Home / Blog / General / Know your enemy: What motivates a cyber criminal?

October 28, 2019

Cyber crime is increasing at a staggering rate. The number of attacks worldwide each year is well into the trillions. In the UK alone, a small business is successfully hacked every 19 seconds.

According to one report, 2018 reportedly saw a 350% increase in ransomware attacks, a 250% increase in spoofing or business email compromise and a 70% increase in spear-phishing attacks in companies overall.

Meanwhile, damages caused by cyber crime hit around US $3 trillion in 2015. That figure is expected to double by 2021. By that point, cyber crime will be more profitable than all illegal drugs trade combined.

Already, cyber crime profits are estimated at US$1.5 trillion – i.e. more than the GDP of Saudi Arabia and Turkey combined.


Know your enemy: What motivates a cyber criminal?

So is it just about the money? Or are there other factors at play here? Let’s take a look into the mind and motivations of a cyber criminal.


Money is definitely the largest motivator for cyber criminals. Statistics on this are hard to come by, obviously, but a 2016 report from Palo Alto Networks and the Ponemon Institute suggests that 67% of UK hackers do it primarily for the money.


There are a quite a few different ways to earn money as a hacker. For example, stealing money directly from an account, encouraging people to send you money using false information, ransom/bribery, selling stolen information, etc.

This has a bearing on how the attack might take place, but the why remains the same. And that’s a good thing. Someone who is just doing it for the money will want the best return on time spent. Those with other motivations may not.

The Chair of the Ponemon Institute says:

“By adopting next-generation security technologies and a breach prevention philosophy,  organisations can lower the return on investment an adversary can expect from a cyber-attack by such a degree that they abandon the attack before it’s completed.”

Given the number of ways a cyber mercenary could earn their money, it’s difficult to single out specific targets. Small businesses are obviously a big one, but individual users are also at risk. Common attack types include:

  • Phishing/spear-phishing/spoofing – making victims behave in a way that suits the attacker’s purpose
  • Spyware – stealing data by spying on a user’s computer
  • Ransomware – blocking access and demanding payment to return files

The best thing to do to avoid falling victim to such attacks is to strengthen your security systems and processes to the extent that you become one of those hard targets that attackers just can’t be bothered to pursue.


An entirely emotional motivation, ego attacks are hard to talk about in a generic way. Often mixed with a desire for some kind of revenge, the motivation could be something overt – rejection by the object of their affection or perhaps a former employer – or slightly foggier, such as attacking a business the attacker feels has ‘done them wrong’.

Also in this category would be those hackers who are driven by the challenge of wanting to ‘outsmart’ a business’ security measures or, in layman’s terms, ‘stick it to the man’.

This is quite a spectrum to deal with.

Those who do it for the challenge may be quite highly skilled. Those out for revenge may just copy or buy malicious code and watch YouTube tutorials to carry out their attacks. But these ‘amateur’ attacks can still cause a lot of damage if you’re not prepared.

If it’s a personal attack, there’s a good chance the attacker will have more physical interaction with their victims – they may employ phishing and spoofing techniques to implement the attack.

In any instance where ego is the driving motivator, attackers will often want someone – either the victim or peers in the hacking community – to know that the attack has taken place. This could help security professionals identify the attacker.


Having witnessed the uproar over leaked emails and voter registration DDoS attacks, we all know the power that cyber crime can wield over politics. State-sponsored hackers will be motivated largely by nationalism (with a side of financial incentive). Typical targets include public administration, defence, energy and utilities, with a view to gain information, intellectual property, or to disrupt or damage operations.

The DNC email leaks were enabled by a successful phishing attack. Botnets have been blamed for the DDoS attack on the EU referendum registration site. But largely, the mode of operation could be described as ‘by any means necessary’.


Hactivists and cyber terrorists fall into this category. In essence, the motivation here is that the hacker strongly disagrees with the activities of the target. This breed of attack can vary from cyber defacement to full-scale attacks, such as the Ashley Madison leaks in 2015 or #OpSudan earlier this year, which may have played a role in the ousting of Sudanese dictator Omar al-Bashir.

Hactivists tend to band together in geographically-dispersed groups, united behind a common goal. Often these are short-term targets, known as Operations. In its early years, hacktivism could be quite effective, but as security measures have improved the effectiveness of these attacks has diminished, leading hacktivists to target ‘low-hanging fruit’ where they can make more of an impact.

How it helps

Understanding the motivations of attackers helps us to create a profile of who these hackers might be and what they are targeting. If you can look objectively at your business and identify where threats might come from – do you have valuable data that could be stolen? Are your activities controversial? – you can predict which hacker persona might target your organisation and tailor your security measures accordingly.

Related articles:

About Comtact Ltd.

Comtact Ltd. is a government-approved Cyber Security and IT Managed Service Provider, supporting clients 24/7 from our ISO27001-accredited UK Security Operations Centre (SOC).

Located at the heart of a high security, controlled-access Tier 3 data centre, Comtact’s state-of-the-art UK Cyber Defence Centre (SOC) targets, hunts & disrupts hacker behaviour, as part of a multi-layered security defence, to help secure some of the UK’s leading organisations.