Global Cybercrime Losses Top $20 Billion in 2025, Driven by Fraud and AI‑Enabled Scams
What Happened – The FBI’s Internet Crime Complaint Center (IC3) recorded $20.877 billion in reported losses for 2025, a 26 % jump from 2024. Fraud accounted for $17.7 billion (85 % of total), with phishing, BEC, investment scams and cryptocurrency‑related fraud leading the charge. AI‑enabled scams appeared for the first time in the IC3 report, contributing nearly $893 million in losses.
Why It Matters for TPRM –
- Third‑party vendors are frequent conduits for phishing, BEC and crypto‑related fraud, exposing client organizations to financial loss.
- AI‑driven impersonation increases the success rate of social‑engineering attacks against supply‑chain partners.
- The sheer volume of complaints ( >1 million) signals a heightened threat landscape that can affect any organization relying on external service providers.
Who Is Affected – All sectors that engage third‑party services, especially finance, technology, healthcare, and e‑commerce, where fraud and BEC attacks are most prevalent.
Recommended Actions –
- Re‑evaluate vendor due‑diligence questionnaires to include AI‑driven social‑engineering risk controls.
- Enforce multi‑factor authentication and email security gateways for all third‑party access points.
- Monitor transaction patterns for anomalous crypto‑related activity linked to vendor payments.
Technical Notes – The loss drivers were primarily phishing/spear‑phishing (191 k complaints), BEC, tech‑support scams and cryptocurrency fraud. AI was leveraged to generate convincing impersonation content, amplifying BEC effectiveness. No specific CVEs were cited; the threat vector is social engineering and credential compromise. Source: Help Net Security – Cybercrime losses break the $20 billion mark