Cybersecurity Ventures Official Annual Cybercrime Report. PHOTO: Cybercrime Magazine.

Global Cybercrime Damages Predicted To Reach $6 Trillion Annually By 2021

Cybercriminal activity is one of the biggest challenges that humanity will face in the next two decades

Steve Morgan, Editor-in-Chief

Northport, N.Y. – Oct. 26, 2020

Cybercrime is the greatest threat to every company in the world, and one of the biggest problems with mankind. The impact on society is reflected in the numbers.

In August of 2016, Cybersecurity Ventures predicted that cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined.

Our cybercrime prediction stands, and over the past four years it has been corroborated by hundreds of major media outlets, academia, senior government officials, associations, industry experts, the largest technology and cybersecurity companies, and cyber fighters globally.

The damage cost estimation is based on historical cybercrime figures including recent year-over-year growth, a dramatic increase in hostile nation-state sponsored and organized crime gang hacking activities, and a cyberattack surface which will be an order of magnitude greater in 2021 than five years ago.

Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.


Cybercrime Radio: Robert Herjavec, CEO at Herjavec Group

Sea change in where employees work: COVID-19 and the cyber threat.


Solid research stands the test of time. In 2016, we published our Hackerpocalypse report, which contained our first ever cybercrime damage cost prediction.

A year later, in our 2017 report, we emphasized the prediction of 3.5 million unfilled cybersecurity jobs by 2021, up from one million positions in 2014. In response, we asserted a new view of who is a cyber defender: “Every IT position is also a cybersecurity position now. Every IT worker, every technology worker, needs to be involved with protecting and defending apps, data, devices, infrastructure, and people.”

In our 2018/2019 report, we shared statistical data around the cyber attack surface, cybersecurity spending, ransomware, and the labor crisis in our field, to put the cybercrime damage cost estimate in perspective. The takeaway was that like street crime, which historically grew in relation to population growth, we are witnessing a similar evolution of cybercrime. It’s not just about more sophisticated weaponry; it’s as much about the growing number of human and digital targets.

Over the past two years there have been some copycat estimations which adjust our $6 trillion figure up or down, all of which come from sources who previously quoted the original report from Cybersecurity Ventures. The industry at large has coalesced around our prediction. Extensive dialogue with the media, government and law enforcement, academia, industry associations, vendors, and cybersecurity pundits globally, have forged strength in unity around a common pursuit to combat cybercrime.

COVID-19: Cyber Threat to Remote Workers

The coronavirus (COVID-19) outbreak has led to a massive number of employees globally being sent home to work remotely.

Cybersecurity experts are urging remote workers to beef up their awareness and knowledge of phishing scams, the fastest-growing type of cybercrime, many of which are now playing on fears of the coronavirus.

“Cybercriminals thrive on chaos, whether it’s real or perceived,” says Robert Herjavec, founder and CEO at Herjavec Group, and a Shark on ABC’s Emmy Award-winning hit show, Shark Tank. “Your team will experience an uptick in phishing attacks as a result of the global coronavirus pandemic,” Herjavec advises corporate IT and security teams.


Cybercrime Radio: Herb Stapleton, FBI Cyber Division Section Chief

Complains to FBI’s IC3 spiked 3X after COVID-19 hit with full force


After the COVID-19 pandemic hit with full force, the number of complaints received by the FBI’s Internet Crime Complaint Center (IC3.gov) spiked 3X, according to Herb Stapleton, FBI Cyber Division Section Chief.

Scammers are notorious for preying on the vulnerable during national disasters and tragic events when people are distracted and let their guards down. Stapleton notes COVID-19 is worse and has spurred more cybercrime because it’s global.

Prior to March (2020), the IC3 was receiving around 1,000 complaints per month and now that figure is up to nearly 3,000.

Employees from organizations of all sizes and types now have minimal cybersecurity resources, if any, compared to what is normally available to them. If remote workers don’t immediately self-educate, and if businesses don’t immediately provide their employees with security awareness training centered on the home office threat, then we could see global cybercrime damage costs as much as double by the end of this year.

Businesses have a short window of time to train their remote employees on how to detect and react to phishing scams, and other types of cyberattacks. If they act immediately and thoroughly, then cybercrime damage costs can be contained and kept at or near the current level.

For years, phishing emails have initiated the bulk of cyberattacks on individuals. “Phishing emails almost always want you to click on something, for instance to update your payment details, or access the latest information on COVID-19,” according to Herjavec.

Cybersecurity Ventures’ estimation that cybercrime damage costs could potentially double during the coronavirus outbreak period is concerned not only with phishing scams, but also with ransomware attacks, insecure remote access to corporate networks, remote workers exposing login credentials and confidential data to family members and visitors to the home, and other threats.

Ransomware Damage

Ransomware, the fastest-growing type of cybercrime, will claim a new victim every 5 seconds by 2021.

Cybersecurity Ventures predicts global ransomware damage costs will reach $20 billion by 2021 – which is 57X more than it was in 2015.

FBI Cyber is particularly concerned with ransomware hitting healthcare providers, hospitals, 911 and first responders. These types of cyberattacks can impact the physical safety of American citizens, and this is the forefront of what Section Chief Stapleton and his team are focused on.

Nearly 4 years ago, Cybersecurity Ventures predicted that ransomware attacks on healthcare organizations would quadruple between 2017 and 2020, and would grow 5X by 2021.

Ransomware recently claimed its first human life. German authorities reported last month a ransomware attack caused the failure of IT systems at a major hospital in Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment.

CIOs, CISOs (chief information security officers), and IT security teams need to heighten their awareness and response plans around the ransomware threat. Cyber defense needs to cross boundaries so that every IT worker understands exactly what ransomware is, how it infects organizations, and how to combat it.

Spread the Word

The primary goal of our report is to spark major discussion around cybercrime — and cyber defense — from local, national, and global political, business, technology, and cyber leaders. We invite broadcasters, publishers, editors, reporters, and bloggers to borrow generously from our report in their efforts to raise up cybersecurity in the public’s consciousness.

We ask that when citing or quoting our figures, you include proper credits to us for the research i.e. “according to Cybersecurity Ventures,” and preferably a hyperlink to us for the benefit of readers.

Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.

Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.


Our Sponsor

At Herjavec Group, cybersecurity is what we do. Dynamic IT entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. We have been recognized as one of the world’s most innovative cybersecurity operations leaders, and excel in complex, multi-technology environments. We have expertise in comprehensive security services including Managed Security Services & Professional Services (Advisory Services, Identity Services, Technology Implementation, Threat Management & Incident Response). Herjavec Group has offices and Security Operations Centers across the United States, United Kingdom and Canada.