One of the main reasons cybercrime seems to worsen every year is simple: hackers continuously adapt. They evolve their tactics, adopt new technologies early, and exploit gaps faster than defenders can close them. This pattern has already played out with cryptocurrencies and ransomware—and now, artificial intelligence (AI) is accelerating the cycle once again.
In November, AI startup Anthropic PBC revealed that a hacking group believed to be backed by the Chinese state had manipulated its large language model, Claude, to launch cyberattacks against roughly 30 targets worldwide. According to the company, the campaign succeeded in a small number of cases but marked a significant milestone: it was the first recorded large-scale cyberattack executed with minimal human involvement.
This disclosure confirmed what many cybersecurity experts had long feared—AI is no longer just a defensive tool. It has become a powerful offensive weapon in the hands of cybercriminals.
Cybersecurity Spending Is Rising—So Are Attacks
Ironically, the rise of AI-driven cybercrime comes at a time when organizations are spending more than ever on defense. Research firm Gartner estimates that global spending on cybersecurity reached $213 billion in 2025, a 10% increase from the previous year. These investments include firewalls, endpoint protection, identity management, and data security.
Yet despite these massive expenditures, there is little evidence that cybercrime is slowing down. From a criminal’s perspective, hacking remains a relatively low-risk, high-reward business. AI makes attacks faster, cheaper, and easier to scale, allowing even less-skilled actors to cause significant damage.
This imbalance explains why experts now advise users to abandon password-only security altogether. Password managers, strong unique credentials, and multifactor authentication (MFA) are no longer optional—they are essential. Users are also urged to be cautious of phone calls or voice messages that sound familiar, as AI-powered voice cloning is increasingly used in social engineering attacks.
Why Cyberattacks Are So Profitable
Most hackers are motivated by money, and many earn staggering sums. The emergence of ransomware in the late 1980s, followed by the rise of cryptocurrencies a decade later, created the perfect ecosystem for cybercrime. Attackers can now extort organizations anywhere in the world while remaining largely anonymous.
Ransom payments are often demanded in Bitcoin or other cryptocurrencies, which can be transferred across borders quickly and are difficult to trace through traditional banking systems. This has fueled the growth of hacking groups operating from regions beyond the reach of Western law enforcement.
As more businesses and consumers move online, the attack surface continues to expand. Technologies such as internet-of-things (IoT) devices and generative AI have added new vulnerabilities. For example, energy utilities now rely on interconnected systems to monitor and control equipment in real time—creating additional entry points for attackers.
Cloud computing presents a similar paradox. While cloud platforms are generally more secure than fragmented on-premise systems, a single misconfiguration, faulty update, or critical software vulnerability can trigger large-scale outages or data breaches.
Who Is Behind Modern Cyberattacks?
Many cyberattacks can be traced back to organized hacker groups, often based in Eastern Europe, that operate under a business model known as “ransomware as a service.”
Ransomware encrypts a victim’s systems, rendering them unusable until a ransom is paid. In other cases, attackers steal sensitive data and threaten to publish it unless payment is made. Sometimes, they do both.
Ransomware developers frequently lease their malicious software to affiliates, who carry out the attacks. Profits are then shared, creating a scalable and highly profitable criminal ecosystem.
One particularly notorious group, Scattered Spider, relies heavily on social engineering rather than technical exploits. Members impersonate employees, call corporate help desks, and convince staff to hand over login credentials.
Scattered Spider—allegedly composed of young hackers based in the US and the UK—has been linked to attacks on MGM Resorts International, Clorox, and London’s public transport system. Two members were arrested last year in connection with an attack on Marks & Spencer, which reportedly caused losses of £300 million in operating profit. The US Department of Justice claims the group carried out at least 120 attacks worldwide, extracting $115 million in ransom payments.
State-Sponsored Cyber Warfare
Not all hackers are motivated solely by profit. Some operate on behalf of governments, tasked with espionage, disruption, or financial theft. Russia and China are widely regarded as the most aggressive state sponsors of cyber operations targeting the US and Western Europe.
US officials accuse China of stealing economic data, military secrets, and personal information belonging to nearly all American citizens. China and Russia have repeatedly denied these allegations, often counter-accusing the US of conducting cyberattacks.
Other major cyber powers include Israel, North Korea, and Iran. For many nations, building cyber capabilities is a cost-effective way to weaken adversaries without triggering conventional military responses. North Korean hackers alone stole more than $2 billion in cryptocurrency in 2025, a 51% increase year over year, according to blockchain research firm Chainalysis.
Who Is Winning: Hackers or Defenders?
The answer depends on how success is measured. There is no centralized global database tracking cyberattacks, making accurate assessments difficult. While attack volumes fluctuate, the long-term trend is clearly upward.
Ransomware statistics often rely on data from cybersecurity firms with limited visibility beyond their own clients or from monitoring dark web leak sites—neither of which provides a complete picture. Attack severity also varies by region. South Korea saw a surge in attacks in 2025, while UK retailers faced a wave of breaches in the first half of the year.
On the positive side, Chainalysis reports that total ransomware payments fell 35% in 2024, partly due to improved law enforcement efforts and a growing willingness among victims to refuse payment. Whether this trend will continue remains uncertain.
Anthropic warns that AI has dramatically lowered the barrier to entry for advanced cyberattacks. AI systems can now perform tasks that once required entire teams of skilled hackers—analyzing targets, generating exploit code, and scanning stolen data faster than any human operator.
What Can Be Done?
There is no guaranteed protection against cyberattacks, but experts agree that basic cyber hygiene can significantly reduce risk. This includes using strong, unique passwords, keeping software updated, and enabling multifactor authentication.
Organizations can reduce social engineering risks by requiring additional verification before sharing sensitive information and training employees to recognize red flags, such as urgent requests for credentials or money.
Consumers should remain cautious of suspicious emails, text messages, and attachments, and verify any phone calls requesting payments—even if they appear to come from friends or family.
Today, most large organizations assume breaches are inevitable. As a result, cybersecurity teams focus on rapid detection and incident response to limit damage. Restricting access to critical systems and maintaining detailed response plans can significantly reduce the impact of an attack.
Nearly all major cybersecurity companies now use AI to enhance threat detection and response. Whether attackers or defenders gain the long-term advantage remains an open question.
Does Cybercrime Hurt the Economy?
Yes—although measuring the full impact is challenging. A 2018 report by the Center for Strategic and International Studies (CSIS) and McAfee estimated the annual cost of cybercrime at $600 billion, and conditions have worsened since. In the UK alone, cyberattacks cost the economy approximately £14.7 billion per year, equivalent to 0.5% of national economic output, according to the Department for Science, Innovation, and Technology.
