When it comes to cybercrime, the stories are often told in numbers. By 2025, it is expected to cost $10.5 trillion globally. If it were a country, its economy would rank it third globally, behind only the US and Chinese economies. Money raised through online fraud — from phishing to fake websites — has totaled about $1.03 trillion. With the rise of ransomware and financial attacks on large organizations, one might think that cybercrime is only about money.
Nothing could be further from the truth. The motivations for these crimes go beyond the economic component, although this has a significant weight. Some studies put the percentage of attacks on governments motivated mainly by financial reasons at 95% of all security breaches, while others speak of 55% of groups acting in search of income. The fact that the motivation is not financial does not mean that the effect is not equally damaging, although in terms of reputational cost, strategy, or damage to critical infrastructures. Patricia Alonso García, manager of Incibe-CERT, points out that “it is increasingly common to find other types of motivations that seek to cause the greatest possible media impact.” She cites ideological or political reasons in the first place, “aimed at destabilizing an institution, government or company.” In the current international context, their impact is being felt: According to the latest World Economic Forum report on cybersecurity, nearly 60% of organizations say that geopolitical tensions have affected their strategy, while one in three CEOs cite loss of sensitive information and cyberespionage as their top concern.
Incibe. En la imagen, Patricia Alonso García.
“We are very redundant when talking about cybercrime, because we always associate it with economic motivations,” says Hervé Lambert, global consumer operations manager at Panda Security. “But they are not the only reasons out there.” Lambert also refers to political and military cyber espionage, “states or actors linked to different governments” that seek to infiltrate to obtain strategic information. It also includes cyberwarfare, “attacks designed to do damage, disable, render important systems useless. There is no lucrative purpose, but to enhance or win a war or facilitate sabotage.”
