The VRC Newsletter (May 29)

Cybercrime Surged to $16.6B—Here’s How You Stay Ahead

Author

Junie Talisay
May 29, 2025

In partnership with

A Wake-Up Call: Cybercrime Losses Hit $16.6B

In 2024, cybercrime in the United States escalated to alarming heights. According to the FBI’s Internet Crime Complaint Center (IC3), Americans reported over $16.6 billion in losses—marking a staggering 33% increase from the previous year.

To compare, the entire U.S. box office brought in just $8.56 billion during the same period. That means cybercriminals effectively “out-earned” the entertainment industry by nearly double. These aren’t just digital disruptions. These are billion-dollar losses affecting businesses, hospitals, schools, and individuals across the country.

The IC3 report highlights the sheer scale and complexity of cybercrime today:

  • Investment fraud accounted for more than $6.57 billion in losses, with schemes becoming increasingly sophisticated and convincing.

  • Phishing and spoofing remained the most reported crimes, preying on unsuspecting individuals through emails, phone calls, and fake websites.

  • Business email compromise (BEC) continues to be one of the costliest attack methods, often targeting payroll, finance, and executive teams.

  • Ransomware attacks surged, especially against critical infrastructure. The FBI documented 67 new ransomware variants in 2024 alone.

  • Data breaches and extortion tactics became more frequent and complex, with over 260,000 cybercrime-related complaints recorded.

What makes these crimes particularly dangerous is how they exploit both technological gaps and human behavior. The most common attack methods—like phishing, spoofing, and social engineering—often rely more on tricking people than breaking through firewalls.

More than 4,800 complaints came directly from critical infrastructure organizations, including those in healthcare, financial services, energy, and transportation. These aren’t just IT problems; these are risks that can disrupt lives, delay services, and damage public trust.

This Matters to Every Organization

If these numbers feel distant or abstract, consider what they really represent: millions of people locked out of their systems, duped into transferring funds, or exposed through stolen data. No sector is untouched, and no company—regardless of size—is exempt from becoming a target.

Cybercrime is no longer something that only happens to "other companies." It’s a daily risk that can threaten your revenue, reputation, and regulatory standing. More importantly, it’s evolving. Criminals are using artificial intelligence, automation, and global networks to scale their attacks faster than ever.

Organizations that delay proactive cybersecurity measures often pay far more in the long run. In addition to financial losses, cyber incidents can lead to regulatory fines, lawsuits, customer churn, and long-term brand damage.

Take Action Now

This rise in cybercrime is a wake-up call. It’s not enough to hope your security tools and policies are enough. In 2025, resilience will come from organizations that take deliberate, strategic action starting with understanding where their weaknesses are and how their teams would actually respond in a real-world scenario.

That’s where VanRein Compliance comes in. We help companies move beyond reactive security into proactive defense, starting with two of our most requested services: the NIST Cybersecurity Audit and Cybersecurity Tabletop Exercises. These aren’t one-time checks. They’re structured, hands-on engagements that test your actual readiness, policies, and people before an incident happens.

The key to a $1.3T opportunity

A new trend in real estate is making the most expensive properties obtainable. It’s called co-ownership, and it’s revolutionizing the $1.3T vacation home market.

The company leading the trend? Pacaso. Created by the founder of Zillow, Pacaso turns underutilized luxury properties into fully-managed assets and makes them accessible to the broadest possible market.

The result? More than $1b in transactions, 2,000+ happy homeowners, and over $110m in gross profits for Pacaso.

With rapid international growth and 41% gross profit growth last year, Pacaso is ready for what’s next. They even recently reserved the Nasdaq ticker PCSO.

But the real opportunity is now, before public markets. Until 5/29, you can join leading investors like SoftBank and Maveron for just $2.80/share.

This is a paid advertisement for Pacaso’s Regulation A offering. Please read the offering circular at invest.pacaso.com. Reserving a ticker symbol is not a guarantee that the company will go public. Listing on the NASDAQ is subject to approvals. Under Regulation A+, a company has the ability to change its share price by up to 20%, without requalifying the offering with the SEC.

PROACTIVE SERVICE 1:

Strengthen Your Cybersecurity Foundation

In a world where cyberattacks can bring down billion-dollar enterprises and small businesses alike, reactive measures are no longer enough. Today’s security leaders know that true cyber resilience starts with a strong foundation, and that foundation is built on standards like the NIST Cybersecurity Framework.

At VanRein Compliance, our NIST Cybersecurity Audit is one of the most effective ways organizations can assess, align, and improve their cybersecurity posture in a structured, regulator-ready way.

NIST - Cyber Trust Starts Here

NIST (National Institute of Standards and Technology) has developed some of the most trusted cybersecurity frameworks in the world. These frameworks aren’t just checklists, they’re comprehensive guides that help organizations:

  • Identify and prioritize digital assets

  • Protect data with layered safeguards

  • Detect anomalies and threats quickly

  • Respond effectively to incidents

  • Recover operations after disruption

The NIST CSF and its related Special Publications (like SP 800-53, SP 800-30, and SP 800-171) are used across industries, including healthcare, finance, manufacturing, and government. Whether you’re aiming for compliance or just trying to sleep better at night, NIST provides a gold-standard roadmap for cyber hygiene and maturity.

VRC's NIST Cybersecurity Audit

Our audit isn’t a passive review—it’s a strategic partnership designed to uncover vulnerabilities, reduce risk exposure, and help your organization become truly resilient.

Here’s what’s included:

 Comprehensive Risk Assessment
We analyze your current environment, identifying key assets, potential threats, and control weaknesses. The goal? Understanding where you stand and what’s needed to improve.

 Detailed Control Evaluation
Each of your cybersecurity domains—Identify, Protect, Detect, Respond, and Recover—is examined against NIST standards. We evaluate the strength of your access controls, your use of encryption, your employee training efforts, and more.

 Audit-Ready Documentation
You’ll receive a full report with a gap analysis, remediation roadmap, and the evidence you need for board reviews, client demands, or external assessments.

 Compliance + Security Roadmap
We don’t just check boxes—we help you build a long-term strategy for risk reduction and security improvement, including tools, team recommendations, and policy enhancements.

NIST Benefits Go Beyond Compliance

Performing a NIST Cybersecurity Audit with VanRein Compliance offers more than just technical peace of mind. It helps you:

  • Minimize the impact of future incidents through better preparation

  • Build credibility with clients and partners who expect demonstrable security practices

  • Meet compliance expectations under frameworks like HIPAA, ISO 27001, and CMMC

  • Save time and money by catching vulnerabilities before they turn into costly breaches

It’s a smart investment that reduces risk, improves visibility, and sends a clear message: your organization takes cybersecurity seriously.

Contact VanRein Compliance today to schedule your NIST Cybersecurity Audit designed to assess, align, and improve your entire organization’s cybersecurity posture.

PROACTIVE SERVICE 2:

Turning Cybersecurity Plans Into Practice

Building a security framework is one thing. Testing how well it actually works under pressure? That’s where many organizations fall short.

While audits, policies, and compliance roadmaps are essential, they don’t guarantee your team knows what to do when a real cyberattack hits. That’s why VanRein Compliance offers Cybersecurity Tabletop Exercises—a proactive service that transforms your plans into muscle memory.

What Are Tabletop Exercises?

Think of it as a fire drill for cybersecurity.

These are expert-led, discussion-based simulations where your team walks through a realistic cyber incident in real time. There’s no software to install and no systems put at risk—just your team navigating a scenario as if it were really happening.

Each exercise is custom-built around likely threats in your industry and environment, such as:

  • Phishing & Credential Theft

  • Ransomware & System Lockouts

  • Zero-Day Exploits

  • Data Breaches

  • Social Engineering Attacks

  • Denial-of-Service Incidents

  • Lost or Stolen Devices

You’ll face injects—trigger events that evolve the scenario dynamically—and your team must respond, escalate, and communicate effectively.

VRC's Cybersecurity Tabletop Exercises Matter

You don’t rise to the level of your policies; you fall to the level of your training. Our Tabletop Exercises reveal:

  • Gaps in your incident response plan

  • Unclear roles or decision-making delays

  • Communication breakdowns across departments

  • Weaknesses in technical recovery strategies

These are the kinds of issues that can’t be fixed with more documentation alone. They need to be experienced, reviewed, and improved before a real crisis hits. Protecting your company's integrity and trust with your clients must not be compromised.

Key Features & Benefits

 Pre-Exercise Planning
We design scenarios tailored to your industry, tech stack, and known risks. Every inject is chosen with your environment in mind.

 Facilitated Simulation Session
In a 90–120 minute session, your team is guided through the event, challenged with injects, and encouraged to think critically in real time.

 Cross-Functional Collaboration
We engage not just IT and Security, but also Legal, HR, Communications, and Executive Leadership. Why? Because cyber incidents affect the whole business—not just the tech team.

 After-Action Report (AAR)
Post-exercise, we deliver a clear, actionable report covering what went well, what needs improvement, and how to turn insights into next steps.

 Regulatory & Framework Alignment
These exercises help demonstrate compliance with frameworks like NIST CSF, NIST SP 800-61, ISO 27001, and even HIPAA.

Organizations Trust VanRein Compliance

Unlike generic webinars or tabletop templates, our exercises are high-impact, custom-designed, and designed to produce measurable improvements that meet and exceed what is required. VRC is not just testing your response, we’re partnering with you to build confidence, clarity, and coordination across your organization.

Whether you’re preparing for a NIST audit or simply building a stronger security culture, Cybersecurity Tabletop Exercises are a critical step in your maturity journey.

Contact VanRein Compliance today to schedule a Tabletop Exercise designed to challenge, educate, and empower your entire organization.

Fact-based news without bias awaits. Make 1440 your choice today.

Overwhelmed by biased news? Cut through the clutter and get straight facts with your daily 1440 digest. From politics to sports, join millions who start their day informed.

Learn AI in 5 minutes a day

What’s the secret to staying ahead of the curve in the world of AI? Information. Luckily, you can join 1,000,000+ early adopters reading The Rundown AI — the free newsletter that makes you smarter on AI with just a 5-minute read per day.