{"id":4594,"date":"2025-08-29T07:00:00","date_gmt":"2025-08-29T07:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=4594"},"modified":"2025-08-29T07:00:00","modified_gmt":"2025-08-29T07:00:00","slug":"cybercrime-increasingly-moving-beyond-financial-gains","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=4594","title":{"rendered":"Cybercrime increasingly moving beyond financial gains"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

When it comes to cybercrime, the stories are often told in numbers. By 2025, it is expected<\/a> to cost $10.5 trillion globally. If it were a country, its economy would rank it third globally, behind only the US and Chinese economies. Money raised through online fraud \u2014 from phishing to fake websites \u2014 has totaled<\/a> about $1.03 trillion. With the rise of ransomware and financial attacks on large organizations<\/a>, one might think that cybercrime is only about money.<\/p>\n

Nothing could be further from the truth. The motivations for these crimes go beyond the economic component, although this has a significant weight. Some studies put<\/a> the percentage of attacks on governments motivated mainly by financial reasons at 95% of all security breaches, while others speak<\/a> of 55% of groups acting in search of income. The fact that the motivation is not financial does not mean that the effect is not equally damaging, although in terms of reputational cost, strategy, or damage to critical infrastructures. Patricia Alonso Garc\u00eda, manager of Incibe-CERT, points out that \u201cit is increasingly common to find other types of motivations that seek to cause the greatest possible media impact.\u201d She cites ideological or political reasons in the first place, \u201caimed at destabilizing an institution, government or company.\u201d In the current international context, their impact is being felt: According to the latest World Economic Forum report<\/a> on cybersecurity, nearly 60% of organizations say that geopolitical tensions have affected their strategy, while one in three CEOs cite loss of sensitive information and cyberespionage as their top concern.<\/p>\n

srcset=”https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/08\/Patricia-Alonso.png?quality=50&strip=all 892w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/08\/Patricia-Alonso.png?resize=223%2C300&quality=50&strip=all 223w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/08\/Patricia-Alonso.png?resize=768%2C1033&quality=50&strip=all 768w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/08\/Patricia-Alonso.png?resize=761%2C1024&quality=50&strip=all 761w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/08\/Patricia-Alonso.png?resize=518%2C697&quality=50&strip=all 518w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/08\/Patricia-Alonso.png?resize=125%2C168&quality=50&strip=all 125w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/08\/Patricia-Alonso.png?resize=62%2C84&quality=50&strip=all 62w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/08\/Patricia-Alonso.png?resize=357%2C480&quality=50&strip=all 357w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/08\/Patricia-Alonso.png?resize=268%2C360&quality=50&strip=all 268w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/08\/Patricia-Alonso.png?resize=186%2C250&quality=50&strip=all 186w” width=”761″ height=”1024″ sizes=”auto, (max-width: 761px) 100vw, 761px”>\n

Incibe. En la imagen, Patricia Alonso Garc\u00eda.<\/p>\n<\/div>\n

\u201cWe are very redundant when talking about cybercrime, because we always associate it with economic motivations,\u201d says Herv\u00e9 Lambert, global consumer operations manager at Panda Security. \u201cBut they are not the only reasons out there.\u201d Lambert also refers to political and military cyber espionage, \u201cstates or actors linked to different governments\u201d that seek to infiltrate to obtain strategic information. It also includes cyberwarfare, \u201cattacks designed to do damage, disable, render important systems useless. There is no lucrative purpose, but to enhance or win a war or facilitate sabotage.\u201d<\/p>\n

Since the Stuxnex worm attacked Iran\u2019s nuclear infrastructure<\/a> in 2010, cyberattack for strategic or political reasons has frequently been employed as a destabilization tool, as evidenced most recently by cyberattacks launched since the beginning of Russia\u2019s invasion of Ukraine on Ukrainian targets by Russian agents. According to the latest threat report<\/a> from the European agency ENISA, state-linked actors are generally well-funded and well-resourced and not only target the agencies of power of other nations, but can also direct their threats at other organizations to extract sensitive information or obtain funding for their countries. This could also include disinformation campaigns which, according to Juan Jos\u00e9 Nombela, director of the Master\u2019s Degree in Cybersecurity at UNIE Universidad, are focused on \u201cdemoralizing and demotivating the population or the army.\u201d<\/p>\n

srcset=”https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/07\/Herve_06.jpg?quality=50&strip=all 3000w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/07\/Herve_06.jpg?resize=300%2C200&quality=50&strip=all 300w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/07\/Herve_06.jpg?resize=768%2C512&quality=50&strip=all 768w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/07\/Herve_06.jpg?resize=1024%2C683&quality=50&strip=all 1024w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/07\/Herve_06.jpg?resize=1536%2C1024&quality=50&strip=all 1536w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/07\/Herve_06.jpg?resize=2048%2C1365&quality=50&strip=all 2048w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/07\/Herve_06.jpg?resize=1240%2C826&quality=50&strip=all 1240w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/07\/Herve_06.jpg?resize=150%2C100&quality=50&strip=all 150w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/07\/Herve_06.jpg?resize=1046%2C697&quality=50&strip=all 1046w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/07\/Herve_06.jpg?resize=252%2C168&quality=50&strip=all 252w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/07\/Herve_06.jpg?resize=126%2C84&quality=50&strip=all 126w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/07\/Herve_06.jpg?resize=720%2C480&quality=50&strip=all 720w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/07\/Herve_06.jpg?resize=540%2C360&quality=50&strip=all 540w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/07\/Herve_06.jpg?resize=375%2C250&quality=50&strip=all 375w” width=”1024″ height=”683″ sizes=”auto, (max-width: 1024px) 100vw, 1024px”>\n

Panda. En la imagen, Herv\u00e9 Lambert, gerente global de operaciones de consumo de Panda Security.<\/p>\n<\/div>\n

Linked to ideological motivation is hacktivism, \u201ccybercriminals who do not seek an economic end, but rather pursue a cause\u201d, as Nombela explains. This type of actor can attack companies, organizations or even governments for political, social or ethical reasons. <\/p>\n

In the early 1970s, an experimental program was developed that spread automatically by copying a message to computers on the existing network, then the ARPANET. The program, Creeper<\/a>, was the first computer worm and its creators, Bob Thomas and Ray Tomlinson, had no malicious intent, but were simply experimenting in those years when computer science was a nascent discipline. The entire cybercrime industry comes from this idea and, even today, there is a type of hacker who could be considered to inherit this tradition: they do not seek economic ends, nor ideological ones or to do harm. It is what Lambert calls \u201cpsychological motivations related to personal challenges\u201d and Nombela attributes to \u201cyounger people or those starting out in the world of cybersecurity\u201d who are looking to \u201cgain points or prestige within their community\u201d. Nombela clarifies: \u201cGenerally, these are directed against SMEs, because they are the most vulnerable and also serve as a way for them to learn\u201d.<\/p>\n

Alonso Garc\u00eda distinguishes these motivations, which seek reputation or notoriety through the recognition of a personal achievement, from others that \u201carise as personal revenge from a disgruntled employee or customer\u201d. Nombela gives examples of internal or external incidents: from undermining the CISO or changing a supplier to taking revenge on a company for disloyal personnel or those who have just been fired. In the education sector, where he works, he adds the theft of information or hacking of systems by students, which, although it does not involve direct economic damage, can lead to serious reputational problems. Also within revenge or personal harm, Lambert alludes to individual cases linked to an emotional and personal relationship, of the cyberbullying type.<\/p>\n

\u201cThese very different motivations are not mutually exclusive, as they seek different objectives,\u201d adds Alonso Garc\u00eda. \u201cWe can find them as the sole motivation or they complement each other, making cyberattacks more elaborate and complex to analyze.\u201d In other words, a person or group may have political interests but ask for a ransom to cover up their actions or seek funding; or in a context of turmoil between countries, take advantage to launch attacks that seek to profit.<\/p>\n

Cyber defense implications<\/h2>\n

At the business level, knowing the main motivations that can lead to a cyberattack is interesting for establishing a better defense and incident response strategy. Or, as Alonso Garc\u00eda puts it, \u201cto anticipate risks and respond proactively to the incident\u201d.<\/p>\n

srcset=”https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/08\/Juanjo-Nombela-1-1.jpeg?quality=50&strip=all 867w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/08\/Juanjo-Nombela-1-1.jpeg?resize=233%2C300&quality=50&strip=all 233w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/08\/Juanjo-Nombela-1-1.jpeg?resize=768%2C989&quality=50&strip=all 768w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/08\/Juanjo-Nombela-1-1.jpeg?resize=796%2C1024&quality=50&strip=all 796w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/08\/Juanjo-Nombela-1-1.jpeg?resize=541%2C697&quality=50&strip=all 541w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/08\/Juanjo-Nombela-1-1.jpeg?resize=131%2C168&quality=50&strip=all 131w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/08\/Juanjo-Nombela-1-1.jpeg?resize=65%2C84&quality=50&strip=all 65w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/08\/Juanjo-Nombela-1-1.jpeg?resize=373%2C480&quality=50&strip=all 373w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/08\/Juanjo-Nombela-1-1.jpeg?resize=280%2C360&quality=50&strip=all 280w, https:\/\/b2b-contenthub.com\/wp-content\/uploads\/2025\/08\/Juanjo-Nombela-1-1.jpeg?resize=194%2C250&quality=50&strip=all 194w” width=”796″ height=”1025″ sizes=”auto, (max-width: 796px) 100vw, 796px”>\n

UNIE. En la imagen, Juan Jos\u00e9 Nombela, director del M\u00e1ster en Ciberseguridad en la Universidad.<\/p>\n<\/div>\n

\u201cIn cyberspace, the damage is rarely just the bank account. Solutions have to take all of this into account,\u201d adds Lambert. \u201cIt absolutely changes all the paradigms and the whole response and prevention system.\u201d He gives an example: if the strategy focuses only on the technological part, everything related to cyberbullying or hacktivism can be left out. Nombela agrees that knowing the motivations can imply different defense modalities. \u201cIt\u2019s very different, from my point of view. We come back to the issue of risk analysis: What are the risks to my organization? Apart from the fact that there is always the possibility of a financial attack \u2014 which will generally come by way of ransomware, so user awareness will have to be reinforced \u2014 there are more or less common risks, such as the possibility of having disloyal staff.\u201d<\/p>\n

But the strategy to be followed will have to be reoriented or reinforced if, for example, we are working in a critical sector from a geopolitical point of view, in which, among other things, disinformation will have to be taken into account. Or if it is a highly competitive environment, where the possibility of corporate sabotage must be taken into account. Here it may be necessary to favor threat intelligence tools or information leakage prevention systems. In essence, it is a matter of \u201canticipating based on what is going on around you and anticipating. Don\u2019t be reactive, but proactive,\u201d summarizes Nombela.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

When it comes to cybercrime, the stories are often told in numbers. By 2025, it is expected to cost $10.5 trillion globally. If it were a country, its economy would rank it third globally, behind only the US and Chinese economies. Money raised through online fraud \u2014 from phishing to fake websites \u2014 has totaled […]<\/p>\n","protected":false},"author":0,"featured_media":4595,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-4594","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4594"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4594"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4594\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/4595"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4594"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4594"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4594"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}