With so much of our time spent online, it’s no surprise that cyber criminals are increasingly growing bolder and more innovative. Now, new data that our team has obtained from Action Fraud, reveals that cyber crime incidents reported by the UK public have increased 37 percent in the past five years.
The data reveals that over 161,000 cyber crimes, ranging from hacking of personal computers and social media accounts, to spyware and denial of service (DDoS) attacks have been reported to Action Fraud between 2021 and 2025.
Financial Losses From Cyber Crime Fall Despite Rising Attacks
The number of cyber crime incidents reported between 2021 and 2025 has had a staggering increase, revealing a concerning upward trend in the number of cyber crime incidents people are facing. In 2021, there were 28,770 cyber crime incidents reported, which increased 37 percent in 2025 to 39,504.
Despite this sharp rise in cases, there is one glimmer of hope, the total financial losses reported have actually fallen, suggesting that while cyber criminals are attacking more often, defences and fraud-prevention measures may be helping to limit the damage. Total reported losses from cyber crimes in 2021 totalled over £12.3 million; however, this halved in 2025 (£6 million).
Social Media and Personal Computer Hacking Drive Rising Incident Numbers
Hacking of social media and email accounts: Hacking of social media and email accounts are the most prolific cyber crimes. Since 2021, there have been 96,000 incidents reported, with over 25,000 incidents reported in the first eight months of this year. This type of cyber crime has resulted in the highest total losses to the public. Since 2021, over £12 million has been reported lost from this type of cyber crime.
Hacking through extortion: Hacking through extortion has resulted in losses of £8,916,626 since 2021. In total, there were 12,343 incidents reported, indicating that while there are fewer incidents, losses from each incident are high, with an average of £1,570 lost per each incident reported.
Computer viruses, malware and spyware: Computer viruses, malware and spyware have resulted in £8,539,191 in losses since 2021. There have been 21,418 incidents reported since 2021. Computer viruses and malware have also seen a significant increase in reports over the past year, revealing a 105 percent increase in reported incidents between 2024 and 2025, and a 190 percent increase in reported losses. In 2025, over £2.7 million was reported lost from computer viruses and malware.
Hacking of personal computers: Hacking of personal computers has been reported 29,194 times to Action Fraud since 2021, with £3,083,718 in reported losses. In 2024, there was a significant increase in this type of cyber crime, with 8,079 incidents reported, up 54 percent since 2021. However, in 2025, there was a slight decrease, with 6,100 incidents in the first eight months of 2025.
Hacking of servers: Hacking of servers has seen the also seen a decrease in reported incidents (from 322 in 2021 to 180 in 2025) with reported losses decreasing from £266,000 in 2021 to £39,000 in 2025. In total, 1,213 incidents have been reported since 2021, with £474,500 in reported losses.
Hacking via PBX/Dial Through: Hacking via PBX/Dial Through has seen the most dramatic decrease in incidents. In 2021, there were over £328,000 in reported losses from these incidents, which dropped to no losses in 2025. Since 2021, 283 incidents have been reported, with reported losses totalling £389,347.
Denial of Service Attack Extortion: Incidents of DDoS attacks through extortion are reported least often. Since 2021, there have been just 129 incidents reported, with £127,096 reported in losses. This type of cyber crime has seen decreases in incidents and losses. In 2021, there were 52 incidents reported, with £57,796 in reported losses. Incidents reported decreased 73 percent in 2025, with just 14 incidents reported, and £2,400 in reported losses.
Denial of Service Attack: While there have been 419 reported DDoS attacks since 2021, there have been no reported losses from this type of cyber crime.
UK Online Habits and Reporting of Cyber Crime
The total reported financial losses by the UK public over the past five years amount to £34 million. While this may seem modest, many incidents go unreported. For example, Bridewell’s research on critical national infrastructure found the average cost of an incident to be around £200,000 per organisation, highlighting the scale of the challenge.
Businesses often report losses through other channels, such as the ICO or internal systems, while individuals may avoid reporting due to embarrassment or uncertainty about what constitutes a reportable offence.
Methodology
An FOI was submitted to Action Fraud requesting the number of incidents reported and reported losses for the following cyber crimes from 2021 to August 2025:
- NFIB50A: Computer Virus/Malware/Spyware
- NFIB51A: Denial of Service Attack
- NFIB51B: Denial of Service Attack Extortion
- NFIB52A: Hacking - Server
- NFIB52B: Hacking - Personal
- NFIB52C: Hacking - Social Media and Email
- NFIB52D: Hacking - PBX/Dial Through
- NFIB52E: Hacking - Extortion
