How Has a Decade of Cybercrime Impacted the United States? [Study]

Beyond Identity Blog | Monday, August 30, 2021

Cybercrime Trends:

  • $3.3 billion was lost to fraud in 2020, nearly double the amount lost in 2010. 
  • Delaware saw the largest increase in fraud reports per 100K people since 2010.
  • Kansas saw the largest increase in identity theft reports (+1,423) per 100K people since 2010. 
  • Residents of the Topeka, Kansas, metro area had the highest incidence of identity theft per capita.

Cybercrime has been an increasingly large concern for both businesses and individuals alike over the last several years. What was once seen as a limited threat with little ability to do true lasting damage to people and institutions now accounts for over $1 trillion in losses every year, an amount that has more than doubled since 2018. 

Cybercrime, however, is a catchall term: It actually describes dozens of types of crimes that are each unique in their methods, targets, and outcomes. While incidents like the one that crippled the Colonial Pipeline in May of 2021 tend to dominate news coverage of cyberattacks, perhaps an even more worrying trend for consumers has been the rapid rise in identity theft and fraud claims over the past several years. In fact, fraud, identity theft, and other claims related to cybercrimes were up over 45% in 2020 versus 2019 – the worst year on record.

This is a stunning increase, but we wanted to look at more than just the topline numbers. To understand how cybercrime is affecting different states and metro areas in the U.S., we looked at historic data in the U.S. Federal Trade Commission’s Consumer Sentinel Network Reports to help us dig into which states and metro areas have been particularly hard hit by this wave of internet criminality. We found a wide range in the number, severity, and cost of these crimes. Read on to see what we discovered.

The Development of Ransomware

Ransomware attacks have become a common phenomena in recent years, with the 2021 Colonial Pipelines attacks directly impacting the life of many Americans. Globally, ransomware attacks have been on the rise – 2020 saw the highest annual number of these attacks since 2016. 

ransomware infographic

While ransomware attacks have been on the rise again, newly discovered ransomware families declined after 2017 and only increased slightly from 2019 to 2020, with 127 new ransomware families discovered during that year, compared to 327 found in 2017. 

On the other hand, the percentage of organizations victimized by ransomware attacks globally has been on the rise since 2018, with 68.5% of surveyed organizations stating that they’d fallen victim to a ransomware attack in 2021, as of April. Similarly, according to a report by Sophos from a survey of 5,000 IT managers across 26 countries, the majority (51%) of organizations encountered a ransomware attack in 2020. When looking at the U.S., 68% of surveyed organizations were attacked by ransomware and paid the fees demanded, while an additional 10% were infected but opted not to pay. In May 2021, the Neustar International Security Council (NISC) published that 60% of organizations admitted they would consider paying ransom in the event of a cyberattack. The FBI, however, urges companies to not pay any ransoms and instead report the attack to the FBI directly. And they are not wrong; globally, in 2020, while 60% of companies got access to their data again after making an initial payment, 38% received additional ransom demands after paying. Simply put, paying a ransom does not guarantee that a company will gain access to their data again.

A Decade of Increasing Cybercrime

A lot can happen in a decade. Check out below how the annual number of fraud, identity theft, and other cybercrime reports have fluctuated from 2010 to 2020. This included all reports on identity theft, fraud, or other cybercrimes filed with federal, state, and local law enforcement agencies.

cyber fraud and identity theft in america

Cybercrime reports have exploded in the past decade, with over 4.7 million reports in the U.S. in 2020. This represents an increase of over 300% in 2020 relative to a 2010 baseline, costing the global economy trillions of dollars in the process. In fact, cybercrime has increased in eight of the last 10 years (and the two years in which it decreased represented very modest drops).

There are a number of reasons given for this particularly dramatic increase over the last decade: Moore’s Law describes a rough observation where computing power doubles and computing costs are halved every two years, and the 2010’s brought with them relatively cheap access to massive computing structures. This gave would-be cybercriminals an unprecedented advantage in creating exploits due to the sheer amount of computing power and the declining cost and efforts it takes to carry out cyberattacks. 

Cybercrime has also never paid better, particularly ransomware attacks – attacks in which outside actors create threats to an individual’s or a business’s computing infrastructure and demand a ransom in exchange for an end to the attack. These ransoms are often demanded in cryptocurrencies, which themselves saw a massive increase in value in 2020.

Finally, the COVID-19 pandemic led to many Americans simply spending more time in front of screens, broadening their digital footprints and perhaps increasing their overall vulnerability to cyberattacks in the process. Furthermore, a move to remote work has led to workers accessing their work devices from all across the country, which makes it more difficult for businesses to secure the company network and devices from potential cybercrimes. 

Virtual Fraud and Identity Theft on the Rise

To better understand how these reports of fraud, identity theft, and other cybercrimes have impacted the U.S. state to state, we took a look at the median amount of money lost to virtual fraud and identity theft in 2020 by each state. Look to see if your state falls in the bottom – or top – of our list. 

median amount lost to cyber fraud per person in 2020

While the over 300% increase in total cybercrime over the past decade is dramatic, there was an even steeper jump in the number of identity thefts due to cybercrime in 2020 relative to a decade earlier. The FTC recorded over 1.4 million identity theft claims last year, representing a fivefold increase over their 2010 report.

Identity theft through digital means can lead to a broad array of subsequent crimes, but some of the most common include crimes related to finances – the stealing of credit card numbers, opening new credit cards with a fraudulent identity, or card skimming. Nearly all identity thefts cost the victims money, and the total price can be huge, but we found surprising differences between the states when it comes to just how costly identity theft online can be.

Alaska, New Mexico, and California topped the list of most costly states for cyber identity theft in 2020, with the median incident costing victims $500, $420, and $407, respectively. In other states, this number was far lower: West Virginia, Kentucky, Maine, and Mississippi all reported median identity theft costs under $215 dollars. In general, costs tended to be higher in the Western U.S., but even some neighboring states sometimes showed starkly different outcomes (such as Virginia and West Virginia). Want to know where your state ranks? Check out the table below:

 

State

 

Median $ Loss

 

State

 

Median $ Loss

 

State

 

Median $ Loss

Alabama

$280

Kentucky

$210

North Dakota

$285

Alaska

$500

Louisiana

$300

Ohio

$230

Arizona

$374

Maine

$211

Oklahoma

$269

Arkansas

$296

Maryland

$329

Oregon

$300

California

$407

Massachusetts

$275

Pennsylvania

$261

Colorado

$360

Michigan

$250

Rhode Island

$229

Connecticut

$286

Minnesota

$300

South Carolina

$294

Delaware

$400

Mississippi

$213

South Dakota

$252

Washington, D.C.

$399

Missouri

$236

Tennessee

$270

Florida

$384

Montana

$299

Texas

$350

Georgia

$300

Nebraska

$263

Utah

$322

Hawaii

$370

Nevada

$400

Vermont

$290

Idaho

$295

New Hampshire

$231

Virginia

$340

Illinois

$285

New Jersey

$320

Washington

$400

Indiana

$240

New Mexico

$420

West Virginia

$205

Iowa

$250

New York

$306

Wisconsin

$249

Kansas

$250

North Carolina

$285

Wyoming

$312

A Wide Gap in the Worst States for Cyber Identity Theft

Similar to fraud claims, identity theft claims due to cybercrime increased in every U.S. state over the past 10 years, but the differences in these increases were substantial. See for yourself below. 

threat of digital identity theft

Kansas and Rhode Island saw increases of over 1,400% and 1,100%, respectively, and seven other states saw increases of over 500%. Interestingly, some states that saw high increases in the number of cyber identity theft claims did not see a corresponding high cost of the incidents: Rhode Island ranked second in the nation for an overall increase in the rate of identity theft but 46th in terms of median financial losses associated with a claim.

On the other end of the spectrum, some states saw relatively lower increases in digital identity theft that were far less dramatic than increases in digital fraud. Nine states, including Nebraska, Iowa, and South Dakota at the very bottom, saw less than a 100% increase in identity theft reports due to cybercrime. While these may still seem like large increases, given the overall cybercrime climate and the enormous increases in incidents over the past decade, these particular increases look almost tame by comparison.

A Shift in Cyber Identity Fraud Tactics

While cyber identity theft increased substantially overall in the last decade, the manners in which people actually commit fraud changed significantly, with some methods of fraud even showing sharp declines. This is to be expected – technology changes and new avenues for exploits open up, and cybercrimes are constantly evolving in their methods of attack. Keep reading to see how identity theft attacks online have changed in the last 10 years.

how identities are stolen

The sharpest contrasts between 2010 and 2020 could be seen in some of the more “traditional” avenues for cyber fraudulent claims and activity – employment and tax-related fraud, bank fraud, and phone or utilities fraud all decreased by 4% or more. This could be due to myriad factors, from opportunistic criminals simply finding new and less secure venues in which to commit fraud to rapid advances in fraud detection using artificial intelligence leading to a decreased number of overall cases.

Conversely, credit card fraud and fraud related to interactions with the government saw a significant rise. For instance, identity theft related to unemployment benefits became a common way for scammers to steal money during the pandemic. In many instances, victims of these identity thefts were unaware of the fraud until they tried to claim such benefits themselves or even until they received their tax forms that included these fraudulent unemployment benefits. 

One way in which scammers could get the personal information required was through fraudulent unemployment benefit websites, in which consumers unknowingly offered up their personal information to them. Furthermore, with the internet being such a large part in connecting the world, it also helps scammers from abroad gain access to U.S. victims more easily.

Fraud Online on the Rise Across the Board

Fraud committed virtually was up over 200% in every U.S. state in 2020 relative to 2010, but the increases in some states have been even more significant. We compared the number of cyber fraud reports between the states as well as how they’ve changed from 2010.

facts on fraud online

With every single U.S. state experiencing a rise in virtual fraud, some states experienced a much more severe increase than others. Delaware, long known as a friendly state for businesses, saw the largest increase in cyber fraud claims overall: an eye-popping 765% increase in 2020 relative to 2010. Nevada, one of only two states with legal casino gambling came up just a hair shy of first place, with a 756% increase in fraud claims over the same time period.

Even states on the “low” end of these increases recorded huge growth in claims: North and South Dakota saw claims increase by 276% and 242%, respectively – the only two states to show less than a 300% increase in virtual fraud claims over the past decade. While it may be expected that fraud and identity theft incidents on the web would increase in tandem, several types of fraud that can be committed without accompanying identity theft have also been on the rise: These include mortgage fraud, prize and lottery fraud, and (in 2020) scams related to COVID-19 or the Paycheck Protection Program.

Southern Metro Areas Lead the U.S. in Cyber Fraud Reports per Capita

If state-by-state data wasn’t specific enough for you, check out the total number of virtual fraud and identity theft reports in the U.S. per 100,000 residents by major cities below. 

metro areas prone to identity theft and fraud in 2020

Looking at cyber fraud reports per capita in individual metropolitan areas, a clear trend emerges near the top of the list: Southern cities had the most claims per capita, with 9 of the top 10 metros being in Southern states and 10 of the top 25 being in Florida alone. Stunningly, 21 U.S. metro areas reported at least one fraud claim for every 100 total residents over the course of 2020.

Based on its position at the top of the cyber identity theft rankings, it’s no surprise that four Kansas metropolitan areas topped the list of cities with the most identity fraud. Topeka, Lawrence, Wichita, and Manhattan, Kansas, took the top four spots in 2020, followed by Tuscaloosa, Alabama (which was also the highest city for per capita fraud claims in the U.S. in 2020).

Looking Ahead Another 10 Years

Businesses and consumers alike have become more aware of cybercrime in the last decade, with ransomware threats in particular becoming a major matter of national security concern. Still, while ransomware attacks may dominate the headlines, virtual identity theft, and it’s potential to lead to further fraud online offer a real threat to businesses and consumers across the country. There are a number of ways individuals can minimize themselves and their loved ones to these threats, though, and the first step is awareness.

At Beyond Identity, we’re obsessed with keeping your data and applications secure. We’ve eliminated the need for passwords altogether so hackers don’t have any credentials to leverage in an attack. We allow you to know who is behind every device and stop unapproved users from accessing your business information and know-how – protecting you from cybercrimes that could lead to identity theft and fraud. Learn more about how going passwordless can protect your company at BeyondIdentity.com

Methodology

Using the Consumer Sentinel Network Annual Reports for 2010 and 2020, we analyzed the trends in identity theft and fraud in the U.S. 

All dollar amounts and figures per capita were rounded to the nearest whole number, if given as a decimal. 

The reports gave the number of identity theft and fraud reports per capita. To calculate the states with the largest and smallest increases in those numbers per capita in the last decade, we subjected the 2010 figures from the 2020 figures. 

All per capita figures were calculated by the reports’ author(s) using 2019 U.S. Census Bureau population estimates. Metropolitan areas were defined by the Office of Management and Budget. 

Fair Use Statement

In an increasingly digital world, there are more opportunities for bad actors to access your personal information. If someone you know would benefit from the information in this project, you may share for any noncommercial reuse. We only ask that you link back here so the entire project and its methodology can be reviewed. This also gives credit to our contributors, who make this work possible.