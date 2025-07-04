The onus to protect, since 100% protection is not achievable, cannot be fully on the victims. What we need is a fundamental shift in how we approach cybercrime – one that treats it as the serious criminal activity it is, rather than continuing to blame those who fall victim to it.

Yet while businesses are urged to improve their security posture and face hefty fines for non-compliance with cybersecurity regulations, we’re missing a fundamental truth – even the best defense strategies alone will not end all cybercrime.

Ransomware has followed the same pattern as virtually all types of crime, whether physical or cyber. So long as there is high reward with little risk of consequence, and highly specialized skills are not required, the crime rate will continue to increase.

The Crime Equation Remains Unchanged

Crime is crime, whether it occurs in the physical world or cyberspace. Every single year, cybercrime has increased, and it will continue to do so until we address the fundamental drivers. Understanding why crime happens is crucial – opportunity, motive and the perception that one can get away with it.

In general, the best way to fight crime is to make it more difficult to succeed and significant consequences. Consider how we protect physical assets: The Bank of England vault is nearly impenetrable because it houses our most valuable gold reserves.

Local banks have extensive security systems and alarm protocols. Even petrol stations have cameras and basic security measures. The level of protection corresponds to the value of what’s being protected and, crucially, there are real consequences for those who attempt theft – life imprisonment for the most serious offences.

In cyberspace, however, everything is accessible from everywhere. Unlike The Bank of England vault, where we can bury gold in an impenetrable fortress, most business data must be available to a myriad of stakeholder such as employees, customers, consultants and third-party providers on a 24/7 basis. This creates an inherent vulnerability that makes perfect protection impossible.

The Shift to Ransomware and Anonymous Payment

The cybercrime landscape has undergone a significant transformation. Many years ago, most cybercrime focused on stealing financial data – credit card numbers, banking details, identity theft.

Whilst this still occurs, there’s been a dramatic shift towards ransomware, and this is because it’s far easier to encrypt and demand payment than to spend time finding buyers for credit card numbers.

This shift has been fuelled by cryptocurrency. For the first time in history, criminals can be paid in anonymous currency, anywhere in the world, at any time, and convert it into pounds, euros or dollars.

Previously, criminals had to physically collect payments or transfer money to traceable bank accounts. Now, they can operate with anonymity whilst easily converting their ill-gotten gains into real money.

If criminals couldn’t convert cryptocurrency into real currency, it would drop to almost nothing or remain merely a barter system. The ability to monetize these attacks anonymously has fundamentally changed the risk-reward calculation for cybercriminals and eliminated one of law enforcement’s most powerful tools – “follow the money”.

The Jurisdictional Challenge

The second major factor enabling cybercrime is jurisdiction. Many cybercriminals operate from countries where western governments have no recourse. If a ransomware actor were based in Ireland and attacked a US company, authorities would issue an extradition request, and Ireland would likely comply.

However, when these criminals operate from non-cooperative jurisdictions, they find their activities tolerated or even tacitly supported.