Full Report
2024 was a year of increased cybercrime, vulnerabilities, threat groups, and hacktivism. Security budgets increased, as did losses from cybercrime incidents. Here's a look at a few of the most interesting numbers.
Analysis Summary
# Cybercrime Landscape in 2024: Increased Activity and Costs
## Key Points
- 2024 was characterized by an increase across cybercrime activity, vulnerabilities exploited, documented hacking groups, and hacktivism incidents.
- Security budgets increased year-over-year, yet overall reported losses from cybercrime incidents also rose.
- The average cost of a data breach increased to **$4.88 million in 2024**, up from $4.45 million in 2023.
- The majority of ransomware attack costs continued to trend upwards, with the average payment increasing to **$2.73 million** (up from $1.82 million in 2023). Fewer companies, however, opted to pay ransoms.
- Phishing and stolen/compromised credentials remained the top two initial attack vectors used by threat actors.
- Malware attacks targeting IoT devices, primarily in the manufacturing sector, saw a significant increase of **400%**.
- The estimated total cost of global cybercrime for 2024 ranged between **$9.22 trillion and $9.5 trillion**.
## Threat Actors
- **ALPHV (Ransomware-as-a-Service group):** Disbanded in 2024 after seemingly draining cryptocurrency accounts, following their involvement in the $22 million Change Healthcare ransom incident in February 2024.
- **Ransomware Landscape:** Saw the emergence of $\text{33}$ new or rebranded ransomware groups, contributing to an estimated **30% increase** in active ransomware threat actors (joining over $\text{40}$ existing groups).
- **Geopolitical Elements:** World events and political divisions are cited as growing factors influencing threat actor motivations alongside financial gain.
## TTPs
- **Attack Vectors:** Phishing and stolen/compromised credentials persist as the leading initial access methods.
- **Ransomware:** Activity continued to be a primary driver of financial impact.
- **DDoS Attacks:** Recorded as being significantly higher than in previous years.
- **IoT Exploitation:** Increased malware targeting IoT devices, particularly in manufacturing (up $\text{400%}$).
- **Social Engineering:** Malware-free social engineering attacks saw a surge.
## Affected Systems
- **IoT Devices:** Manufacturing sector devices were specifically noted as facing a $\text{400%}$ increase in malware attacks.
- **Windows Desktops:** Approximately $\text{400}$ million Windows 10 desktops faced end-of-life support in October 2025, posing a significant unmanaged risk (Windows 10 market share was $\text{62.73%}$ as of December 2024).
- **Healthcare Sector:** Experienced a decrease in total breach-related costs, falling from $\$10.93$ billion to $\$9.77$ billion.
## Mitigations
- Organizations must remain vigilant, considering geopolitical tensions as a relevant driver for attacks.
- All victims are strongly advised to **report cybercrimes to law enforcement officials** to improve data collection and tracking efforts.
- Addressing the Windows 10 EOL risk is critical, potentially requiring replacement of an estimated $\text{48}$ million devices ($12\%$ of the installed base) at an assumed cost of $\$1,000$ per device.
- Improvement in security processes led to a reduction in the average time to identify and contain a breach, which fell to $\text{258}$ days (down from $\text{277}$ days).
## Conclusion
The 2024 threat landscape signals a maturation of criminal activity, evidenced by rising average breach costs, a proliferation of ransomware groups, and sector-specific spikes in targeting (e.g., IoT in manufacturing). While response times slightly improved, the sheer scale of financial damage and the lack of standardized reporting continue to obscure the full scope of global cybercrime. Vigilance against high-volume attack vectors like phishing, coupled with mandatory incident reporting, is essential for future defense strategies.