.
Image: Getty Images
Cybercrime is a serious threat to the global economy, destroying livelihoods, sowing distrust, and undermining growth. One forecast has it costing more than $15 trillion annually by the end of the decade. If so, only the GDPs of the U.S. and China are bigger.
There’s cause for hope, though. As cyberthreats evolve, innovation is meeting the challenge. New solutions are leveraging AI, real-time threat intelligence, collaborative networks, and advanced authentication technologies.
Consider the figures. Malicious bots may now account for a third of internet traffic. AI-generated phishing attacks have multiplied tenfold in just a year, and a quarter of cryptocurrency transactions are due to criminal activity. In some parts of the world, entire cities have been drawn into the scamming industry, while a black market in stolen data and hacking tools is tightening its hold on the dark web. Here are four reasons digital crime is booming:
More connected devices, interdependent systems, and endpoints mean a more exposed digital ecosystem. In the U.S., the number of cyber-vulnerabilities catalogued in the National Institute of Standards and Technology database increases yearly, currently standing at over 315,000. Due to a backlog, over 25,000 of those vulnerabilities currently await processing.
AI is rapidly scaling cybercrime by enhancing attacks with increasing sophistication. Chief information security officers are reporting a surge in AI-driven criminal phenomena—deepfake fraud has quadrupled in a year, for example. The rapid introduction of AI to the workplace is also creating vulnerabilities. The World Economic Foundation reports that most organisations have no process in place to assess the risk of this transformation.
The boom is accompanied by a burgeoning industry in tools and services that are lowering the barriers to entry for aspiring cybercriminals. Most cyberthreats are now generated by off-the-shelf toolkits that sell for as little as $25 on the dark web. Recent high-profile attacks on UK retailers were facilitated by the ransomware-as-a-service platform DragonForce.
AI helps money launderers scale their operations with remarkable efficiency, automating complex transactions across accounts and jurisdictions. According to the United Nations Office on Drugs and Crime, the amount of money laundered each year is equivalent to 2-5% of global GDP. Earlier this year, the world’s biggest crypto heist saw $1.5 billion stolen and laundered within minutes, using thousands of accounts across multiple blockchains and cryptocurrencies.
The good news is we’re seeing unprecedented levels of innovation in cybersecurity and fraud prevention. Four trends stand out.
The demand for real-time automated threat intelligence is surging as companies offer services leveraging AI to predict and mitigate risks. Threat intelligence platforms enhance decision-making by correlating vast amounts of data about emerging threats, attack methodologies, and vulnerabilities. Threat intelligence encompasses malware analysis, vulnerability assessment, and malicious actor monitoring on both the surface web and dark web.
Cybersecurity is evolving from reactive threat mitigation to autonomous, proactive defence systems that leverage agentic AI to predict, detect, and neutralise threats before they cause damage. Automated security tools continuously analyse network traffic, endpoint activities, and system behaviour to identify anomalies indicative of cyberattacks. These solutions can examine the parties in a financial transaction and assess risk for the likelihood of scamming or other criminality. It can also map those behaviours and relationships to high-risk or suspect accounts, all within a second. This gives banks the opportunity to block payments before they leave accounts.
advertisement
Collaboration is increasingly becoming the norm, with organisations forming alliances to exchange threat data, fraud news, insights, best practices, and defensive techniques, strengthening collective resilience against cyberattacks. Trust networks using privacy-enhancing technologies are one way of ensuring that intelligence sharing is configured for specific activities, such as fraud or identity theft, without sharing underlying data. Another model for sharing insights, not data, is federated learning. One estimate says the market for these platforms, which use privacy-enhancing technology to improve fraud detection accuracy, will double by the end of the decade.
The commoditisation of personal data, fueled by dark web marketplaces and AI-driven fraud tactics, is being met by innovation in identity verification and authentication. Continuous, or always-on, authentication offers dynamic security in a rapidly changing threat environment. It leverages behavioural analytics, biometrics, and identity networks to determine on a rolling basis whether devices and users should be trusted. Meanwhile, tokens and passkeys have become the twin turbo of fraud prevention, minimising the exposure of sensitive data while creating new opportunities for exchange.
Cybersecurity is often cast as an arms race, in which threat and response evolve in tandem and in tension. Even as emergent technologies create new opportunities for cybercriminals, they’re offering more effective ways of thwarting them. Agentic AI, real-time threat intelligence, behavioural analytics, and advanced identity technologies offer the prospect of a cybersecurity that’s smarter, faster, and more resilient. This means countering autonomous threats with more vigilant agentic defences. It means countering identity fraud with smarter verification and money laundering with more discerning intelligence. That’s how we turn a string of scary headlines into a healthy digital ecosystem.
Ken Moore is the chief innovation officer at Mastercard.
FAST COMPANY