View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
The future of cybercrime
In association with Intel vPro
  1. Focus
July 25, 2022updated 31 Mar 2023 4:36pm

The state of cybercrime in 2022: What it costs and where it comes from

Here's the latest on the most common forms of cybercrime and its impact on the UK economy.

By Afiq Fitri

Despite its contemporary association with hackers in hoodies causing widespread chaos, cybercrime is nothing new. In 1834, two brothers carried out what was arguably the world’s first cyberattack when they managed to steal financial markets data from the French telegraph network using insider contacts. 

What is different now is the scale and speed at which cybercrime can be committed. To provide an overview of the state of cybercrime in 2022, Tech Monitor has rounded up the last research on which forms are most prevalent, what it costs the UK economy, and where cybercrime originates from.

Reported losses from cybercrime totalled £3.1bn in the UK in the past year. (Photo by Laurence Dutton/iStock)

What is cybercrime?

According to the UK’s Crown Prosecution Service, the term cybercrime encompasses two related but distinct forms of criminal activity. ‘Cyber-dependent crimes’ are those that can only be committed using ICT devices. These can be broken down into hacking – illegally accessing networks to steal money or data – and ‘disruption of computer functionality,’ such as distributed denial-of-service (DDoS) attacks or other destructive cyberattacks.

‘Cyber-enabled crimes’, meanwhile, are those in which ICT is used to increase the scale or reach of traditional criminal activity. These include fraud, intellectual property theft, online abuse, cyberbullying, sexual harassment, and child sexual offences.

What are the most common forms of cybercrime?

Phishing is the most common form of cybercriminal activity suffered by UK businesses and charities, according to the government’s cybersecurity breaches survey published earlier this year, with more than 80% having been targeted by phishing scams.

Impersonation tactics were the second most prominent type of cybercrime, with more than a quarter of organisations having been targeted. About 16% of businesses and charities have also suffered more sophisticated methods of cybercrime such as malware and DDoS attacks.

For individuals, the most common form of cybercrime are online shopping scams, which involve the misrepresentation of a product bought online. Some 77,4000 such scams were reported to UK police between June 2020 and June 2021, according to the National Fraud Intelligence Bureau (NFIB).

In second place are 'advance-fee fraud' scams, in which criminals trick victims into paying an up-front fee for an investment that never takes place, followed by 'non-investment fraud'.

Newer and more innovative methods of cybercrime are also emerging. In April, European police agency Europol published a report detailing the potential for organised crime groups to use deepfake technology for evidence tampering, CEO fraud, and non-consensual pornography.

“Advances in artificial intelligence and the public availability of large image and video databases mean that the volume and quality of deepfake content is increasing, which is facilitating the proliferation of crimes that harness deepfake technology,” the researchers wrote. “Law enforcement agencies therefore need to be aware of deepfakes and their impact on future police work.”

Surging investor interest in the metaverse has some cybersecurity experts worried about the potential for cybercrime. “This is something that’s going to explode quickly, so we need to be at the front of it when it happens,” says Deryck Mitchelson, chief information security officer at Check Point Software. “Businesses interested in the metaverse have to make sure you put in place every single safeguard, from identity authentication, privacy policies, to access management.

"The metaverse presents a brand-new threat surface that I’m fearful of, and cybercriminals will be looking at this space as well and know that this is going to be a space where they can make lots of money from.”

Despite the emergence of new opportunities for cybercriminals, Mitchelson warns that current threats are unlikely to recede in the near future. “I would expect that we’re still going to be talking about phishing and ransomware in the next few years and in terms of attack vectors, they’re still going to be the two most dangerous ones for any organisation,” he says.  

How much does cybercrime cost the economy?

Reported losses from cybercrime in the UK totalled £3.1bn in the last year, according to the latest statistics published by the NFIB. This figure comes from 405,334 separate incidents reported to the NFIB by individuals and organisations, ranging from hacked social media accounts, malware and spyware, to online shopping scams. 

Almost a third of businesses have experienced some form of cybercrime in the last two years, according to PwC’s global economic crime survey published earlier this month. For medium and large businesses, the average cost of a data breach for example can run up to £8,040, while small businesses can expect to pay £861, according to estimates published in the UK government’s recent cybersecurity breaches survey.

Meanwhile, earlier this month, the NFIB issued a warning on the continued threat of cybercriminals contacting victims on WhatsApp and pretending to be a family member in need of urgent money transfers. The agency received a total of 1,235 reports in the period between 3 February and 21 June, and estimates that this particular scam has cost victims £1.5m to date.

Other prominent types of cybercrime in the UK involve scammers convincing people to hand over money and personal information when booking holidays, with 4,244 reports made to the NFIB in the last year and losses totalling £7,388,353 – an average loss of £1,868 per victim.

But government and security agencies are getting better at clawing back the enormous sums of money lost to cybercriminals. In the US, investigators from the Department of Justice were able to recover $2.3m of the $4.4m ransom paid by Colonial Pipeline last year. And last week, US authorities also announced they were able to track cryptocurrency laundering services in China and seize approximately $500,000 in cryptocurrency from a North Korean ransomware group known as Maui, after a Kansas-based medical centre paid their ransom demand. 

These recent successes may prove to be a fleeting triumph, however, as cybercriminals adapt and increase their operational security according to the different tactics used by law enforcement agencies to track them down. Mitchelson also believes that the money being recouped from these incidents is still a fraction compared to the estimated amounts lost, including the ones that go unreported and the cases where a company’s intellectual property might be stolen in the process, leaving an intangible loss. 

Where does cybercrime originate from?

Finding out where cybercrime originates from is notoriously difficult. Existing approaches to study the source of cybercrime, such as analysing attack data from honeypots or tracking the language of malware code, can indicate the likelihood of cybercrime production in broad regions. But they cannot attribute with any certainty and granularity where offenders who use the malware are located, for example. 

To provide a more detailed look at the sources of cybercrime, the CRIMGOV project conducted a new expert survey of 92 cybercrime investigators and intelligence professionals from across the world to nominate the countries they believe to be the most significant sources of different types of cybercrime. Their preliminary findings show these countries to be Russia, Ukraine, China, the US, Nigeria, and Romania.

Earlier this year, Lindy Cameron, head of the UK's National Cyber Security Centre, identified "Russia and neighbouring countries" as the source of “most of the devastating ransomware attacks against UK targets”. 

One explanation for the concentration of cybercrime originating from post-Soviet states is that their education systems are strong on STEM subjects, but they lack the institutional capacity to provide highly skilled tech workers with legitimate industry jobs, according to Jonathan Lusthaus, director of the Human Cybercriminal project at the University of Oxford.

“There is a lack of government and private financing to help entrepreneurs start their own businesses and not enough well-paid jobs for skilled people such as programmers,” he wrote in 2019. "With limited opportunities, many highly capable Eastern Europeans are carving out careers in cybercrime, leading to the creation of what is effectively a criminal Silicon Valley.”

More on the future of cybercrime:

How AI will extend the scale and sophistication of cybercrime

Can DAOs survive an onslaught of cybercrime?

The zero day vulnerability trade remains lucrative but risky

Ransomware groups are getting smaller and smarter

Tech Monitor is hosting a roundtable in association with Intel vPro on how to integrate security into operations. For more information, visit

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.