Cybercrime has become deeply personal, and frankly, we should all be a bit more worried this year given the trending.

If there is one clear takeaway from the FBI’s 2025 Internet Crime Complaint Center (IC3) report, it is that cyberattacks have crossed the line from targeting companies to targeting people. I have spent my career in cybersecurity, serving in executive roles in the private sector and the highest levels of government, and this shift is one of the most important evolutions we have seen.

The scale alone is staggering. In 2025, the FBI received 1,008,597 complaints, with reported losses totaling $20.88 billion—a 26 percent increase over 2024. But what stands out is not just the volume. It is how these attacks are happening.

Attackers have expanded their sights beyond the enterprise and are becoming dangerously good at getting around it.

Attackers Are Targeting People, Not Just Systems

For years, organizations have focused on securing infrastructure. That investment has worked for the most part. Unfortunately, attackers have adapted.

Today’s most common and costly crimes—phishing and spoofing, extortion, investment fraud, and personal data breaches—are designed to manipulate people, not just exploit systems. 

Personal data breaches alone accounted for more than $1.3 billion in losses.

Business Email Compromise (BEC) remains one of the most damaging attack vectors, responsible for more than $3 billion in losses, with 86 percent of fraudulent transactions occurring via wire transfer or ACH. These attacks are powered by social engineering. They rely on impersonation, urgency, and trust.  And they are increasingly effective.

The Executive’s Personal World Is Now the Entry Point

Executives today operate across two environments: a secured enterprise and an exposed personal ecosystem.

Attackers are exploiting that gap.

Cyber-enabled fraud now accounts for the vast majority of losses, reinforcing that this is no longer about breaching systems—it is about exploiting human behavior.

We are seeing this play out in real time:

  • A rise in sextortion and cryptocurrency investment fraud
  • Increasing company impersonation scams, including emails posing as CEOs and senior executives
  • Growth in employment-related scams targeting individuals directly

The more visible and digitally exposed an executive is, the easier it becomes for attackers to craft convincing, targeted campaigns.

And increasingly, those attacks extend beyond the executive to their families.

A Broader, More Personal Threat Landscape

This shift is not limited to executives. It is expanding across demographics:

  • Elder fraud increased by 37 percent, reflecting targeted financial exploitation
  • Cryptocurrency-related complaints rose 21 percent
  • More than 5,700 complaints involved crimes targeting minors, including sextortion and online grooming

At the same time, traditional threats remain prevalent, with 39 percent of incidents involving data breaches and 36 percent involving ransomware.

Even critical infrastructure is at risk. The healthcare and public health sector remains the top-targeted industry, underscoring the real-world impact of these threats beyond financial losses. 

This is not just a cybersecurity issue. It is a human risk issue.

AI Has Changed the Game

One of the most important developments in this year’s report is the explicit focus on artificial intelligence.

For the first time, the IC3 report includes a dedicated section on AI-enabled cybercrime. More than 22,364 complaints referenced AI, with losses exceeding $893 million.

This is a turning point.

The rise of AI-enabled cybercrime and scams, deepfake impersonations, phishing and ransomware attacks, and identity theft demonstrates the consequences of an ever-growing digital risk environment. AI is accelerating the effectiveness of social engineering by enabling attackers to:

  • Generate highly realistic phishing emails
  • Impersonate executives and trusted vendors using voice cloning and deepfake techniques
  • Scale personalized attacks with unprecedented speed

BEC has become more powerful as attackers leverage AI to mimic CEOs and other officials with remarkable accuracy.

The result is a new reality where attackers no longer need to break trust. They can manufacture it using deepfake AI deception.

Why Traditional Security Is Not Enough

Most organizations have built strong defenses around the enterprise. But those defenses stop at the corporate boundary.

What remains exposed is everything outside it:

  • Personal devices and accounts
  • Home networks and smart devices
  • Family members and their digital footprints

This is where attackers are operating.

The IC3 report alerts us to a pervasive reality we can’t afford to ignore: highly motivated threat actors know where the security gaps exist in enterprises and family offices and are actively exploiting them at an accelerated rate.

BlackCloak’s own research underscores how significant this gap is:

  • 87 percent of new clients had no security on personal mobile devices before onboarding
  • 100 percent of client households had exposed passwords on the dark web
  • 39 percent had active malware or unsecured home networks
  • More than 50 percent of organizations believe a family member is the most likely entry point for an attack

These are not edge cases. They are the norm.

A New Approach to Executive Protection

Since the very beginning of BlackCloak’s inception, we’ve been deeply committed to evolving executive protection.  We do that by securing the executive’s full digital life, not just their corporate identity. That includes:

  • Reducing the personal attack surface by removing exposed data and vulnerabilities
  • Monitoring personal accounts, devices, and networks for emerging threats
  • Extending protection to family members
  • Responding quickly when incidents occur

Conclusion

It is time to take cybercrime personally because attackers are targeting our homes, families, coworkers, and friends. The days of cyberattacks being confined to corporate systems are behind us. They have moved into the personal lives of the individuals who lead organizations, manage critical infrastructure, and hold the keys to keeping our societies stable. 

And that changes everything.

Because in today’s environment, the most effective way to protect the enterprise is to protect the executive at every level.