Please fill in the form below to subscribe to our blog

7 Cybercrime Trends That Impact 2022 Security

June 02, 2022


The growth and evolution of cybercrime in the last year has been rapid. Major cyberattacks, like malware and business email compromise, are more frequent and more expensive than ever. Phishing continues to become more sophisticated and harder to detect while nation-state cybercrime is expanding its scope, menacing businesses in every sector. This surge of cyber risk has created complex challenges for IT professionals. Building strong, resilient defenses that are ready to handle anything has never been more important and a good defense starts with good threat intelligence. That includes being aware of the trends that shaped today’s picture to see how they’ll shape tomorrow’s.  


Excerpted in part from The Global Year in Breach 2022. DOWNLOAD IT>> 


Can you spot a phishing message? This infographic points out red flags to watch for to sniff them out! DOWNLOAD IT>>


7 Cybercrime Trends to Follow 


These trends shaped the risk landscape in 2021 and we anticipate they will continue to exert a strong influence in 2022. 


1. Nation-state cyberattacks are escalating 


Today’s nation-state threat actor isn’t just concentrating their fire on government and military targets. Instead, they’re coming for private enterprises of all sizes. An estimated 90% of nation-state cybercriminal groups regularly conduct operations against enterprises. 

Targets of nation-state cyberattacks   % of total attacks recorded 
Enterprises 35%  
Cyber Defense Assets 25%  
Media & Communications 14% 
Government Bodies 12%    
Critical Infrastructure 10%  
Other 4% 

Source: Dr. Mike McGuire and HP, Nation States, Cyberconflict and the Web of Profit   

In the 2021 Microsoft Digital Defense Report, the company shared valuable insight on the activities of nation-state cybercriminals in 2021 and how their attack patterns are evolving, offering a look at what to expect as 2022 progresses. 

  • The four major players that threaten businesses the most are Russia, Iran, North Korea and China.   
  • About 58% of all nation-state attacks in 2021 were launched by Russian nation-state actors. 
  • Russian nation-state actors are increasingly effective, jumping from a 21% successful compromise rate in 2020 to a 32% rate in 2021. 
  • Over 70% of nation-state attacks these researchers observed targeted enterprises.  

Go inside nation-state cybercrime to get the facts and learn to keep organizations safe from trouble! GET EBOOK>>


2. Spoofing and brand fraud are growing 


As the pandemic raged on, ever-rising volumes of email traffic due to the powerful combination of a shift to remote work and the increasing sophistication of phishing messages gave rise to brand impersonation woes. The number of domains suspected of some degree of brand impersonation rose by more than 360% since 2020

The Verizon Data Breach Investigations Report 2021 shows the rapid rise of brand impersonation, clocking in 15 times higher in 2021 than it did in 2020. Employees encounter this threat frequently – 25% of all branded emails that companies receive are spoofed or brand impersonation attempts.     

Most imitated brands of 2021 

  1. DHL 23%  
  2. Microsoft 20%  
  3. WhatsApp 11%  
  4. Google 10%  
  5. LinkedIn 8%  
  6. Amazon 4%  
  7. Roblox 3%  
  8. FedEx 3%  
  9. PayPal 2%  
  10. Apple 2% 
  11. Other 14% 

Source: ZDNet 


Considering a new dark web monitoring solution? This eBook helps you find the right one for your organization. GET EBOOK>>


3. More attacks on manufacturing and industry 


Make no mistake, manufacturing and industry are firmly in cybercriminal sights. A whopping 80% of organizations in those sectors reported that they experienced a ransomware attack in 2021.     

Which industrial targets were attacked the most in 2021? 

Industry  % of Total  
Manufacturing  61%  
Oil & Gas  11%  
Transportation  10%  
Utilities  10%  
Mining  7%  
Heavy & Civil Engineering  1%  

Source: IBM X-Force Threat Intelligence Index 2021 


security awareness training cuts costs represented by a bright blue-white digitized dollar bill on a red, white and navy background of computer code

Stop cyberattacks & save money: See why security awareness training is your best investment. DOWNLOAD NOW>>


4. Attacks on infrastructure are accelerating 


The U.S. Federal Bureau of Investigation Internet Crime Complaint Center (FBI IC3) reports that U.S. organizations in 14 of 16 critical infrastructure categories experienced at least one ransomware attack in 2021.   

Number of attacks on infrastructure sectors 

Sector Number of reported attacks 
Healthcare and Public Health 48 
Financial Services  89 
Information Technology 74 
Critical Manufacturing 65 
Government Facilities 60 
Commercial Facilities 56 
Food and Agriculture 52 
Transportation 38 
Energy 32 
Communications 17 
Chemical 12 
Water and Wastewater Systems 
Emergency Services 
Defense Industrial Base 

Source: FBI IC3 


Learn 5 red flags that could indicate a malicious insider is at work in your organization! DOWNLOAD INFOGRAPHIC>>


5. The number of ransomware attacks ballooned 


FBI analysts disclosed that IC3 received more than 2,000 ransomware complaints, with more than $16 million in losses — a 20% increase in reported losses compared to the same period in 2020.  That trend is set to continue with no end in sight. Since 2020, the United States incurred a 127% increase in the number of ransomware attacks while the United Kingdom exhibited a 233% surge in ransomware infections.   

Biggest percentage increase in ransomware attacks (by industry) in the U.S. in 2021 

Industry  % increase in ransomware attacks  
Government and Public Sector  1,885%  
Healthcare  775%  
Education  152%  
Retail  21%  

Source: Fortune Magazine  

Some industries had it a little bit harder than others. Banking and Finance got absolutely hammered in Q1 and Q2 2021, with a 1,318% increase in the number of ransomware attacks waged against that sector. That pressure leveled off in the second half of the year. Ultimately, almost one-quarter of attacks in 2021 were aimed at banking and finance targets.  

The top 10 industries for ransomware attacks 

Industry % of total recorded attacks in 2021 
Banking and Finance 22%  
Utilities 20% 
Retail 16% 
Education 9% 
Government 8% 
Industrial 4.8% 
Outsourcing and Hosting 4% 
Construction 3.6% 
Insurance 3% 
Wholesale 1% 
Other 8.6% 

Source: Trellix 


A strong security culture reduces your company’s chance of a data breach. This checklist helps you build it. GET IT>>


6. Ransom demands are rising 


 Cybercriminals have upped their prices, notching new record-high ransom demands. In 2021, the average paid ransom amount increased by 82% to a new record high average ransom demand of $570,000, compared with just $170,000 in 2020.   

Ransoms paid in 2021 

Amount % of total recorded 
$10 – $50 million   19% 
$2 – $10 million 46% 
Less than $2 million 35% 

Source: IBM 


Is it time to update your security awareness training policy – or create one? These 6 tips can help! DOWNLOAD NOW>>


7. The cost of a data breach is the highest in nearly two decades 


A data breach is more expensive than it has ever been. In the IBM/Ponemon Cost of a Data Breach Report 2021, researchers pegged the average cost of a breach at $4.2 million per incident — 10% higher than in 2020 and the highest recorded in the 17 years of the study. If a data breach was caused by a remote worker, that cost rose by another $1.5 million.   

The top 5 industries by average total data breach cost  

  2020 2021 
Healthcare $7.13 million $9.23 million 
Financial $5.72 million $5.85 million 
Pharmaceuticals $5.04 million $5.06 million 
Technology $4.88 million $5.04 million 
Energy $4.65 million $6.35 million 

Source: IBM


Dive into how to reduce your client’s risk of phishing fast with the tips in The Phish Files. DOWNLOAD NOW>>



 ID Agent offers two powerhouse solutions that can help organizations lower their risk and build strong defenses against today’s biggest cybercrime risks by educating employees and closing security gaps, setting them up for security success.   

Security and Compliance Awareness Training    

BullPhish ID is the ideal affordable security and compliance awareness training solution for companies of any size.    

  • Gain access to a huge library of security and compliance training videos in 8 languages with quizzes to measure retention – and 4 new video lessons are added a month     
  • Run phishing simulations easily using plug-and-play or customizable phishing training campaign kits with new kits released regularly    
  • Automate the delivery of training and the generation and delivery of reports to stakeholders  

Dark Web Monitoring    

Dark Web ID makes it easy for companies to reduce their dark web credential compromise risk.  

  • Uncover all of an organization’s exposed credentials in minutes  
  • Gain peace of mind against credential exposure with 24/7/365 monitoring using real-time, analyst validated data     
  • Enjoy fast alerts to compromises of business and personal credentials, including domains, IP addresses and email addresses     

Schedule your demo of Dark Web ID and BullPhish ID now. 


Read case studies of MSPs and businesses that have conquered challenges using ID Agent solutions. SEE CASE STUDIES>>


let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!

LEARN MORE>>


Is your password compromised? Find out in seconds!

USE OUR PASSWORD COMPROMISE CHECKER>>


Book your demo of Dark Web ID, BullPhish ID and Passly now!

SCHEDULE IT NOW>>