Cybercrime Losses Hit $21B

Americans reported nearly $20.8 billion in internet-crime losses in 2025, up from about $16.6 billion in 2024, and the Federal Bureau of Investigation logged more than 1 million complaints for the first time in the reporting system’s 25-year history. (ic3.gov) That number is not a count of hacked servers. It is money people and companies told the Federal Bureau of Investigation they actually lost through things like investment fraud, business email compromise, extortion, and fake tech-support schemes. (ic3.gov) The biggest bucket was investment fraud, which produced about $6.6 billion in losses by itself. Business email compromise came next at roughly $2.8 billion, which is what happens when criminals slip into an email chain and redirect a payment like a fake change-of-address form for money. (ic3.gov) Cryptocurrency was all over the report because it showed up in more than 149,000 complaints and about $9.3 billion in losses. The Federal Bureau of Investigation said older Americans were hit especially hard, with people age 60 and over reporting about $4.8 billion in cryptocurrency-related losses. (fbi.gov) Phishing was still the most common front door, with 193,407 complaints in 2025. That is the digital version of a forged note that looks official enough to make you hand over a password, click a poisoned link, or approve a payment. (ic3.gov) Ransomware was smaller in complaint count than phishing, but it kept landing on essential services. The Federal Bureau of Investigation said it saw 4,860 ransomware complaints in 2025, including attacks against healthcare organizations, schools, government agencies, and critical manufacturing. (ic3.gov) Critical infrastructure means the systems people notice only when they fail, like hospitals, pipelines, water plants, ports, and power networks. The Cybersecurity and Infrastructure Security Agency said in its 2025 year-in-review that it spent the year helping operators harden those sectors against cyber and physical disruption. (cisa.gov) United States intelligence agencies have been warning that foreign governments and criminal groups are both in this game now. The Office of the Director of National Intelligence said in its March 2025 threat assessment that China, Russia, Iran, and North Korea all pose cyber threats to U.S. networks and some can disrupt critical infrastructure. (dni.gov) That is why the $20.8 billion figure lands differently than an ordinary fraud statistic. A fake invoice that drains a company account and a ransomware hit that freezes a hospital now sit on the same balance sheet as fuel costs, insurance premiums, and supplier delays. (ic3.gov, dni.gov) The Federal Bureau of Investigation also said people age 60 and over filed about 147,000 complaints and reported roughly $4.9 billion in total losses in 2025, more than any other age group. When one age band can lose nearly $5 billion in a year, cybercrime stops looking like a niche computer problem and starts looking like a mass-market extraction business. (ic3.gov) The report does not mean every dollar was stolen by breaking into a network. It means the internet has become the delivery system for scams, impersonation, payment diversion, and extortion at a scale where executives now have to treat cyber readiness the way they treat credit risk or supply-chain risk: as a recurring operating cost with real cash leaving the door. (ic3.gov, industrialcyber.co)