Hackers have typically compromised a network for 146 days before anyone notices. In the case of the Marriott Hotel breach detected in 2018, the attackers had been in the network for over 1000 days before discovery.
Most of these breaches occur through credential theft due to users:
In 2017 a Lithuanian man was arrested for defrauding two major international businesses for over USD$100 million. Via a phishing attack, he was able to pose as an Asian manufacturer, forging invoices and requesting payment. The companies were later identified as Google and Facebook.1
As a global scourge, cybercrime ranks third behind government corruption and narcotics trafficking in terms of dollar value.
Reference
1.
https://www.nytimes.com/2019/03/25/business/facebook-google-wire-fraud.html