FBI Releases 2025 Internet Crime Report Showing Record Ransomware Losses and Supply‑Chain Attacks
What Happened — The FBI published its 2025 Internet Crime Report, providing the most recent statistical snapshot of cyber‑crime activity in the United States. The report documents a year‑over‑year rise in ransomware payments, business‑email‑compromise (BEC) incidents, and supply‑chain attacks, with total reported losses exceeding $10 billion.
Why It Matters for TPRM —
- Escalating ransomware and BEC volumes increase exposure for any organization that relies on third‑party services.
- Supply‑chain compromises highlight the need for continuous monitoring of vendor security postures.
- Industry‑wide loss figures can be used to calibrate risk‑scoring models and justify tighter contractual security clauses.
Who Is Affected — Financial services, healthcare, SaaS/technology providers, retail/e‑commerce, and government agencies are all cited as heavily impacted in the report.
Recommended Actions — Review and update third‑party risk assessments to reflect the heightened ransomware and supply‑chain threat landscape; validate that vendors maintain robust incident‑response and email‑security controls; incorporate the report’s loss metrics into quantitative risk‑scoring frameworks.
Technical Notes — The report aggregates data from the FBI’s Internet Crime Complaint Center (IC3) and does not disclose specific CVEs or attack vectors. It emphasizes trends such as phishing‑based credential theft, exploitation of known vulnerabilities, and malicious use of cloud‑based services. Source: Schneier on Security – FBI’s 2025 Internet Crime Report