14,200
dos attack11,100
insider threat5,100

Top 10 most-Googled types of cyber attacks in the US (as of April 2024)

Most-searched cyber attacks in the UK

  • Phishing is also the most-searched form of cyber threat in the UK, averaging 22,200 monthly searches.
  • However, malware is the second-most searched (15,100), followed by ransomware (9,900).
  • Closely behind are denial of service (9,600) and spoofing (5,200).
KeywordAvg. Monthly Search Volume (UK)
phishing22,200
malware15,100
ransomware9,900
denial of service9,600
spoofing5,200
dos attack3,800
smishing3,800
vishing2,900
pretexting1,800
insider threat840

Top 10 most-Googled types of cyber attacks in the UK (as of April 2024)

Most widespread branded scams

One of the most convincing ways hackers or cyber scammers succeed in tricking companies and individuals is by posing as brands they trust. This can take many forms, from texts pretending to be your energy provider to emails from a social media site or streaming platform you use on a regular basis. But which of these are most common?

To find out, we used the Keyword Finder tool once more to analyze searches for scams relating to some of the UK and US’ biggest brands.

Biggest branded scams in the US

  • According to our analysis, the most-searched branded scam in the US is Facebook Marketplace, with 18,100 searches being conducted for the term on a monthly basis.
  • This is followed by PayPal scams (14,100), Facebook (8,600) and Amazon (6,600).
KeywordAvg. Monthly Search Volume (US)
facebook marketplace scam18,100
paypal scam14,100
facebook scam8,600
amazon scam6,600
instagram scam5,800
microsoft scam2,800
tiktok scam1,400
netflix scam1,400
youtube scam950
dropbox scam390

Biggest branded scams in the UK

  • Back across the pond in the UK, the most-searched branded scam is also Facebook marketplace, receiving an average of 8,800 searches per month.
  • PayPal appears second once again (4,600), whilst Royal Mail comes in third with 4,300 average monthly searches.
KeywordAvg. Monthly Search Volume (UK)
facebook marketplace scam8,800
paypal scam4,600
royal mail scam4,300
vinted scam3,300
facebook scam3,000
amazon scam2,200
microsoft scam1,200
instagram scam1,200
santander scam950
banking scam660

How NinjaOne keeps your data secure from cybersecurity threats

NinjaOne’s #1 RMM software solution has built-in tools that improve your endpoint security in a single pane of glass. With its platform, you can easily manage applications, remotely edit registries, deploy scripts, and, most importantly, immediately detect and remediate vulnerabilities and threats. 

If you’re ready, request a free quote, sign up for a 14-day free trial, or watch a demo.

You might also like

Ready to simplify the hardest parts of IT?