More and more people are losing more and more money to cyber-enabled criminals, or at least that's the way it seems to many of us. Unfortunately, solid metrics on cybercrime are hard to find, a topic that I explored in depth in this article: Advancing Accurate and Objective Cybercrime Metrics in the Journal of National Security Law & Policy.
But as serious cybercrime watchers in the US will know, in March of every year, one set of numbers is released that has stood the test of time: the IC3 Annual Report, an analysis of losses from Internet crimes reported to the FBI's Internet Crime and Complaint Center. While there are some issues with using the IC3 numbers as crime metrics—they were not originally collected as an exercise in crime metrics—I have studied all of the IC3 annual reports and am satisfied they reflect real world trends in cybercrime's impact on victims, as measured by direct monetary loss (for more details see the previously mentioned article).
The first of these reports was published in 2002 as the Internet Fraud Complaint Center (IFCC) 2001 Internet Fraud Report. I keep a PDF copy of that one on my hard drive, along with all the others since. In recent years the full title has been something like The Federal Bureau of Investigation Internet Crime and Complaint Center (IC3) Internet Crime Report.
As I write this, on March 15, 2025, I am eagerly awaiting the latest IC3 annual report, the one that shows Internet crime losses in 2024. When it comes out, I will update the graph at the top of this article. This charts the dramatic annual increase in losses over the last 10 years.
The full story is even more dramatic. In 2001, losses were less than US$20 million and it took 14 years for them to reach US$1 billion. However, it took half that time to blow through US$10 billion in 2022—that's 10X in seven years. Clearly, the figure is heading for US$15 billion. Did it get there in 2024? I'm hoping not, and my guess is it will hit US$14.5 billion in the 2024 report.
I encourage you to check back here in a week or so to see if I was right. Of course, it would be great if the number was substantially less than US$14.5 billion. In the meantime, I am keeping my fingers crossed that the IC3 report has not become a victim of the massive upheaval in federal agencies, ushered in by President Trump and executed by billionaire technocrat Elon Musk.
(Please feel free to DM @zcobb.bsky.social if you know how things are going at IC3.)
