One year. $3.4 billion lost.

For most organizations, a loss like that would be catastrophic.

But the truth is worse.

That is how much Americans over the age of 60 lost to cybercrime in a single year, according to the FBI’s Internet Crime Complaint Center. No other age group lost more.

Yet older adults rarely appear at the center of cybersecurity policy discussions, awareness campaigns, or national strategies.

The mismatch is striking.

The group suffering the greatest financial harm online is often the least systematically protected.

 

Why Criminals Choose Seniors

Cybercriminals target older adults for simple reasons.

Many have accumulated savings, pensions, or property over decades, making them financially attractive targets. For organized cybercrime groups, that represents a high-value opportunity.

But money alone does not explain the pattern. Social dynamics play an equally important role.

Many older generations grew up in environments where institutions carried strong authority. Banks, government agencies, and official phone calls were rarely questioned. That expectation of trust still shapes how people respond when someone claims to represent an authority today.

Isolation adds another layer of vulnerability.

Millions of older adults live alone across Europe and North America. When something suspicious happens, there may be no one nearby to ask for a quick opinion or second perspective. Under pressure, decisions are made quickly and often in isolation.

 

Cybercrime as Psychological Manipulation

The scams most frequently aimed at older adults rely on emotional leverage rather than technical sophistication.

Fake tech support alerts claim a computer has been infected and must be repaired immediately. Government impersonation calls warn of unpaid taxes or problems with Social Security or Medicare. “Grandparent scams” typically involve a caller claiming that a grandchild has been arrested, injured, or is otherwise in immediate danger and urgently needs financial help.

The goal is to create panic before the victim has time to verify the story.

Although the tactics differ, the mechanism is consistent. These scams succeed not because victims lack technical knowledge, but because the attacks are designed around normal human instincts.

 

The Cybersecurity Blind Spot

Most cybersecurity education simply does not reach older adults.

Security awareness programs are largely designed for workplaces. Employees receive phishing simulations, online training modules, and access to IT teams who can verify suspicious emails or phone calls.

That ecosystem largely disappears after retirement.

Without regular training or support channels, many older adults operate outside the modern cybersecurity awareness system.

The result is a dangerous gap: the demographic suffering the largest financial losses from cybercrime is also one of the least systematically protected.

This is not primarily an individual failure. It reflects a structural gap in how cybersecurity education is delivered.

 

The Policy Failure

National cybersecurity strategies often prioritize infrastructure protection, critical industries, and government systems. Those priorities are important, but they frequently overlook the individuals most exposed to cybercrime.

Addressing the problem requires a broader approach.

Cybersecurity awareness must extend beyond workplaces and into the wider public sphere. Governments could fund campaigns designed specifically for older audiences and deliver them through channels that are already widely used, including television, community organizations, healthcare networks, and local government services.

Financial institutions also have a role to play. Banks already detect unusual card activity. Similar safeguards could identify transfers associated with common scam patterns and introduce additional verification steps before funds are moved.

Recognizing older adults as a high-risk demographic would be an important first step.

 

It’s Time to Protect the Most Targeted

The encouraging reality is that this problem is solvable.

Cybercriminals succeed because they exploit predictable human behavior. Those same dynamics can be addressed through better public awareness, stronger institutional safeguards, and policies designed with vulnerable populations in mind.

Cybersecurity is often framed as a technical contest between attackers and defenders. In practice, it is also a social challenge.
Any cybersecurity strategy that claims to protect society must start by protecting the people most frequently targeted within it

This article was written by Cywareness, a company specializing in cybersecurity awareness.

As part of its mission, Cywareness continues to monitor emerging trends, analyze real-world attacks, and share practical insights to help organizations stay ahead in today’s evolving threat landscape.