Cybercrime is a commercial ecosystem, not a collection of isolated hackers. Its growth is such that it can be measured in macroeconomic terms rather than incidents. In fact, if it were a country, the 15.6 trillion USD in projected annual losses by 2029 would make it the world’s third‑largest economy – larger than any nation except the United States and China, and already bigger than Germany, Japan, India or the UK on their own.
Cost projections from multiple sources all point in the same direction, even if exact numbers differ. Recent forecasts such as Aftra’s 2024 overview on the economic impact of cybercrime put cybercrime at 10.5 trillion USD in 2025, 12.5 trillion in 2026 and roughly 15.6 trillion by 2029. Statista’s cybercrime cost projections point in the same direction, with global cybercrime costs rising from 9.22 trillion USD in 2024 to about 13.82 trillion USD by 2028 and 15.63 trillion USD by 2029.
The precise forecasts vary by methodology but they all agree that cybercrime is not stabilizing. Instead it’s growing faster than preparedness. It has become a structural economic burden longer rather than just the cost of “bad IT hygiene”.
For boards, executives and operational leaders, this changes the conversation. The question is no longer whether cybersecurity matters and how much you should spend fighting it. Instead, ask yourself whether your current operating model actually reflects the real risks.
Fighting that is why we have focused a large portion of our business on services such as Managed Detection and Response, Managed SOC, and Managed Cyber Incident Response.
The Industrialisation of Cybercrime
Ransomware, data theft and extortion attempts have become an industry where participants can buy access from initial access brokers, rent ransomware-as-a-service, automate phishing and credential harvesting, and use double-extortion models that combine data theft with service disruption and blackmail.
Modern cyber defence has to be continuous, monitored, and operationally ready. Anything less struggles to keep pace with a threat environment that is effectively active every minute of every day; as we’ll show, a lot can happen in a minute.
Back in 2012, Intel published an infographic called “What Happens in an Internet Minute?” At the time, the numbers felt astonishing: around 639,800 GB of IP data transferred, 204 million emails sent, 2 million Google searches, and 30 hours of video uploaded to YouTube every minute. Even then, cyber risk was already present in the background, with 135 botnet infections and 20 new identity theft victims estimated every 60 seconds.
Thirteen years later, that internet minute is no longer recognizable and has become something much more important than a curiosity. It is now a useful way to understand how digital dependency has grown, and why cybercrime has expanded so aggressively alongside it.
This matters to every organisation, not just large ones. The more business processes, customer journeys, communications, payments, and identities move online, the larger the opportunity for attackers. If 2012 was the era of “look how much happens online”, 2025 and 2026 are the era of “look how much can go wrong online, every single minute”.
From the 2012 internet minute to today
The best current benchmark for internet activity is Domo’s annual Data Never Sleeps research. The comparison with 2012 is stark.
In the current internet minute:
- Google handles roughly 5.9 to 6.3 million searches, compared with 2 million in 2012.
- Users send around 241 to 251.1 million emails, up from 204 million.
- YouTube sees around 500 hours of video uploaded per minute, versus 30 hours in 2012.
- People watch roughly 3.5 million YouTube videos per minute, up from about 1.3 million.
- Across Facebook and Instagram, users now watch around 138.9 million Reels every minute.
- Amazon customers spend over $455,000 per minute, and during peak periods such as Cyber Week, global shoppers have been measured spending more than $43.6 million per minute across ecommerce platforms, according to coverage.
Recent aggregated traffic estimates also suggest the world is now consuming on the order of 10 petabytes (that’s 10,000,000 gigabytes) of data per minute, based on modern network and usage analyses. That is not a small step up from Intel’s 2012 benchmark of 639,800 GB. It is a different scale entirely.
In 2012, much of the internet was still relatively straightforward: websites, email, early cloud, and fast-growing social media. Today’s minute is made up of cloud services, APIs, SaaS platforms, mobile apps, AI tools, streaming, payments, identity systems, and supply-chain integrations. A modern business no longer “uses the internet” at the edges. It runs on it and is why cyber risk is accelerating so sharply.
More traffic, more dependency, more cybercrime
The relationship between internet growth and cybercrime is not accidental. As more value moves online, criminal attention follows it.
One of the clearest modern indicators comes from Help Net Security, which reported from Domo’s 2024 digital activity analysis that 4,080 records are compromised in data breaches every minute. That works out to around 244,800 records per hour and nearly 5.9 million records per day.
That single figure does a better job than most headlines of explaining the extent of the cybercrime epidemic. These are no longer occasional incidents affecting unlucky victims but a continuous flow of compromised customer data, credentials, financial records, and operational information.
The Identity Theft Resource Center’s latest report shows that publicly reported data compromises in the US reached record levels again in 2025, with around 3,322 incidents. Other 2025 breach round-ups, including coverage of major incidents by cyber and tech commentators, point to a cluster of breaches linked to large technology providers and data aggregators that together exposed more than 16 billion records.
The cost of these failures is rising as well. Data breach statistics and cost-of-breach analyses collated by firms such as IBM indicate that the average cost of a US data breach has reached roughly $10.22 million, with the global average around $4.44 million.
It is no longer realistic to think of cybercrime as an edge case, or an IT problem that can’t be handled with a firewall refresh and an annual penetration test.
Why the current threat is structurally worse than 2012
The 2012 internet minute already included botnets and identity theft. But the mechanics of risk were very different.
Back then, a typical organisation had a smaller digital footprint. There were fewer cloud platforms, SaaS tools, mobile workflows, and internet-facing integrations. Today, businesses are spread across multiple platforms – Microsoft 365, Google Workspace, CRMs, booking systems, finance tools, HR platforms, cloud storage, e-signature platforms, AI copilots, and multiple APIs – and every one of these create identities, privileges, data flows, and attack paths.
Cybersecurity Ventures’ long‑running estimates put ransomware at roughly one attack every 11 seconds in 2021, and they now project that by 2031 a ransomware attack will strike a business, consumer or device every 2 seconds, with annual damages around $265–275 billion.
What the next 13 years could look like
No credible analyst has a neat, precise forecast for 2039. Any article that pretends otherwise is guessing. But the currently published data gives enough signal to draw careful, evidence-based scenarios.
If cybercrime cost grows at around 10% annually from a base near $10.5 trillion, as implied by projections from Cybersecurity Ventures and others, simple compounding approximately doubles the total every seven to eight years. On that kind of trajectory, the late 2030s could see annual cybercrime costs well above $20 trillion, even allowing for some slowdown.
A more optimistic path would involve stronger regulation, better identity architecture, tighter cyber-insurance requirements, broader adoption of managed security operations, and more mature board oversight. Even then, cybercrime would almost certainly remain a major and growing cost centre rather than fading into the background.
Meanwhile, internet usage is not standing still. Even if some individual metrics plateau or shift shape, the number of valuable digital interactions per minute will keep rising: more automated decisions, more API calls, more cloud workloads, more connected devices, more data exchanges, and more reliance on external providers.
The important takeaway is not the exact number in 2039. It is the direction of travel. If more value continues to move online, and if businesses continue to rely on layered, interconnected digital systems, the cost of weak cyber resilience will continue to rise.
What you should do now
The right response is not panic. It is operational realism.
- Organisations should build their own internal version of the internet minute. That means understanding how many logins, transactions, sensitive records, integrations, and privileged actions take place in a normal hour or day. Without that visibility, cyber discussions remain abstract and hard to prioritise.
- Leaders need to stop treating security as a periodic project. When thousands of records are compromised globally every minute, cyber has to be continuous. This means monitoring, detection, response, validation, and rehearsal. It also means making sure the basics are taken care of, including multifactor authentication, least privilege, endpoint protection, logging, tested backup recovery, and clear incident playbooks.
- Boards should focus on the systems that create cascading risk. Identity platforms, cloud storage, email, finance systems, backup platforms, and key suppliers matter more than cosmetic controls. One weakness in those areas can have consequences far beyond a single system.
Cardonet already advises organisations on these issues through practical services such as Managed SIEM, Managed DNS Security, and 24/7 Network Monitoring. Cardonet’s 2023 Cyber Threat Report, Why cyber security is a product of operational excellence, and sector pieces like Nursery School Cyber Security all make the same point: effective cyber defence comes from governance, culture and operating model – not from a single product or tick‑box exercise.
If your business depends on cloud systems, email, online transactions, shared data, suppliers, or remote access (i.e. it’s a normal modern business) your own “internet minute” already carries material cyber risk.
The sensible next step is not to wait for a breach headline. It is to get a clear view of where your real exposures sit today, which systems create the biggest cascading risk, and how fast your team could detect and contain a serious incident.
FAQs
1. Why describe cybercrime as an “economy”?
Because the projected annual cost of cybercrime now runs into the tens of trillions of dollars, with Aftra and Statista both forecasting around 15–16 trillion USD in yearly losses by 2029 – a figure that would make cybercrime the world’s third‑largest “economy” behind only the United States and China if it were a country.
2. How has internet growth actually changed the risk picture since 2012?
Usage data from Intel’s original Internet Minute graphic and Domo’s latest Data Never Sleeps report shows that searches, emails, video uploads, social engagement and ecommerce have all grown by multiples since 2012, with global traffic now estimated at roughly 10 petabytes per minute, which massively expands the digital surface attackers can exploit.
3. What does “4,080 records compromised every minute” really mean?
Domo’s 2024 internet‑activity stats, reported by Help Net Security and others, indicate that 4,080 personal records are compromised in data breaches every 60 seconds, which translates into roughly 244,800 records per hour and millions per day – a continuous background flow of compromised data rather than occasional, isolated incidents.
4. Are breaches actually becoming more frequent, or just more visible?
The Identity Theft Resource Center’s 2025 Annual Data Breach Report logged 3,322 publicly reported data compromises in the US in 2025, the highest number on record and a 79% increase over five years, which strongly suggests that both the frequency and the transparency of significant breaches have increased.
5. Why do you argue that products are not enough – that the operating model matters most?
Because the same sources that track attack volume and breach costs also highlight how often failures come down to identity sprawl, unmonitored integrations, weak processes and slow response; without a joined‑up operating model, even good tools cannot keep pace with a threat environment that is active every minute of every day.
You must be logged in to post a comment.