Every year, the FBI’s Internet Crime Complaint Center (IC3) releases its annual report, and this year’s edition is a wake-up call.
Cybercrime losses hit $16.6 billion in 2024. That’s not just a big number. That’s payroll diverted, contracts sabotaged, and retirement savings wiped out.
Last year, more than 859,000 incidents were reported. That’s over 2,000 cybercrime victims per day. These aren't just Fortune 500 companies. Most are individuals and small to mid-sized businesses that never saw it coming.
Cybercrime has become the biggest invisible tax on doing business today. It drains your time, your trust, and your budget, and it’s mostly preventable.
We read the full 80+ page report so you don’t have to. Below, we break it down in plain language: what’s changed, what’s rising, and what you should be doing right now to protect your business.
The FBI IC3 Report 2024 confirms what many small and midsize businesses are already seeing firsthand: cybercrime is now part of the cost of doing business. And the costs are climbing fast.
Here’s what stood out in the data:
$16.6 billion in reported losses, up 33% from 2023
859,532 total complaints filed
Over 256,000 of those complaints resulted in direct financial loss
The average reported loss per incident was $19,372
Business Email Compromise (BEC) scams alone accounted for $2.77 billion
The FBI also noted a significant rise in cyber-enabled fraud, scams that involve social engineering, impersonation, or deceptive digital communication. In other words, most incidents weren’t caused by sophisticated hacking. They were caused by simple mistakes, misplaced trust, or lack of awareness.
The most frequently reported scams by volume:
Phishing and Spoofing (193,407 complaints) – fake emails, fake websites, and fake texts
Extortion (86,415) – threats to leak data or expose information unless paid
Personal Data Breaches (64,882) – stolen names, emails, and credentials
Non-Delivery/Non-Payment (49,572) – fake transactions and failed shipments
Investment Fraud (47,919) – scams tied to cryptocurrency, fake advisors, or manipulated apps
Each of these hits different parts of a business: sales, payroll, client relations, reputation. No single tool or software fixes that. Prevention starts with awareness and layered protection.
The report breaks down complaints by age, and the takeaway is clear: every demographic is getting hit, but in different ways.
People aged 30–59 filed the most complaints
Victims aged 60+ suffered the highest financial losses ($4.8 billion total)
The elderly are often targeted with fake tech support, government impersonation, and investment scams
Business owners, real estate agents, law firms, and healthcare providers show up frequently in BEC and fraud cases
You don’t have to run a bank to be a target. If you send invoices, manage client data, or receive payments online, you’re in the crosshairs.
You don’t need to memorize cybercrime categories. But you should know what’s trending and how it affects your day-to-day operations.
If your email is exposed, BEC is a risk
If your team uses weak passwords, phishing can compromise your accounts
If your finance team isn’t trained, a fake invoice can go through
If your customers are older, they may fall for scams that use your company’s name
The FBI IC3 Report 2024 isn’t theoretical. These are real cases, real victims, and real businesses losing money, trust, and time.
The FBI IC3 Report 2024 doesn’t just track how many scams were reported. It shows which threats are bleeding businesses dry.
Here’s where the biggest losses came from last year:
| Threat Type | Reported Losses |
|---|---|
| Investment Fraud | $6.57 billion |
| Business Email Compromise | $2.77 billion |
| Tech Support Scams | $1.46 billion |
| Personal Data Breaches | $1.45 billion |
| Non-Payment/Delivery | $785 million |
| Romance/Confidence Scams | $672 million |
| Government Impersonation | $405 million |
| Data Breaches | $364 million |
Investment scams don’t just hit crypto bros. They show up in inboxes, fake websites, and social media. Many involve long cons where victims are coached into transferring money “voluntarily.”
Business Email Compromise (BEC) often happens after an employee’s email is compromised, or faked. Attackers pose as vendors or internal staff and request invoice changes, wire transfers, or payroll updates.
Tech support fraud is typically phone-based and targets the elderly or less tech-savvy staff. Scammers pretend to be from Microsoft or your MSP, asking for remote access or payments.
Data breaches and personal data theft aren’t always caused by malware. Many come from weak credentials, exposed cloud drives, or unvetted apps.
Large enterprises can absorb losses. You probably can’t.
A single BEC incident could mean:
A six-figure wire transfer to the wrong account
A vendor relationship permanently damaged
A lawsuit or regulatory hit if client data is exposed
These aren’t IT issues. They’re business risks that hit operations, finances, and reputation.
This is why Securafy focuses on protecting how your business actually works, email, finance, operations, client data, not just the tech stack.
The FBI IC3 Report 2024 breaks down who’s filing complaints and who’s losing the most money. It’s not who most businesses expect.
This isn’t just a problem for high-profile companies or tech newbies. It’s a threat hitting across industries, age groups, and job roles. And the impact goes deeper than dollars lost—it’s client trust, business continuity, and reputation on the line.
Here’s what the data shows:
| Age Group | # of Complaints | Reported Losses |
|---|---|---|
| Under 20 | 17,993 | $22.5 million |
| 20–29 | 71,399 | $540.1 million |
| 30–39 | 108,899 | $1.4 billion |
| 40–49 | 112,755 | $2.2 billion |
| 50–59 | 84,540 | $2.5 billion |
| 60+ | 147,127 | $4.8 billion |
Victims aged 60 and older suffered the highest financial losses, nearly $5 billion last year alone. That’s not just personal. Many were targeted through their roles or relationships with companies.
If your business handles:
Real estate transactions
Retirement accounts
Healthcare billing
Client data
Vendor payments
...you’re likely dealing with people in the 40–70+ range, either internally or externally. That makes your company part of the attack surface.
Scams don’t always start with you. But they can end with your company’s name being used to exploit someone.
Older adults are the most financially exposed, but your employees, especially anyone who handles email, wire transfers, or customer data, are the most frequent targets.
Common risk points:
Admins or executives working remotely
Finance staff using personal devices
Team members using the same password everywhere
Untrained employees clicking unknown links or sharing too much info
You don’t need 500 employees to be at risk. You just need one person with access and no training.
This section of the FBI IC3 Report 2024 highlights the human factor. Technology can only do so much if your people aren't prepared.
Cybersecurity isn’t about locking the door. It’s about training the people who hold the keys.
The FBI IC3 Report 2024 doesn’t break things down by industry—but when you cross-reference the attack types and complaint patterns, the risks align clearly with the industries we serve.
Based on the data and attack methods reported, here’s how the threat landscape maps to your business:
Legal and Law Firms
Regular targets of Business Email Compromise (BEC), real estate fraud, and client impersonation scams. If your firm handles wire transfers, escrow, or confidential communications, you're exposed.
Healthcare and Medical Services
Patient data, outdated systems, and underfunded IT make this a prime target for ransomware and data breaches. The report notes a continued rise in complaints from critical infrastructure sectors—including healthcare.
Manufacturing and Industrial Sectors
Ransomware and phishing attacks often disrupt production schedules and vendor payments. If you rely on digital supply chains, you’re on the radar.
Accounting and Auditing Firms
High volumes of personal and financial data = high-value targets. The FTC Safeguards Rule and GLBA also make these firms attractive for data theft, phishing, and credential compromise.
Country Clubs and Recreational Facilities
Often overlooked, these facilities are rich in customer data and payment systems—and weak in cybersecurity posture. We’ve seen increased attacks targeting online booking, POS systems, and staff email accounts.
These aren’t speculative risks. They're patterns pulled directly from real case data in the IC3 report.
Ohio ranks #7 in the U.S. for number of complaints and #15 for total reported losses. The problem isn’t just national—it’s local.
We regularly work with small and medium-sized businesses (SMBs) across:
Cleveland, Medina, Akron, and Painesville
Columbus metropolitan area
And neighboring cities across the Midwest
You don’t need a cybersecurity division to be at risk. You just need one weak link—one email, one missed update, one distracted employee.
That’s why we take a hyper-local approach to security. It’s not just about protection. It’s about understanding how your team, your clients, and your location shape the risk.
The FBI IC3 Report 2024 isn’t just a warning. It’s a record of what the government is doing to disrupt cybercrime, and what they need from businesses to make that work.
Here’s the summary of their response efforts last year:
$561.6 million recovered through rapid-response coordination (aka the Financial Fraud Kill Chain)
3,020 complaints escalated for fund freezing, 66% resulted in successfully blocked or reversed transactions
Operation Level Up identified 4,323 crypto scam victims before they even knew they were being scammed
215 arrests tied to call center fraud rings, in partnership with Indian law enforcement
67 new ransomware variants identified, tracked, and reported to law enforcement and victims
Warzone RAT malware operation shut down, a major remote access trojan used for spying, data theft, and ransomware staging
These aren’t minor efforts. They show the FBI is not only responding to crimes but actively working to stop them before the damage is done.
The FBI can’t act if businesses don’t report.
And most companies don’t.
Why?
Fear of reputational damage
Uncertainty about what counts as a “cybercrime”
No internal policy for documenting or escalating incidents
Lack of clarity on what to do once something goes wrong
Here’s what the FBI wants you to do:
Report cyber-enabled crime immediately via ic3.gov
Work with your IT or MSP to secure email, backup systems, and account credentials
Help protect others by submitting info that may be used to flag patterns, locate actors, or recover funds
Securafy supports this model. We’re not just here to react, we help our clients recognize incidents, preserve evidence, and respond fast.
Cybercrime moves quickly. If you wait too long, there may be nothing left to recover.
Here’s the part the FBI IC3 Report 2024 doesn’t say outright, but it’s written between every line:
Small and midsize businesses are easy targets.
Not because you’re careless. But because most of you:
Don’t have full-time IT security teams
Rely on one vendor or employee to handle everything tech-related
Think you’re too small to be worth the effort
Attackers know that. They’re not going after hard targets, they’re going after fast money.
And that makes you a top target.
A fake email gets through and someone wires $30,000 to a criminal account
An old vendor password is reused and leads to a ransomware lockout
An employee installs a browser extension that turns into spyware
A client is targeted using your name in a spoofed email, and they blame you for it
You don’t need to be hit with a headline-making breach to suffer damage. Most incidents are quiet, private, and expensive.
We talk to businesses who:
Had no clue their email credentials were circulating on the dark web
Missed the warning signs because no one knew what to look for
Thought cyber insurance would cover everything (it rarely does)
Waited until after an attack to ask about backups
You don’t have to operate like that.
Cybersecurity isn’t a nice-to-have anymore. It’s part of running a business in 2025. If you send money online, manage customer data, or access your systems remotely, then you're already on the field. Whether you like it or not.
The FBI IC3 Report 2024 confirms that most cybercrime starts with simple, preventable gaps.
You don’t need a million-dollar security stack. But you do need a clear, working defense strategy that fits how your business actually runs.
Here’s what we recommend if you're running a small or midsize business in Ohio—or anywhere else cybercrime doesn’t care about your zip code.
Most businesses aren’t hacked, they’re exploited. That means someone got in because of a reused password, unsecured email, or a spoofed message.
You need a risk-based assessment, not a checklist.
Review how your staff communicates (email, apps, messaging tools)
Map out who can move money or access sensitive data
Look at how remote access is handled, especially for admins, vendors, and executives
Review third-party tools you’ve connected to your systems
Securafy offers a free, fast-read assessment designed for real business workflows—not IT fantasy worlds.
According to the FBI IC3 Report 2024, Business Email Compromise (BEC) scams caused $2.77 billion in losses last year. That’s more than ransomware and phishing combined.
Here’s what to check:
Is multi-factor authentication (MFA) turned on for every email account?
Can employees recognize a spoofed address?
Who’s allowed to approve invoice changes or wire transfers?
Are auto-forwarding rules being abused?
We set up and audit Microsoft 365 and Google Workspace for this reason. If you're not reviewing email rules quarterly, you're exposed.
Tech support scams, fake invoices, ransomware... nearly all of them start with a person getting tricked.
We’re not talking about full-day trainings. We’re talking about practical, plain-language examples:
How to spot fake links
What to do when someone “from IT” calls
How scams actually unfold (with examples pulled from FBI case data)
Who to notify when something seems off
We run short, high-impact sessions for busy teams. No jargon, no scare tactics, just real talk.
Once something happens, the clock starts ticking.
Do you know who to call if funds go missing?
Who’s in charge of reporting to the FBI or the bank?
Can you recover your data from backups, or are those backups locked too?
Can you prove you had reasonable protections in place if regulators ask?
We help clients build simple playbooks for this. Nothing bloated. Just what you need to act fast and reduce damage.
You don’t need to read every breach headline or security bulletin. But you should know:
What new scam types are trending
What tactics are hitting businesses like yours
What your IT provider is doing, and not doing
We translate FBI updates, threat alerts, and legal shifts into business-focused briefings. If it affects your business, we’ll let you know in plain English.
Cybercrime isn’t going away. But there’s a huge difference between being an easy target and being ready.
Let us help you move to the right side of that line.
Schedule a Free Cybersecurity Readiness Call with Securafy.
The FBI IC3 Report 2024 lays out the facts. Cybercrime is rising. Losses are growing. And small businesses like yours are in the line of fire.
Here’s the reality:
Over 2,000 cybercrime complaints are filed every day
Most attacks start with an email, a phone call, or a weak password
Older clients, employees, or partners are increasingly exploited
Business Email Compromise and crypto fraud are doing the most damage
Ohio ranks among the top states for reported losses
And yet, most businesses still think “it won’t happen to us.”
We don’t say this to scare you. We say it because we see it play out every day. And we know how to stop it.
If you’re reading this, you’ve already done more than most businesses do. You’re paying attention. Now it’s time to act.
Get a free cyber risk assessment tailored to how your business operates
Train your team with a short session that actually sticks
Talk to us, about what protection looks like for your size, industry, and budget
You don’t need to know every cyber term. You just need someone who can explain what matters, what’s exposed, and what comes next.
We’re here for that.
Read the official FBI press release