Saved in:
Bibliographic Details
Main Authors: Lukošiūtė, Kamilė, Halstead, John, Righetti, Luca
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2603.20570
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866911532853493760
author Lukošiūtė, Kamilė
Halstead, John
Righetti, Luca
author_facet Lukošiūtė, Kamilė
Halstead, John
Righetti, Luca
contents AI companies and governments are increasingly concerned about frontier AI systems enabling cybercrime, yet defining meaningful capability thresholds requires knowing the scale of cybercrime today. Current estimates of global cybercrime damages vary from tens of billions to tens of trillions of dollars, with little systematic evaluation of their reliability. We establish a more rigorous baseline by surveying 27 existing estimates, critically evaluating their methodologies, and constructing a composite estimate from three independent sources: a nationally representative UK business victimization survey scaled globally, US individual victimization data scaled globally, and global cybersecurity spending figures. Large-sample victimization surveys capture losses directly from victims, avoiding both the reporting bias in law enforcement and industry databases and the heavy modeling assumptions of macroeconomic approaches. We focus on quantifiable economic damages -- direct losses, response costs, and defense spending -- excluding harder-to-measure costs such as intellectual property theft and reputational damage. We estimate total global cybercrime damages at approximately \$500 billion USD annually (90% CI: \$100 billion-\$1 trillion). At this baseline, an AI-driven increase of about 20% would add \$100 billion or more, reaching thresholds some companies identify as warranting additional mitigations. However, cybercrime data remains too incomplete for such incremental increases to be directly detectable, and defensive applications of AI may partially offset offensive gains. Our methodology narrows plausible damage estimates from multiple orders of magnitude to a more confident baseline, providing a foundation for decision-making about AI-related cybercrime risk.
format Preprint
id arxiv_https___arxiv_org_abs_2603_20570
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Global Cybercrime Damages: A Baseline for Frontier AI Risk Assessment
Lukošiūtė, Kamilė
Halstead, John
Righetti, Luca
Computers and Society
AI companies and governments are increasingly concerned about frontier AI systems enabling cybercrime, yet defining meaningful capability thresholds requires knowing the scale of cybercrime today. Current estimates of global cybercrime damages vary from tens of billions to tens of trillions of dollars, with little systematic evaluation of their reliability. We establish a more rigorous baseline by surveying 27 existing estimates, critically evaluating their methodologies, and constructing a composite estimate from three independent sources: a nationally representative UK business victimization survey scaled globally, US individual victimization data scaled globally, and global cybersecurity spending figures. Large-sample victimization surveys capture losses directly from victims, avoiding both the reporting bias in law enforcement and industry databases and the heavy modeling assumptions of macroeconomic approaches. We focus on quantifiable economic damages -- direct losses, response costs, and defense spending -- excluding harder-to-measure costs such as intellectual property theft and reputational damage. We estimate total global cybercrime damages at approximately \$500 billion USD annually (90% CI: \$100 billion-\$1 trillion). At this baseline, an AI-driven increase of about 20% would add \$100 billion or more, reaching thresholds some companies identify as warranting additional mitigations. However, cybercrime data remains too incomplete for such incremental increases to be directly detectable, and defensive applications of AI may partially offset offensive gains. Our methodology narrows plausible damage estimates from multiple orders of magnitude to a more confident baseline, providing a foundation for decision-making about AI-related cybercrime risk.
title Global Cybercrime Damages: A Baseline for Frontier AI Risk Assessment
topic Computers and Society
url https://arxiv.org/abs/2603.20570