top of page

The Real Numbers Behind the FBI IC3 Cybercrime Report & Its victims

Updated: Mar 23, 2023

Every Year the FBI releases its annual cybercrimes reported in the United States. Every year these numbers show the severity of cybercrime and its impact on the US economy. Furthermore, it serves a key talking point for every person trying to sell something in cybersecurity. I am going to take this into how we as practitioners can help put a dent into these numbers.

The number of $10.3 Billion Dollars in cybercrimes reported in 2022 is a fraction of the real number we are dealing with as a country. This number reflects the people who filed a complaint and reported it. Many other victims choose not to do anything and quietly deal with the fact that they were defrauded. Some industry insiders and FBI officials I spoke with off the record said this number is 5 to 6 times higher than the reported number meaning approx. $55 Billion or north of that.

These types of losses are not sustainable overtime, this is wealth shifting from people who worked hard to earn it to keyboard criminals overseas working to strip this money from its owners under false pretenses.

The group most impacted by these cybercriminals are our parents and grandparents. Victims over the age of 60 lost the most amount of money in 2022 amounting to $3.1 Billion, this is retirement savings, inheritance & social security payments. Records show this group also experiences the most life altering changes due to cybercrime, many losing their homes, retirement village living and having to go live with relatives with no real way to recover from cybercrime to their late age and health.

*FBI IC3 2022 cybercrime Report

The chart below shows the crime types reported and phishing remains the main type followed by personal data breach and nonpayment and non-delivery, or I call it e-commerce scams.

* FBI IC3 2022 Cybercrime report

How can we help protect against these top three crimes and put a dent in it:

1. Every email provider should offer Free or Paid programs to address and defend users from phishing. I believe most Americans would pay $100/year to secure their digital mailbox and I hope Microsoft and Google turn that offering on.

2. Only buy from trusted websites like Amazon, local small business, or national retailers, avoid these small stores at all costs. Since most online advertising is centralized across big tech with the likes of Google, YouTube, Meta, Twitter, shopify and Microsoft, one can argue they can sniff out bad advertisers or sellers and block them and if not, then maybe victims should sue them in a class action lawsuit to create a change in behavior and advertising standards.

3. Talk to your friends, perhaps if we spent more time asking our family and friends on what’s going on in their life, we could potentially put a stop to something before the loss becomes great. While the world becomes more virtual, we need to become more human with each other. Asking questions, offering to help, and educating our loved ones can help spread the word.

The other big number in the report is the magnitude of investment scams performed online cost Americans a reported $3.3B Dollars and with the recent slowdown in the economy and massive layoffs, many out of work individuals will be looking for ways to supplement their income and we will see a raise in investment scams.

During the last market downturn in 2008, many investment scams popped up taking advantage of unsuspecting Americans trying to make ends meet only to leave them further in debt.

Here are some tips to address this:

1. If it sounds too good to be true it is!

2. Nothing that costs your hundreds of Dollars will make you thousands by learning a system or buying something.

3. Check every investment opportunity with the SEC or FTC to validate it. Most times you will see warnings about these scams there or ask a local investment advisor, friend or family member about it.

4. If it sounds too good to be true it is!!

How do we address this going forward?

Every corporate cybersecurity awareness program should be looking at this report and putting out trainings, reports, articles, and content addressing this type of cybercrime. This impacts every American whether we know it or not. Every CISO should take advantage of this report to build bridges across the various stakeholders in the organization on the impact this has on customers, employees, family members and friends. We often hear security professionals claim that security isn’t always a top priority, but these numbers shared correctly and brought to the attention of the right people are sure to raise some eyebrows and create the type of dialogue we need to advance the right security program to defend our organization, data, employees, friends, and family.

These numbers are staggering, and these losses can’t be sustained overtime, eventually this will impact every household, business, county, state, and federal government financially. It takes a village to raise a child and it takes a village to spread the impacts of cybercrime to people to get everyone to understand they have a role to play in helping reduce cybercrime and we can’t rely on the government to solve this; we need a real partnership to address cybercrime as a community and society as one.

In closing, if every local CISO/Security group partnered with local jurisdiction and started with the most vulnerable groups and spoke about cybercrime, we would start to put a real dent in these numbers. I for one will be organizing volunteers to join me to speak with the most vulnerable people in my community about cybercrime and internet safety. What do you plan to do after reading this?

You can checkout for the latest and tune in daily Monday through Thursday for the latest #cybernews live at 9am EST on Linkedin, Youtube, Twitter, Twitch and Facebook and catch our weekly episodes of CISO Talk on your favorite podcast listening platform.


bottom of page