Number of Cyberattacks in the United States
Cyberattacks have become a defining risk for organizations, individuals, and governments in the United States. In 2024 alone, the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) received 859,532 reports of cybercrime, underscoring the relentless pace of digital threats and their mounting impact on the economy and society.
These numbers reflect just a fraction of the total attacks occurring nationwide each year, as many incidents go unreported. Yet even reported figures paint a stark picture: financial losses linked to cybercrime surged 33% in 2024, reaching a record $16.6 billion.
Understanding how often cyberattacks occur and what drives them is essential for business leaders, IT teams, and security professionals. In this article, we explore the frequency of U.S. cyberattacks, examine the most common threats, and highlight why expert guidance from a cybersecurity consultant or data security consultant is now a strategic necessity.
| Year | Reported Cyberattack Complaints | Percentage Growth (YoY) |
| 2018 | 351,900 | N/A |
| 2019 | 467,400 | +32.83% |
| 2020 | 791,800 | +69.41% |
| 2021 | 847,400 | +7.02% |
| 2022 | 800,900 | -5.49% |
| 2023 | 880,400 | +9.93% |
| 2024 | 859,500 | -2.38% |
Source: Federal Bureau of Investigation (via USA Facts)
Related: What Is IoT Cybersecurity?
Types Of Cyberattacks Occurred in The U.S.?
Before diving into frequency data, it’s useful to define what constitutes a cyberattack. The National Institute of Standards and Technology (NIST) explains that a cyberattack is…
“Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.”
This broad definition includes:
- Phishing and spoofing scams
- Data breaches and extortion
- Malware and ransomware
- Distributed Denial of Service (DDoS) attacks
Because of the wide range of malicious activity covered, cyberattack data includes both technical system breaches and high‑impact fraud and social engineering schemes.
Related: The Impact of AI on Social Media Platforms
Top Cyberattack Types and Trends in 2025
As of December 2025, the FBI’s Internet Crime Complaint Center (IC3) has not yet released its annual report for calendar year 2025. The most recent official report (released in April 2025) covers 2024 data, with 859,532 reported complaints and losses exceeding $16.6 billion (a 33% increase from 2023). Full-year 2025 figures are expected in spring 2026.
However, emerging trends and partial insights for 2025 indicate continued growth in cyber threats, driven by AI, cryptocurrency scams, and sophisticated social engineering.
Top Types by Number of Complaints (Based on 2024 Data – Latest Available)
Phishing and related social engineering remain the most reported:
| Rank | Type | Complaints (2024) | Notes |
| 1 | Phishing/Spoofing | ~300,000+ (leading category) | Primary entry vector; often leads to extortion or breaches. |
| 2 | Extortion | High volume | Includes sextortion and ransomware demands. |
| 3 | Personal Data Breaches | Significant | Unauthorized access to personal info. |
Top Types by Financial Losses (2024 Data – Latest Available)
Fraud dominates losses:
| Rank | Type | Losses (2024, USD) | Notes |
| 1 | Investment Fraud | $6.5–6.6 billion | Heavily crypto-related (“pig butchering” scams). |
| 2 | Business Email Compromise (BEC) | $2.8–2.9 billion | Impersonation for wire transfers. |
| 3 | Tech Support Fraud | $1–1.5 billion | Fake support targeting individuals. |
| 4 | Ransomware | Critical impact | Complaints up 9%; major threat to infrastructure. |
Cryptocurrency is involved in losses of $9–10 billion in related scams (significant growth).
Key Trends for 2025 (Mid-Year Insights and Projections)
- AI-Driven Attacks: Generative AI is amplifying phishing (e.g., deepfakes, personalized scams) and malware creation. Reports indicate AI use in 80–90% of advanced social engineering attacks.
- Ransomware Persistence: 67 new variants in 2024; top groups include Akira, Lock Bit (disrupted but variants persist), Ransom Hub, and FOG. Critical infrastructure (healthcare, energy) remains a prime target; over 4,800 related complaints in 2024.
- Cryptocurrency and Investment Scams: Continued surge; projections estimate global crypto fraud losses approaching $30 billion annually by end-2025.
- Supply Chain and Third-Party Risks: Increasing exploitation of vendors and edge devices.
- Impersonation and Deepfakes: Rising IC3 impersonation scams and deepfake-enabled fraud.
- Global Projections: Cybercrime costs estimated at $10.5–13 trillion globally in 2025, with U.S. losses likely exceeding 2024’s record.
- Vulnerable Groups: Victims over age 60 continue to report the highest losses ($5 billion in 2024).
Sources: FBI IC3 2024 Report (April 2025 release)
Who Is Most Affected and What Types of Cyberattacks Are Most Common?
Cybercrime does not affect all demographics equally. In 2024, adults aged 60 and older reported the most complaints and the largest financial losses, accounting for about 147,000 reports and roughly $4.8 billion in losses. This highlights how attackers often target individuals perceived as less familiar with digital threats, an insight that can help organizations tailor education and protective measures.
Among the most common types of cyberattacks in 2024 were:
- Phishing and Spoofing: Representing over 20% of all complaints, these attacks trick users into revealing credentials or performing actions that compromise security.
- Extortion and Ransomware: Ransomware continued to impact organizations across sectors, particularly critical infrastructure such as healthcare and public services, which reported hundreds of incidents.
- Personal Data Breaches: Incidents where sensitive information is exposed or stolen, often leading to long-term privacy and compliance implications.
- Investment and Financial Fraud: Cryptocurrency and other investment scams caused the largest total financial losses, showing how cybercrime increasingly intersects with financial deception.
This combined perspective emphasizes both the demographic most at risk and the types of attacks organizations and individuals must prioritize in their security strategies.
Related: Why Anonymization Is A Major Challenge In Cybersecurity: Risks, Techniques, And Best Practices
Why Cyberattacks Are Increasing
The frequency and sophistication of cyberattacks are rising due to multiple converging factors. Expanded attack surfaces from widespread cloud adoption and remote work have created more entry points for malicious actors. At the same time, threat actors are increasingly leveraging AI and automation to launch faster, more targeted attacks. Sophisticated social engineering techniques continue to trick users into exposing sensitive credentials or executing malicious actions.
Greater awareness and reporting among victims also contribute to the higher number of documented incidents, reflecting both improved detection and actual increases in attacks. Recent research indicates that organizations across North America experienced a sharp rise in targeted attack attempts, with some reporting over 1,200 weekly attacks per organization in 2024.
Additionally, foreign adversaries and criminal syndicates are harnessing advanced technologies like AI to refine phishing campaigns and automate attacks with unprecedented efficiency. These trends highlight the need for proactive cybersecurity measures and expert guidance from cybersecurity consultants and data security consultants to stay ahead of evolving threats.
Related: What Is Threat Hunting In Cybersecurity?
Common Vulnerabilities and Attack Vectors
Understanding where cyberattacks exploit weaknesses helps inform better defenses. Some of the most frequent vulnerabilities include:
- Unpatched systems and outdated software
- Weak or reused passwords
- Misconfigured access permissions
- Third‑party vendor weaknesses
A data security consultant can help organizations identify and remediate these gaps by evaluating data flows, access policies, and network configurations to reduce exposure before an attack occurs.
Strategic Cybersecurity: Expert Guidance from Dr. Ondrej Krehel
From the perspective of Dr. Ondrej Krehel, a seasoned cybersecurity consultant, responding to cyberattacks is not just a technical necessity; it is a strategic imperative. Effective defense requires a multi-layered approach that integrates technology, policies, and human behavior, ensuring that organizations are resilient before, during, and after an incident.
Key strategies for modern organizations include:
- Security Awareness Training: Educating employees on tactics like phishing reduces the likelihood of successful attacks and fosters a security-conscious culture.
- Regular Patching and Vulnerability Management: Keeping software and systems updated prevents exploitation of known vulnerabilities, a fundamental aspect of proactive defense.
- Strong Access Control Policies: Applying principles such as least privilege limits potential damage when accounts are compromised.
- Incident Response Planning: A tested, well-communicated plan ensures rapid, effective action during security events.
Dr. Krehel emphasizes that these measures are most effective when paired with expert guidance. A cybersecurity consultant helps organizations design robust, tailored security programs from threat assessments to response planning, while a data security consultant ensures sensitive information is properly safeguarded, access controls are precise, and compliance obligations are met. Together, these experts transform cybersecurity from a reactive function into a strategic enabler of business resilience and trust.
Related: How Entrepreneurial Technology Is Redefining Modern Cybersecurity Leadership?
Building Resilience in an Increasingly Threatened Digital Landscape
Cyberattacks occur daily across the United States, affecting individuals, organizations, and critical infrastructure. In 2024, nearly 860,000 incidents were reported to federal law enforcement, with losses exceeding $16.6 billion.
Although not every attack is reported, the data clearly shows a landscape of frequent, costly threats driven by sophisticated tactics and opportunistic fraud. Strategic planning, ongoing risk assessment, and expert support from a cybersecurity consultant USA are essential for organizations aiming to protect assets, maintain trust, and preserve continuity in the face of growing cybercrime.
FAQs Section:
1. How often do cyberattacks occur in the United States?
Cyberattacks happen daily, affecting individuals, organizations, and critical infrastructure. In 2024, the FBI received 859,532 reports, highlighting the persistent and growing threat.
2. Which groups are most targeted by cybercrime?
Adults aged 60 and older report the most complaints and financial losses, making them particularly vulnerable to phishing, investment scams, and social engineering attacks.
3. What are the most common types of cyberattacks?
Phishing and spoofing, ransomware and extortion, personal data breaches, and financial fraud, particularly crypto-related scams, dominate reported incidents.
4. Why are cyberattacks increasing?
Factors include expanded attack surfaces, remote work, cloud adoption, AI-driven attacks, sophisticated social engineering, and higher reporting awareness.