Cybercrime & Cybersecurity Statistics for the US & UK in 2024

Cybercrime & Cybersecurity Statistics for the US & UK in 2024

Experts predict the estimated cost of cybercrime will increase by around 70% between 2024 and 2029, eventually costing businesses worldwide around $15.83 trillion by 2029 (Statistica). Among the various types of cyber attacks, ransomware attacks are the most frequently detected, accounting for around 70% of all incidents (Statistica). This demonstrates the widespread and severe challenge of cyber threats that businesses and individuals around the world must contend with. These incidents often lead to substantial financial losses, reputational damage, and significant operational disruptions.

This article examines the latest statistics on cybersecurity threats in the UK and the US, exploring costs, methods, emerging trends, and discovering the prevalence of these types of crimes.

Cybersecurity statistics of 2024: Editor’s picks

  • 75% of cyber attacks in 2023 began from data theft (CrowdStrike). 
  • UK businesses encounter a new cyberattack every 44 seconds. That’s 5% more this year than in the same period of 2023, where companies experienced 180,714 attacks each between April and June (Beaming). 
  • Over 32 million phishing emails have been reported to the Suspicious Email Reporting Service (SERS) of Action Fraud, the UK’s national fraud center (Action Fraud).
  • About 1 in 5 consumers fell victim to scams, particularly phishing links (Norton).  
  • The average cost of the most disruptive breach or attack at medium and large UK businesses is £10,830 (UK Government cyber security breaches survey 2024). 
  • The US has the highest data breach costs of all countries worldwide, averaging $9.48 million in 2023-24 (Statistica). 
  • 59% of US businesses do not have any cyber insurance coverage whatsoever (Insurance Information Institute). 

Global cybercrime statistics: how many cyber attacks happen per day worldwide?

Increasingly often, we hear about large companies having their data breached in the news. But just how regularly do these types of attacks take place? And what does this look like in the US vs the UK?

  • More than 450,000 new pieces of malware are detected every day worldwide (AV-TEST). 
  • Around 6 billion malware attacks were detected worldwide in 2023 (Statistica). 
  • By 2031, a ransomware attack will occur on a business, consumer, or device every two seconds (Cybersecurity Ventures). 

How common is cybercrime in the UK?

Do cybercrimes occur regularly in the UK? How often are they reported? And what’s the average financial loss of a cybercrime victim? Here’s everything you need to know:

  • The UK government’s most recent report estimates that in 2023-24, UK businesses experienced approximately 7.78 million cybercrimes of some form
  • This means that on average in 2023-24, UK businesses were targeted by an average of 21,315 cyber attacks a day. 
  • Even still, the year ending September 2023 saw approximately 898,000 reports of computer misuse* in England and Wales (up 30% from 690,000 in 2022) (Office of National Statistics). 

*A Computer Misuse Offense refers to the deliberate or reckless obtaining, disclosing, procuring and retention of personal data without the consent of the data controller (Crown Prosecution Service)

Cybercrime attacks on individuals in the UK

As well as targeting businesses, many cyberattacks also target individuals, taking the form of phishing emails, malware-laden attachments, and social engineering tactics designed to steal personal information, financial data, or identities. Our analysis of cyber-enabled crime data from Action Fraud (the UK’s national reporting center for fraud and cybercrime) found that:

  • From June 2022 to May 2023, there were 200,000 reports of cyber-enabled crimes on individuals in the UK.
  • These crimes resulted in financial losses of over £890 million (an average of £4,500 per individual).
  • The most common type of cyber attack reported to Action Fraud by individuals between June 2022 and May 2023 were consumer fraud (50.5%), advance fee fraud (17.9%), and banking fraud (11.1%).

 A bar graph of Cyber Attacks on Individuals Reported by Type (2022-2023)

 

  • 20-29 year-olds were the most likely to file reports of cybercrimes, with more than 1 in 5 people in this age group (20.4%) making a report of some kind.

Repeat cyber attacks

Our analysis of data from the Crime Survey for England and Wales found that many individuals who fall victim to cyber attacks do so on multiple occasions. In fact:

  • When it comes to individuals who’ve had their personal information breached or hacked by an unauthorized person, 10% experience this again 2, 3, or 4 times, and 2% experience this on 5 or more occasions.
Unauthorized access to personal information (including hacking)
Number of times targeted Percentage
Once 88
Two, three or four times 10
Five or more times 2
  • A similar story can be seen with cyber attacks in the form of computer viruses, with 12% of victims experiencing repeat offenses 2, 3, or 4 more times after the initial attack.
Computer virus attacks
Number of times targeted Percentage
Once 88
Two, three or four times 12
Five or more times 0

Number of times victims were targeted by computer hacking (UK 2023)

 

Cybercrime attacks on UK businesses: the statistics

How many UK businesses are affected by cybercrime? And what impact does this have? Our research found:

  • The government’s most recent report revealed that in 2024, nearly a quarter of businesses (22%) and 14% of charities experienced data breaches or attacks.
  • Medium and large businesses were found to be the worst affected (45% and 58%, respectively).
Business size Percentage that experienced cybercrime in the 12 months leading to April 2024
Micro businesses 19%
Small businesses 29%
Medium businesses 45%
Large businesses 58%
  • The average cost of the most disruptive breach or attack was also highest amongst medium and large businesses, averaging £10,830.
  • The most common form of cyber attack on UK businesses in 2023-24 is phishing, with 90% of businesses who experienced cybercrime reporting incidents of this nature.
Type of cybercrime Percentage (of all businesses who reported cybercrimes in 2023-24)
Phishing attacks 90%
Hacking 10%
Viruses, spyware or malware 2%
Ransomware 2%
Denial of service attacks 1%

How common is cybercrime in the US?

So how about the United States? What impact has cybercrime had on businesses and individuals across the country? Let’s jump straight into the numbers:

  • According to IBM’s latest Cost of Data Breach report, in 2023, the United States had the highest data breach costs of all counties worldwide for the 13th consecutive year.
  • This averaged $9.48 million (up 0.4% from the previous year), and was followed by the Middle East, Canada, Germany, and Japan.
  • Interestingly, though, according to Coveware, the percentage of ransomware attacks that resulted in the victim paying dropped to a record low of 34% in Q2 of 2023.

A chart of All Ransomware Payment Resolution Rates

Cybercrime attacks on individuals in the US

Although they tend to be on a much smaller scale, cybercrimes against individuals can have a significant emotional impact. The fear of identity theft, loss of personal data, and frustration of dealing with compromised accounts can really take its toll. But just how much are people in the US affected by these types of attacks?

  • A survey conducted on behalf of Anomali by The Harris Poll found that over a fifth of US adults (21%) have experienced a ransomware attack on a personal and/or work device.
  • Amongst those who experienced an attack on a work device, 46% say their company paid the ransom. 
  • The survey found that just 51% of US adults believe the government is effectively addressing the issue of cybersecurity.
  • And that 61% would support a federal income tax increase to help fund government efforts to defend against cyberattacks.

Cybercrime on US businesses and organizations: the statistics

Now let’s talk business. Just how many US businesses have been subject to cyber attacks? And what impact does this have?

  • Emsisoft’s The State of Ransomware in the U.S. report revealed that in 2023 alone, 141 hospitals, 108 school districts, and 95 government entities were directly impacted by ransomware, alongside thousands of private sector businesses.

A bar graph showing the number of public sector organisations impacted by ransomware attacks overtime

 

*Hospital systems are comprised of multiple hospitals and school districts of multiple schools. The total number of hospitals and schools impacted is explained in the sector-specific sections below.

  • One of the most recent, largest-scale data breaches in the US was that of the State of Maine, who suffered a data breach in May 2023 that led to the loss of over a million citizens’ data.
  • The US healthcare sector has also been affected by many instances of cybercrime, with 46 individual ransomware attacks in 2023 (CNN). 
  • Change Healthcare was the victim of a ransomware attack in April 2024, with an initial ransom of $22 million in Bitcoin. It is estimated that more than 90% of 70,000 pharmacies across the United States were compromised. This prompted Senators Elizabeth Warren, Bill Cassidy, and Richard Blumenthal to release a public demand to the Cybersecurity and Infrastructure Security Agency (CISA) to reveal their plans to prevent further attacks. 

NationalPublicData.com hack 

Recently, reports have come out of a cybersecurity incident from the National Public Data, an online background check and fraud prevention service in the United States. It is alleged that a cybercriminal group, USDoD, instigated the data leak, which exposed the personally identifiable information (PII), such as the Social Security Numbers, names, and addresses, of around 2.9 billion people. The ransom was set for $3.5 million, but has since been offered for free in a dark web forum.       

This has naturally sparked outrage for billions of people whose PII have now been compromised. As of the time of writing, there is a now a class action lawsuit from law firm, Schubert, Jonckheer & Kolbe. 

Are businesses prepared to defend against cybersecurity threats?

In 2022, BlackBerry and Corvus Insurance surveyed 415 IT and cybersecurity business decision-makers in North America and Canada, to find out more about how prepared they were to defend their business’ cybersecurity. The survey found:

  • 45% of businesses do not have any cyber insurance cover whatsoever.
  • Of those who do have coverage, more than a third (37%) aren’t covered for ransomware payments.
  • Even amongst businesses that do have ransomware payment coverage, just 1 in 5 (19%) have limits greater than the median ransomware demand of $600,000.
  • This figure drops even lower for SMBs with fewer than 1,500 employees (14%).

Most common types of cyber attacks in 2024

Given so many individuals and businesses choose not to report incidents of cyber attacks to the authorities, it can be extremely difficult to determine just how often they occur and which types happen most frequently.

But as we all know, when most of us (especially us tech heads) are unsure of something, what do we do?… that’s right, Google it! Therefore, we headed over to our trusty search volume analysis tool Keyword Finder to do some digging into which types of cyber attacks are Googled most often.

Note: It’s important to note that although people are searching for these terms, it doesn’t necessarily mean they’ve been targeted by these scams. They may simply be wishing to find information on the topic. 

Most-searched cyber attack types in the US

  • Our analysis found that in the US, the most-Googled type of cybersecurity threat in 2024 is phishing, with an average of 75,600 searches made for the term every month.
  • This is followed by denial of service (40,200) and malware (38,700).
  • With ransomware (30,800) and spoofing following close by (27,100).
Keyword Avg. Monthly Search Volume (US)
phishing 75,600
denial of service 40,200
malware 38,700
ransomware 30,800
spoofing 27,100
smishing 24,200
pretexting 14,600
vishing 14,200
dos attack 11,100
insider threat 5,100

Top 10 most-Googled types of cyber attacks in the US (as of April 2024)

Most-searched cyber attacks in the UK

  • Phishing is also the most-searched form of cyber threat in the UK, averaging 22,200 monthly searches.
  • However, malware is the second-most searched (15,100), followed by ransomware (9,900).
  • Closely behind are denial of service (9,600) and spoofing (5,200).
Keyword Avg. Monthly Search Volume (UK)
phishing 22,200
malware 15,100
ransomware 9,900
denial of service 9,600
spoofing 5,200
dos attack 3,800
smishing 3,800
vishing 2,900
pretexting 1,800
insider threat 840

Top 10 most-Googled types of cyber attacks in the UK (as of April 2024)

Most widespread branded scams

One of the most convincing ways hackers or cyber scammers succeed in tricking companies and individuals is by posing as brands they trust. This can take many forms, from texts pretending to be your energy provider to emails from a social media site or streaming platform you use on a regular basis. But which of these are most common?

To find out, we used the Keyword Finder tool once more to analyze searches for scams relating to some of the UK and US’ biggest brands.

Biggest branded scams in the US

  • According to our analysis, the most-searched branded scam in the US is Facebook Marketplace, with 18,100 searches being conducted for the term on a monthly basis.
  • This is followed by PayPal scams (14,100), Facebook (8,600) and Amazon (6,600).
Keyword Avg. Monthly Search Volume (US)
facebook marketplace scam 18,100
paypal scam 14,100
facebook scam 8,600
amazon scam 6,600
instagram scam 5,800
microsoft scam 2,800
tiktok scam 1,400
netflix scam 1,400
youtube scam 950
dropbox scam 390

Biggest branded scams in the UK

  • Back across the pond in the UK, the most-searched branded scam is also Facebook marketplace, receiving an average of 8,800 searches per month.
  • PayPal appears second once again (4,600), whilst Royal Mail comes in third with 4,300 average monthly searches.
Keyword Avg. Monthly Search Volume (UK)
facebook marketplace scam 8,800
paypal scam 4,600
royal mail scam 4,300
vinted scam 3,300
facebook scam 3,000
amazon scam 2,200
microsoft scam 1,200
instagram scam 1,200
santander scam 950
banking scam 660

How NinjaOne keeps your data secure from cybersecurity threats

NinjaOne’s #1 RMM software solution has built-in tools that improve your endpoint security in a single pane of glass. With its platform, you can easily manage applications, remotely edit registries, deploy scripts, and, most importantly, immediately detect and remediate vulnerabilities and threats. 

If you’re ready, request a free quote, sign up for a 14-day free trial, or watch a demo.

Next Steps

The fundamentals of device security are critical to your overall security posture. NinjaOne makes it easy to patch, harden, secure, and backup all their devices centrally, remotely, and at scale.

You might also like

Ready to become an IT Ninja?

Learn how NinjaOne can help you simplify IT operations.

×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.

NinjaOne Terms & Conditions

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).