Why cybercrime losses hit $21 billion in 2025, and what it means for organizations

What the FBI’s 2025 IC3 report reveals about fraud, AI, cryptocurrency, and cyber risk.

Key takeaways

• Reported cybercrime losses reached nearly $21 billion in 2025, a 26% increase over the previous year.
• The largest losses came from investment fraud, business email compromise and tech support scams, rather than traditional hacking.
• Social engineering, not technical exploitation, is now the primary driver of financial impact.
• AI and cryptocurrency are making attacks more convincing, scalable and difficult to recover from.
• Your biggest risk exposure is not just being compromised, but how quickly an attacker can turn access or trust into money.

Why did cybercrime losses reach a record high in 2025?

The FBI’s latest Internet Crime Complaint Center (IC3) report puts total reported cybercrime losses for 2025 at just over $20.8 billion, based on more than one million complaints. That represents a 26% increase year over year and the highest total the FBI has recorded since it began tracking this data.

On its face, that number is striking. But it is part of a longer trend in which cybercrime has steadily become more profitable, more scalable and more effective at extracting money rather than simply causing disruption.

Indeed, the headline figure matters less than the pattern behind it. The question is not just how much is being lost, but how those losses are occurring and why they continue to grow at this pace.

The shift from intrusion to monetization

One of the most important takeaways from the report is that the largest financial losses are no longer driven by technically sophisticated breaches. They are driven by fraud.

Investment scams were responsible for more than $8.6 billion in losses in 2025, by far the largest category. Business email compromise followed at roughly $3 billion, with tech support scams accounting for more than $2 billion.

What these three categories have in common is that they rely on manipulating people’s behavior, not breaking systems.

This reflects a broader shift in attacker behavior. Rather than investing time and expertise in complex exploitation chains, many attackers are focusing on methods that allow them to access funds directly. If they can persuade someone to transfer money, approve a payment or invest in a fraudulent platform, they can achieve the same end result with far less effort and risk.

Why fraud now drives most of the damage

The data makes clear that cyber-enabled fraud accounts for the majority of reported financial losses.

That includes a wide range of activity, but most of it follows familiar patterns. An attacker initiates contact through email, text message, social media, or even a phone call. They establish credibility, often by posing as a colleague, vendor or financial advisor. They then guide the target toward a financial transaction, which is difficult or impossible to reverse.

Phishing and spoofing remain among the most common entry points, with nearly one-fifth of complaints involving these techniques.

None of this is new in principle. What has changed is the scale and sophistication. These attacks are more targeted, more believable and more tightly aligned with the way people actually work and communicate.

How are AI and cryptocurrency increasing cybercrime losses?

Two factors in particular are accelerating this trend. The first is artificial intelligence. The FBI tracked AI-related cybercrime as a distinct category for the first time in 2025, logging tens of thousands of complaints and close to $900 million in losses.

AI does not fundamentally change the nature of cybercrime. What it does is improve execution. It allows attackers to generate convincing messages, adapt language and tone to specific targets and automate large-scale campaigns. In effect, it lowers the barrier to producing high-quality social engineering on a vast scale.

The second factor is cryptocurrency. Crypto-related investment scams alone accounted for more than $7.2 billion in losses.

Cryptocurrency makes it easier to move funds quickly and across borders, and significantly harder to recover those funds once they have been transferred. For attackers, that combination is ideal. For you, it means that mistakes are more costly and less reversible.

Why this matters more than ever if your resources are limited

If you are part of a small or mid-sized organization, it would be easy to assume that these trends apply mostly to larger enterprises or high-profile targets, but in practice, the opposite is often true.

Fraud-based attacks scale well. They do not require deep technical access, and they can be adapted to almost any environment. Many organizations that experience losses are not highly targeted in a traditional sense. They are simply part of a large pool of potential victims.

The IC3 data also suggests that many victims do not realize what is happening until after the fact, particularly in cases like investment scams or business email compromise. To put it another way, regardless of size or industry, you will be attacked. And the key to reducing your risk is to improve your ability to detect and respond effectively to an attack as quickly as possible.

Practical steps to take now

The shift toward financially motivated, socially engineered attacks has practical implications for how you approach security.

First, you need to treat communication channels as part of your attack surface. Email, messaging platforms and even phone calls are common entry points. Controls that verify identity and validate requests, especially around payments or credential changes, are critical.

Second, visibility matters. Many of these attacks leave subtle signals that something is wrong, whether that is unusual login behavior, unexpected account activity or anomalous network traffic. Being able to see and interpret those signals early is key.

Finally, response speed is increasingly important. The window between initial contact and financial loss can be very short. The faster you can detect suspicious activity and take action, the more likely you are to prevent or limit damage.

Where security platforms can help

Most organizations do not have the resources to monitor every signal across every system in real time. That is where security platforms that combine detection, response and continuous monitoring come into play.

Solutions like extended detection and response (XDR) and managed detection services are designed to bring together data from endpoints, networks and cloud environments, and to highlight behavior that stands out as unusual or risky. They also help you respond more quickly, whether that means isolating a compromised system, disabling an account or investigating a suspicious sequence of events.

Services like Barracuda Managed XDR combine automated, AI-enhanced detection with expert human analysis, which can make a practical difference when you need to understand what is happening and respond quickly and effectively.