Cybercrime is predicted to cost the world $10.5 trillion USD in 2025, according to Cybersecurity Ventures.
If it were measured as a country, then cybercrime would be the world’s third largest economy after the U.S. and China. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.
Global cybercriminal activity has grown so large that, after years of rapid expansion, Cybersecurity Ventures believes the sector’s sheer economic weight will see growth plateau at 2.5 percent annually through 2031, at which point cybercrime will cost the world $12.2 trillion annually.
“Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, reputational harm, legal costs, and potentially, regulatory fines, plus other factors” said Steve Morgan, founder of Cybersecurity Ventures.
As nation-state and cybercriminal gangs steal cryptocurrency and tap new technologies like generative AI (GenAI) to refine their attacks, there is only so much money to steal.
That means it’s getting harder for cybercriminal enterprises to continue scaling their takings, with new attack techniques evolving but organizational structures also evolving to protect the sector’s momentum in the face of increasing scrutiny by law enforcement authorities.
Cybercriminals have proved resourceful in adapting to the changing enforcement environment, however: “Based on the inconsistent laws and difficulty in prosecuting, cybercrime unfortunately is easy to commit and very hard, if not impossible, to stop,” said Dr. Eric Cole, a former CIA hacker and founder of cybersecurity consultancy Secure Anchor.
Because it largely relates to financial losses suffered by companies and individuals well outside of our own worldviews, Cole refers to cybercrime as a “silent killer”.
“The problem in cybersecurity is that we’ve never had numbers,” he told Cybercrime Magazine. “It has always been a problem, but it wasn’t visible. By monetizing it, and when you go in to say that it’s a trillion dollar problem, that wakes people up [and they realize] that it is happening.”
Cybercrime Magazine’s annual report will delve into the growth and structure of cybercrime’s significant global economic force – a self-sustaining human enterprise that, by transcending borders and flaunting the international laws that bind even conventional hostile nation-states, has become one of the biggest threats the world economy has ever known.
2025 Official Cybercrime Report
To understand the magnitude of the modern cybersecurity threat, it’s instructive to think of the global cybercrime industry as a country. Let’s call this rogue state Cyber Rica.
With gross domestic product (GDP) of $10.5 trillion this year, Cyber Rica’s economy is one-third of that of the U.S. – whose GDP this year will be around $30 trillion – and two-thirds as large as that of China, with GDP of $19.2 trillion.
Third-place Germany, by contrast, will have a GDP of around $4.7 trillion this year – meaning that in 2031, the residents of Cyber Rica will be collectively stealing and causing harm that equals the GDPs of Germany, India ($4.2 trillion), and Japan ($4.2 trillion) combined.
That’s $386,000 worth of harm caused by cybercriminals per second – up from $333,000 per second in 2025 – or a monthly impact of $1 trillion, which is more than the GDP of all but the world’s 19 largest countries.
For any other country, such accumulation of wealth would be a laudable achievement – but the massive amount of money at play in Cyber Rica comes at the expense of the citizens and businesses of other countries, who face relentless and unceasing assault from crypto scammers, data-scraping botnets, credential theft, identity theft, card theft, and the outright extortion that once-straightforward ransomware has now become.
The citizens of Cyber Rica, in other words, are leeches – taking from the world’s other residents but giving nothing back.
Cybercriminals are still up to their old tricks
Although cryptocurrency has begun to rival the time-honored U.S. dollar as a way of facilitating illegal cross-border activities in the real world, its use in such activities is only part of the broader Cyber Rican economy – which owes a large portion of its GDP to time-tested revenue earners that continue to steer rivers of gold into the coffers of cybercriminal enterprises.
Verizon’s 2025 Data Breach Investigations Report (DBIR) shed some light on just how these funds are being secured, noting that cybercriminals became significantly more aggressive over the past year –with system intrusions accounting for 53% of analyzed data breaches, up from 36% the year before.
Web application attacks were also up, from 9% to 12% of breaches, while – in a surprise finding that likely reflects cybercriminals’ increasing proficiency in identifying and exploiting vulnerabilities in cloud platforms and application s – social engineering was actually down year on year, from 22% of breaches to 17%.
Today’s cybercriminals, in other words, will still happily track and trap their victims via social media but they are increasingly happy to forego the niceties and use other techniques to go straight where the money is, with ransomware surging 37% year-on-year.
A breakdown of the methods cybercriminals are using shows many of the old favorites – credential abuse was involved in 22% of breaches, while vulnerabilities were exploited in 20 percent and phishing used in 16% of breaches.
That said, the DBIR flagged a decline in the amount of the average ransomware payment – from $150,000 to $115,000 – and an increase in the proportion of companies that refuse to pay ransoms, up from 50% to 64% last year.
Significantly, Verizon noted a 17 % year-on-year surge in the proportion of espionage breaches driven by state-sponsored actors who were also noted to have financial motives in around 1 in 4 incidents – suggesting that threat actors are “double-dipping to pad their compensation” in a move that would also boost the GDP of Cyber Rica.
Breaches are becoming more expensive
Cyber breaches also causing significant damage in the process: the latest IBM-Ponemon Institute Cost of a Data Breach report found that the average cost of a data breach increased by 10 percent between 2023 and 2024, to $4.88 million on average.
New technologies further complicate the agenda
Even as industry watchers trace cybercriminals’ footsteps across the world, new technologies have complicated the chase – with GenAI, in particular, proving to have done exactly what pundits feared it would do: help cybercriminals craft and execute better, more convincing, and more personalized campaigns than ever before.
Security researchers have, unsurprisingly, uncovered growing evidence that cybercriminals are using genAI tools to improve the efficiency and yield of their campaigns – with Check Point Research’s recent AI Security Report 2025 flagging the use of the technology for malicious activities like AI-enhanced impersonation and social engineering, LLM data poisoning and disinformation, AI-created malware and data mining, and the weaponization and hijacking of AI models on which built-in safety controls have been disabled.
(Source: cybersecurityventures)