Of the 978m global victims of cybercrime last year, 17m were Britons targeted by phishing, ransomware, online fraud and hacking

Hackers stole a total of £130bn from consumers in 2017, including £4.6bn from British internet users, according to a new report from cybersecurity firm Norton.

More than 17 million Brits were hit by cybercrime in the past year, meaning the nation, which accounts for less than 1% of the global population, makes up almost 2% of the 978 million global victims of cybercrime and almost 4% of the global losses.

The losses were more than just financial. Each victim of cybercrime spent, on average, nearly two working days dealing with the aftermath of the attack.

The most common crimes were generally low-tech, such as attempts to trick individuals into revealing their personal information through bogus emails with generally low costs to victims. Other forms of cybercrime were more expensive: the typical victim found that a technical support scam cost them £44, a ransomware attack £111, and a fraudulent purchase online costing as much as £166.

But Norton warns that cybercrime victims are not doing enough to protect themselves online. The report found that they are more than twice as likely as those who haven’t fallen prey to cybercrime to share passwords to online accounts with other people, and almost twice as likely to use the same password for all online accounts.

What’s more, a surprising number of cybercrime victims – more than a quarter – believe they are safe from future attacks.

“Consumers’ actions revealed a dangerous disconnect: despite a steady stream of cybercrime sprees reported by media, too many people appear to feel invincible and skip taking even basic precautions to protect themselves,” said Nick Shaw, Norton’s general manager for EMEA. “This disconnect highlights the need for consumer digital safety and the urgency for consumers to get back to basics when it comes to doing their part to prevent cybercrime.”

The head of the UK’s National Cybersecurity Centre warned on Tuesday that it was a matter of “when, not if” Britain would be hit by a major cyber-attack, capable of disrupting critical infrastructure or the democratic process.

“Some attacks will get through. What you need to do [at that point] is cauterise the damage,” Ciaran Martin said.