Cyberattackers are adopting new tools to increase the effectiveness and scope of familiar forms of attack, such as ransomware and business email compromise (BEC). GenAI tools are lowering the cost of the phishing and social engineering campaigns that give attackers access to organizations. Therefore, while the core character of cyberattacks has remained stable, organizations may need to place additional emphasis on protecting themselves against well-developed phishing and cyber-fraud campaigns.Cybercrime-as-a-Service (CaaS) platforms continue to be a dominant and rapidly growing business model in the criminal landscape, allowing individuals or groups without technical expertise to engage in illicit online activities by purchasing the necessary tools and support.9 This model, which is already well established among criminal groups, has progressively been adopted in other areas of cybercrime, such as AI-enhanced phishing attacks. These platforms present a challenge, as they remove the barriers for entry into cybercriminal activities. While progress has been made in dismantling some of the platforms, enforcement efforts remain inconsistent as CaaS platforms continue to thrive.The rapid advancements and increasing adoption of digital platforms globally is matched by an equally evolving cyberthreat landscape. Cybercrime today is increasing not just in scale but also in sophistication. As our digital footprints widen, so does the potential attack surface for nefarious actors. It is essential that we work together to address this growing menace. The borderless nature of the internet necessitates collaboration across various jurisdictional limitations to ensure that threat actors have no safe haven for their evil activities. Ivan John E. Uy, Secretary of Information and Communications Technology of the Philippines The surge in the volume and value of cyber-enabled fraud has attracted “traditionally” violent organized crime groups into the cybercrime market. The interaction of organized cybercrime with organized violent crime groups is changing the nature of cybercrime and greatly increasing their social impact. This is perhaps most starkly shown by the trafficking of more than 220,000 people to forcibly work in online scam-farms in South-East Asia.10 With such farms engaging in the harvesting of data, disinformation and social engineering to name a few capabilities, they are essentially becoming “criminal service providers”.11 According to the Global Anti-Scam Alliance, scammers have siphoned away more than $1 trillion globally in the past year, costing certain countries losses of more than 3% of their gross domestic product (GDP).12 The entry of traditional organized crime groups into the cybercrime arena changes the character of the criminal market. Organized crime groups are accustomed to causing physical harm and are arguably less concerned about the risk created by attacking critical social services such as medical services.13 When this cultural change is paired with the scale provided by CaaS platforms, the range of organizations that could be targeted by attacks such as ransomware becomes wider.14The convergence of cybercrime and organized crime groups Cybercrime has persistently evolved alongside the threat landscape, and its reach extends beyond financial loss, becoming a disruptive force that threatens our societies. We must remain vigilant and collaborate across sectors to safeguard the future of our digital world. Cybercrime’s impact is far-reaching – it can halt operations, undermine confidence and permeate to our operational technology and critical infrastructure. In the year ahead, we must prioritize not only defence but proactive and systemic disruption of these criminal networks as part of our collective effort to ensure cyber resilience and protect our digital future. Ken Xie, Founder, Chairman of the Board and Chief Executive Officer, Fortinet Global Cybersecurity Outlook 2025 14