Cybercrime Projected to Cost US$15 Billion by the end of 2025

The global cost of cybercrime is set to reach between US$12 billion and US$15 billion by the close of the year if malicious activity continues at the current rate, reports NNT Data. This increase is attributed to a highly interconnected risk environment, driven by the operational maturity of ransomware groups, the adoption of offensive AI, and the systematic exploitation of vulnerabilities. 

The escalating global cost of cybercrime correlates with the necessity for implementing more robust defense strategies. “The question is no longer who will attack, but when, how, and with what objective,” says María Pilar Torres, Head of Cybersecurity in the European Union and Latin America, NTT DATA. "Defense can no longer be reactive: the key is proactive intelligence, early detection, international cooperation, and a cybersecurity culture that stops being a slogan and becomes a daily practice."

The basis for this risk evolution is the unprecedented professionalization of the criminal ecosystem. The Ransomware-as-a-Service (RaaS) model has achieved an operational maturity allowing attackers to subcontract phases of attacks, share infrastructure, and repurpose resources from dissolved groups. During the first half of 2025, ransomware solidified its position as a primary threat, showing a 32% increase in the number of attacks compared to the previous half of the year.

Global Landscape and Operational Trends

The threat landscape, exposed by NNT Data’s Cyber Threat Intelligence Trends Report, is characterized by the convergence of physical and cybernetic risks. The report names armed conflicts, extreme weather phenomena, and cyberattacks on critical infrastructure as some of the five most urgent risks of the year. This interconnection requires that international collaboration and organizational resilience serve as fundamental pillars for responding to a rapidly evolving threat environment.

Generative AI has lowered the entry barriers for malicious actors, facilitating the automation of attacks and the swift development of malicious scripts. Tools such as FraudGPT and WormGPT automate the creation of spearphishing emails. Voice and video cloning technologies can be employed to circumvent identity verification systems, fueling large-scale social engineering campaigns, fake profiles, and deepfakes. Concurrently, the Malware-as-a-Service (MaaS) model maintains its growth, resulting in the theft of millions of credentials daily.

Economic Implications and Tactics

An analysis of cybercrime costs reveals that the greatest economic impact stems from business disruptions. This impact is followed by investments in detection and response, and the payment of ransom demands for ransomware. Expenditures for "cyber-reinforcement" reached US$10.8 billion. The growth in global cybersecurity costs is expected to be 15% higher than at the end of 2024. During sensitive dates, containment expenses for companies may increase by up to 40%.

Regarding targets, the public administration sector maintained the highest number of cyberattacks, with 3,784 incidents, only in the first half of 2025. This sector is followed by education, government and public sector, financial services, and information technology services. 

Furthermore, the underground ecosystem underwent a reconfiguration following the closure of BreachForums in April 2025. This disruption led to a user migration toward private forums and a growth of the Crime-as-a-Service model. Clandestine platforms offer hacking on demand, DDoS attacks, mass spam, and SMS flooding with a Software-as-a-Service (SaaS)-like interface. This democratization of cybercrime allows actors with little experience to execute complex attacks automatically and without direct contact with vendors.

Finally, the tactical trends indicate an immediate exploitation of critical vulnerabilities following their disclosure. Initial Access Brokers (IABs) expanded their offerings by 15%, facilitating initial access to corporate networks for ransomware and data exfiltration operations. The increasing fragmentation of the cybercriminal ecosystem and the new hacktivist alliances, driven by geopolitical polarization, anticipate an increase in the volume and technical quality of attacks for the second half of 2025.