2023 was a big year for cybercrime – here’s how we can make our systems safer

Our definition of what a criminal is, is changing.

Where in the past, you might have thought of a shady character trying to breach the boundaries of your home and steal your possessions, those who commit crimes in this decade are far less easy to conjure up in your mind – faceless, formless and more likely to hide behind a computer.

Cybercrime is a real and growing threat, with the global cost of online criminal acts expected to surge to $23.84 trillion by 2027, up from $8.44 trillion in 2022, according to data from Statista, the FBI and IMF.

The steep rise is putting cybercrime on the agenda for global leaders, with the World Economic Forum’s forthcoming Global Cybersecurity Outlook offering crucial insights into the challenges facing policymakers.

Cybercrime is a broad term that covers damage or destruction of data, theft of money or personal financial data, embezzlement, fraud, business disruption and reputational harm.

As our personal lives and businesses move online, there's a growing number of opportunities for cybercriminals, who have at their disposal an expanding set of tools.

There are around 2,220 cyberattacks each day, and that equates to more than 800,000 attacks each year, according to Security Magazine. Here are just five of the biggest or most high-profile ones from 2023:

Hackers breached Microsoft Exchange and stole tens of thousands of emails, with at least 60,000 emails taken from the Outlook accounts of US State Department personnel.

This breach was ironically from a digital protection firm, which exposed 3.8 billion records, making it one of the largest data breaches in recent memory. The records included user emails and passwords.

The UK’s Royal Mail was hit by a ransomware cyberattack at the start of 2023 that disrupted its international mail services. Hackers sought an $80 million ransom and the attack affected 11,500 Post Office branches, meaning they were unable to handle international parcels.

Cybercrime groups exploited vulnerabilities in Progress Software's MOVEit file transfer software and used it to steal data from MOVEit databases. More than 2,000 organizations are thought to have been affected, and estimates show that more than 60 million individuals' data may have been impacted.

Passport records of 34 million Indonesian citizens were stolen from the Indonesian Immigration Directorate General, with the theft carried out by a hacktivist called Bjorka, who aimed to sell the data on the dark web. Because the stolen data included full names, genders, passport numbers and dates of birth, the country is now braced for scams and identity fraud.

These examples give a flavour of the risks and what is at stake and underscore how seriously we should be taking the thousands of breaches and attacks that happen every day around the world.

To prevent and curtail the impact of cyberattacks, organizational communication and culture around security are key, according to a UK government report. Having a formal cybersecurity strategy and regular risk reviews that extend to supply chains are also important, as well as robust incident response plans and training, it says.

The Centre for Cybersecurity at the World Economic Forum drives global action to address these challenges and improve digital trust. As part of that, it works with partners to identify new and emerging threats and to deliver free and globally accessible training.