Cybercrime Losses Pass US$9.5 Trillion Dollars in 2024 – Per Cybersecurity Ventures

Striking New Data from Cybersecurity Ventures shows that Cybercrime has exceeded US$9.5 Trillion Dollars in 2024

Cybersecurity Ventures’ recent consumer cybersecurity survey sheds light on the evolving landscape of cyber threats and their impact on public trust and economic stability. The survey highlights a growing anxiety among consumers, with a significant portion expressing heightened fears about scams and fraud, particularly as AI technologies become more sophisticated.

One of the most striking findings is the profound impact of transaction fraud on consumer behavior. The survey indicates that 66% of consumers would cease shopping at a retailer where they have experienced transaction fraud, a statistic that underscores the fragile nature of consumer trust in the digital age. This trend is particularly concerning for small businesses, which often lack the resources to recover from such incidents and may struggle to regain customer confidence.

The survey also highlights the generational differences in engaging with scams, noting that Gen Z is more likely to interact with deceptive content. This generational disparity suggests a need for tailored cybersecurity education and awareness programs that can effectively reach and engage younger audiences. As AI continues to advance, the believability of deepfakes and other manipulated media is only expected to increase, posing new challenges for both consumers and businesses.

Moreover, the survey emphasizes the urgent need for enhanced cybersecurity measures, particularly for small businesses that are vulnerable to cyber fraud. With nearly one in four small businesses in Europe at risk of closure due to cyber fraud, the survey calls for stronger security measures and more accessible cybersecurity solutions. Mastercard’s initiatives, such as the European Cyber Resilience Centre, aim to foster collaboration between the public and private sectors to address these challenges and build a more resilient digital economy.

As we navigate an increasingly digital world, the insights from Mastercard’s survey serve as a wake-up call for consumers, businesses, and policymakers to prioritize cybersecurity and trust in our digital interactions. By understanding and addressing the evolving nature of cyber threats, we can work towards creating a more secure and trustworthy digital environment for all.

According to MasterCard October 6, 2025

Based on the study by Cybersecurity Ventures

When it comes to fraud, a sense of insecurity and even inevitability, global survey shows

The survey about cybersecurity reveals some stark generational differences and growing anxiety over AI-generated scams.

Seven of 10 people say that it’s harder to secure their information on digital platforms than it is to secure their own home, according to a new global survey conducted for Mastercard. It’s not just the degree of difficulty — remembering a host of passwords and juggling one-time passcodes vs. turning a key or arming an alarm. It’s the scale of the cyber threat: A thousand burglars aren’t trying to pick your lock every minute of the day.

Last year, losses and damages from cyberattacks came to $9.5 trillion, making cybercrime the third-largest economy in the world — and growing, thanks to the widespread availability of AI tools to supercharge scams and accelerate attacks.

The risks of living in always-on world are sinking in, with 76% of survey respondents more concerned about cyber risks impacting their life than they were two years ago. Well over half say they think about cybersecurity and online safety at least weekly — even more than they think about their own job security.

The survey, conducted last month by the Harris Poll of 13,077 adults across 13 countries, also revealed that younger people are more likely to fall for online fraud, that people would feel too ashamed to report the crime, and, perhaps most worryingly, that nearly 60% say that fraud is so pervasive that being scammed is simply inevitable.

“If people feel more vulnerable in the virtual world than in their own homes, that signals that the trust in the technology that governs our lives is under threat – and there’s work to be done to achieve the full promise of the digital economy,” says Johan Gerber, the global head of Security Solutions at Mastercard. For example, 66% of consumers would stop shopping altogether at a retailer where they experienced transaction fraud, which would have outsize impact on small businesses, which have fewer resources to respond to threats and may struggle to regain customer confidence.

“Trust can’t be an afterthought,” Gerber says. “It must be the foundation of our digital lives.”

Let’s dig deeper into some of the findings from the survey.

The younger they are, the harder they fall

Different generations perceive and respond to cyber threats differently, with 43% of Gen Z and 39% of millennials reporting they have engaged with scam attempts, as compared with only 22% of Gen X and 14% of boomers. Ironically, younger people said they were “very confident” in their ability to identify threats — one in five for Gen Z and millennials, vs. fewer than one in 10 for Gen X and boomers. When asked about what actions they take to protect themselves from fraud, Gen Z were less likely than older peers to check the sender before opening emails or to use security software and tools, while boomers were less likely to enable biometric authentication for their apps or digital accounts or to review and adjust privacy settings.

The fear of scam shaming is real

Experts say fraud, particularly romance cons, are vastly underreported, because the betrayals are so deeply personal and friends, family and even law enforcement tend to blame the victim. That sense of stigma was borne out by the survey: 59% say they would feel ashamed if they fell victim to an online scam, and about half said they would be embarrassed to tell anyone if they experienced a fraudulent transaction. But good news: The fear may be overblown. A much smaller percentage — only 37% — said they would judge someone who experienced a fraudulent transaction.

• 70% of global consumers agree that it is harder to secure their information on digital platforms than it is secure their physical home
• 80% of global consumers have received a scam attempt in the last year
• 75% of global consumers say they are more concerned about the impact of cybersecurity risks than they were two years ago

Smarter tech means sharper threats

Anxiety over AI is widespread, from the potential for AI systems to be hacked and turned against its users to automated large-scale cyberattacks to AI-generated voice cloning for scam calls to deepfakes interfering in government and threatening national security. Nearly three-quarters agreed that AI will make it impossible to tell what’s real and what’s fake online, and only 13% of respondents were “very confident” in their ability to identify AI-generated threats or scams.

There is a generational divide as well, with about half of Gen Z and millennials saying they were more trusting of AI than human-monitored security, as compared with 44% of Gen X and 31% of boomers. And Gen Z was the most optimistic that AI could make identity verification and fraud protections better in the next five years.

“An AI-powered economy can only usher greater growth and deeper connection if we work together to make trust and security inseparable from innovation,” Gerber said. “Organizations that weave trust — and security — into every layer of technology will be the ones that thrive. Only in this way can we create a digital future that is both resilient and limitless.”

Learn more at: https://cybersecurityventures.com/official-cybercrime-report-2025/

Conclusion

Mastercard’s 2025 cybersecurity survey underscores the growing challenges consumers and businesses face in an increasingly digital world. With 76% of respondents expressing heightened concerns about cyber risks, it is evident that the threat landscape is evolving rapidly, impacting both personal and business security. The survey highlights the need for enhanced cybersecurity measures, particularly for small businesses, which are often the most vulnerable to cyber fraud. As the global financial toll of cyberattacks is projected to reach $10.5 trillion annually by 2025, the urgency for robust cybersecurity solutions becomes increasingly apparent. By understanding and addressing these challenges, individuals and organizations can work towards building a more secure and resilient digital future.

Glossary

• Authentication fatigue — Describes a state where frequent security prompts reduce attention and care. It increases error rates and creates openings for social engineering. Clear schedules for prompts and fewer, stronger checks reduce this risk.
• Biometric authentication — Refers to identity checks that rely on fingerprints, face, or voice. It reduces password risk but introduces privacy and spoofing issues. Liveness checks and secure device storage improve reliability.
• Botnet — Describes a network of malware-controlled devices used to automate attacks. It floods sites, tests stolen credentials, or spreads scams at scale. Traffic filtering and device updates reduce exposure.
• Chargeback — Refers to a payment reversal initiated by a cardholder’s bank after disputed fraud. It protects consumers but raises costs for merchants. Clear receipts, fraud tools, and quick responses limit losses.
• Consumer trust break — Describes the loss of confidence after a fraud incident at a retailer or platform. It often leads customers to stop transacting there. Visible remediation and verified communication help rebuild confidence.
• Credential stuffing — Refers to automated login attempts using stolen username-password pairs from other breaches. It succeeds when people reuse passwords. Unique passwords and passkeys reduce this threat.
• Cyber resilience — Describes an organization’s ability to prepare for, withstand, and recover from attacks. It includes backups, incident drills, and rapid restoration. Regular testing keeps recovery plans usable under stress.
• Cybersecurity hygiene — Refers to routine habits that lower risk across accounts and devices. It includes updates, unique credentials, and limited app permissions. Small, steady actions reduce large exposure.
• Deepfake media — Describes realistic synthetic audio or video made with AI. It impersonates voices, faces, or events to gain money or access. Multi-step verification and a pause before payment to counter its pull.
• Device fingerprinting — Refers to identifying a device by its unique configuration and signals. It helps detect abnormal access or fraud patterns. Privacy rules and clear disclosures guide responsible use.
• Digital trust — Describes confidence that systems process data and payments safely and fairly. It grows through transparent policies, strong security, and quick support. Consistent practice builds durable trust over time.
• Fraud inevitability belief — Refers to the learned view that scams cannot be avoided. It increases risk-taking and reduces reporting. Clear steps and peer support replace fatalism with practical control.
• Generational risk gap — Describes how age groups differ in scam exposure and habits. Younger users engage more with digital content and riskier prompts, while older users avoid newer protections at times. Tailored education closes the gap.
• Honeypot — Refers to a controlled decoy system that lures attackers for study. It helps teams learn tactics and improve defenses without endangering production data. Careful isolation keeps it safe to use.
• Identity verification — Describes confirming a person is who they claim to be. It may include documents, biometrics, or trusted database checks. Clear consent and data minimization protect privacy.
• Incident response plan — Refers to a written, tested guide for handling cyber events. It assigns roles, contact paths, and recovery steps. Regular drills make decisions faster during real incidents.
• Layered security — Describes combining multiple controls so one failure does not cause a loss. It may include device checks, behavior analytics, and human review. Balanced layers reduce friction while keeping strength.
• Merchant fraud exposure — Refers to the risk retailers face from stolen cards, account takeovers, and chargebacks. It strains margins and trust, especially for small businesses. Strong checkout controls and clear policies reduce harm.
• Multi-factor authentication — Describes requiring two or more proofs, such as a password and a code or passkey. It blocks many automated attacks and account takeovers. Phishing-resistant factors add further safety.
• One-time passcode — Refers to a short-lived code sent by text, app, or email to confirm a login or payment. It helps when passwords leak but can be stolen through phishing or SIM swaps. App-based codes and passkeys offer stronger protection.
• Patch management — Describes the process of applying security updates to systems and apps. It closes known holes that criminals target quickly. Regular schedules and testing keep operations stable.
• Payment tokenization — Refers to replacing card numbers with random tokens during transactions. It limits exposure if systems are breached. Broad adoption reduces the value of stolen data.
• Phishing-resistant MFA — Describes factors, such as passkeys or hardware keys, that do not reveal reusable codes. It prevents man-in-the-middle theft during login. Wider support makes secure access simpler.
• Romance-con underreporting — Describes the tendency to hide or delay reporting relationship fraud due to shame. It blocks recovery steps and obscures true impact. Confidential reporting and non-blaming support increase disclosures.
• Security by design — Refers to building products with safety features from the start. It includes least-privilege access, encryption, and clear defaults. Early choices reduce costly fixes later.
• SIM swapping — Describes taking control of a phone number to intercept messages and codes. It enables account takeovers and financial theft. Carrier PINs and app-based authentication reduce this threat.
• Small-business resilience — Refers to the capacity of smaller firms to prepare for and recover from fraud. It depends on affordable tools, backup processes, and trusted partners. Simple playbooks keep operations moving after incidents.
• Social engineering — Describes manipulating people to bypass technical defenses. It uses urgency, authority, or affection to gain access or money. Calm checks and verified channels interrupt the script.
• Spear phishing — Refers to targeted, researched messages sent to specific people or roles. It often uses realistic names, past events, or job details. Independent verification blocks the trap.
• Synthetic identity — Describes a fake persona built from real and fabricated data. It passes basic checks and opens accounts that later default. Advanced analytics and document validation help detect it.
• Transaction fraud — Refers to unauthorized or deceptive charges on payment accounts. It erodes trust and shifts customers away from affected merchants. Fast dispute handling and secure checkout limit lasting damage.
• Two-channel verification — Describes confirming a request through a second, independent route. It may pair email with a phone call or a portal message with an in-person check. This simple step blocks many urgent payment scams.
• User reporting stigma — Refers to fear and shame that keep people from disclosing fraud. It delays help and hides patterns that aid prevention. Judgment-free intake and quick support reduce this barrier.
• Vishing — Describes voice-based scams that press for money or credentials by phone. It often uses spoofed numbers and urgent claims. Call-back to official contacts restores control.
• Web skimming — Refers to malicious code on payment pages that captures card data. It exploits outdated plugins and weak content controls. File integrity checks and content security policies prevent theft.
• Zero-trust architecture — Describes a model that treats every user, device, and request as untrusted by default. It grants only the minimum access needed and rechecks often. Continuous verification reduces the blast radius of attacks.