Why do Cybercriminals Attack You?

Why do cybercriminals continue to attack? why do they do what they do? Understanding the motivation behind these cyberattacks will allow you to take the proper precautions and implement the right safeguards to protect your company, and yourself.

What are the main reasons why cybercriminals attack you?

1. Money and financial gain

Money is now the biggest reason why cybercriminals and their organized efforts have been so successful in hacking so many companies. According to a Verizon report, financial espionage activities make up 93% of the motivation for cyberattacks!

Typically, cybercriminals will try and make money in 4 main ways:

  1. Phishing
  2. Data breaches
  3. Cybercriminal’s money demands (ransomware)
  4. Denial of Service attacks

The cyberattackers will make money by getting money from the victims directly, or on the sale of their data in underground markets. A new attack hits the headlines almost daily, and a lot of money can be lost dealing with the consequences.

2. Political or social reasons

Also known as Hacktivism, this type of cyberattack involves hackers breaking into a network or system because of political or social reasons. Of course, the recent antics of the Russians in the 2016 US elections between Trump and Clinton are a perfect example! In the past, these attacks have stayed invisible, but these attacks are now easier to find for professionals!

Hacktivists’ goal is to find damaging information about the person or organization they are targeting. These hacktivists are also known to use Denial of Service (DoS) attack to stop their targets from carrying out their normal operation. Governments and political groups are often the targets of DoS attacks.

Most businesses believe that they are unlikely to be a target for this type of attack, although it is smart to be aware that the targets of this group vary widely, and if your organization has any ties to government or politics in any form, you may be a possible target!

3. For the intellectual challenge or fun of it

This type of attack comes from the individuals that are the stereotypical cybergeek sitting in his basement and wreaking havoc just for the challenge or enjoyment of it. They may even be in competition with other cyberattackers to show their expertise. While they may not have bad intentions and are often referred to as “script kiddies”, they can cause enumerable harm and leave your system vulnerable to other attackers.

For example, a massive cyberattack forced hundreds of major websites to go offline, including Twitter and Amazon and it is believed the code was so simple it could have been created by a “script kiddie”. So, do not underestimate what a high school or college kid, or other “script kiddie” can do to your cybersecurity efforts!

It's a numbers game for cyberattackers

For most hacking and ransomware operations, it’s about scale. The more computers they infect, the better the returns. The information or resources that they steal, the more valuable it is.

  • According to DATTO — a backup, recovery, and business continuity vendor — in 2016, $75 billion in expenses and lost productivity were results of ransomware alone… and $375 million in ransom was paid!
  • CNN Money reported that illegal call centers were making $150,000 a day for up to a year before being discovered. Money would be transferred by a victim of the scheme to U.S. bank accounts before being sent to India.
  • Forbes reports that $4,600 gets you access to 50,000 bots/nodes and $7,500 gets you access to 100,000 bots/nodes!
  • Internet Crime Complaint Center reports that CEO fraud yielded $5.3 billion between Oct. 2013 and Dec. 2016! Cases reported to the FBI make up only 20% of the total.

The attack on small businesses

A British insurer, Towergate, found that 82% of small businesses believe they are safe from cyberattacks. They mistakenly believe they are too small to have anything worth stealing. This is far from the truth!

There are 5 reasons small businesses are at risk:

  1. They underestimate the risk
  2. Employees are not trained on cybersecurity
  3. They often lack a dedicated IT professional
  4. They lack resources
  5. They have big customers, that criminals want to get too!

So, if you consider yourself a small to medium size business, and you feel you are completely safe, I would rethink that notion, and do everything to keep you and your customers and connections safe!


The ‘why’ of cybercriminals and cybercrime is complicated. Motivation can be multi-layered and involve many different players. The first line of defense is educating yourself on what the attacks could be, who it’s coming from, and then align yourself with a trusted IT company so your cybersecurity programs truly keep you safe!