One reason cybercrime appears to get worse every year is because hackers continually shift their tactics and cannily adopt new technologies. It happened with cryptocurrencies and the malicious code known as ransomware. Now it’s happening with artificial intelligence.
In November, Anthropic PBC disclosed that a suspected Chinese state-backed hacking group had manipulated the AI startup’s Claude large language model to orchestrate attacks on about 30 targets worldwide. The company said the campaign, which succeeded “in a small number of cases” was the first documented case of a large-scale cyberattack executed without substantial human intervention.
Cybersecurity firms are also busy adopting AI to better shield clients from hackers. Some $213 billion was devoted to protecting computer networks in 2025, up 10% from 2024, according to research and advisory firm Gartner. Yet for all the investment in firewalls, data security and access management, there’s little to suggest cybercrime is on the retreat. It’s still a relatively low-risk business considering the potential rewards, and AI is making it easier — and faster — to execute.
So forget about just remembering a password. Better to use a password manager that generates a complex password, even if it’s difficult to memorize, and some type of multifactor authentication on top of that. And beware of the familiar sounding voice on the phone asking for your login details.
Why are there so many cyberattacks?
Most hackers are in it for the money, and there’s a lot of it to be had. The introduction of ransomware in the late 1980s and cryptocurrency a decade later allowed criminals to attack the network of any organization that had valuable data at little risk to themselves.
They often demand payment in Bitcoin or another cryptocurrency as the money can be sent quickly across borders and is generally difficult to trace as it bypasses the regulated banking system. This has encouraged the emergence of hacking collectives in countries beyond the reach of Western law enforcement.
As more people and companies move their activities online, hackers have more opportunities to cause harm, a problem compounded by the introduction of technologies such as internet-of-things devices and generative AI. Energy utilities, for example, have expanded computer networks to monitor and control more equipment in real time so they can ensure a reliable supply of power. This has created new entry points for hackers to potentially disrupt their operations.
Many companies and institutions have shifted their data from inhouse servers to cloud platforms, in part to lower computing costs. The cloud is generally seen as more secure than having a patchwork of proprietary data systems. But conversely, flawed updatesBloomberg Terminal, critical software vulnerabilities or misconfigurations in the cloud may lead to disruptions that can be more widespread.
Who is behind cyberattacks?
A lot of cyberattacks can be traced back to groups of hackers, often based in Eastern Europe, who have created a profitable and enduring business model known as ransomware as a service.
Ransomware is a type of malicious code that infects victims’ computers and encrypts them, rendering them useless. In order to unlock the machines, the hackers demand a payment. Or they steal the data and threaten to publish it unless the victim pays up. Sometimes they do both.
The developers of the ransomware often lease the malicious code to others, known as affiliates, who then kick back a share of the illicit profits.
One especially prolific group of hackers known as Scattered Spider used social engineering tactics — tricking someone rather than exploiting technical vulnerabilities — to penetrate computer networks. They called help desks, pretended to be employees and convinced them to turn over passwords.
Scattered Spider, a group of young people based in the US and UK, is accused of dozens of hacks against companies including MGM Resorts International, Clorox and London’s public transport system. Two members were arrested last year for an attack on Marks & Spencer that resulted in a roughly £300 million hit to the British retail giant’s operating profit. The US Department of Justice accused Scattered Spider of at least 120 attacks worldwide, resulting in $115 million in ransom payments.
Some hackers operate on behalf of governments that employ them to spy on adversaries and steal valuable information. Russia and China are generally considered the most formidable state sponsors of cyberattacks targeting the US and Western Europe, with China amassing a large and increasingly sophisticated army of hackers. US officials have accused China of stealing economic data, military secrets and the personal information of almost all US citizens. (China and Russia have repeatedly denied hacking allegations, and China in particular has accused the US of waging its own cyberattacks on adversaries).
Other major cyber powers besides the US, Russia and China include Israel, North Korea and Iran. Building a team of hackers is seen as a relatively inexpensive way for a country to attack enemies, one that typically doesn’t trigger a lethal response. Some nations do it as a way to undermine their adversaries, others to raise cash. North Korean hackers stole more than $2 billion in cryptocurrency in 2025, a 51% increase from the prior year, according to the blockchain research firm Chainalysis.
Who is winning — the hackers or the cybersecurity community?
That depends on how you measure it and who you ask, since there isn’t very good, centralized data about cyberattacks. But while the number of attacks ebbs and flows, the general trend has been upward.
Some of the data on ransomware, for instance, comes from cybersecurity companies whose knowledge is often confined to their own customer base. Others monitor the dark websites of hacking gangs, who commonly post the names of their victims, to gauge the volume of attacks — not the most reliable source.
The volume and severity of cyberattacks can also vary by region. For instance, South Korea experienced a surge in 2025, while British retailers were targeted with a series of hacks in the first half of the year.
In terms of the money being extorted, the hackers may be in retreat. Chainalysis found the total value of ransom payments fell by 35% in 2024, which it attributed to more effective law enforcement and a greater willingness among victims to stand their ground and refuse to pay.
Get the Tech Newsletter bundle.
Get the Tech Newsletter bundle.
Get the Tech Newsletter bundle.
Bloomberg’s subscriber-only tech newsletters, and full access to all the articles they feature.
Bloomberg’s subscriber-only tech newsletters, and full access to all the articles they feature.
Bloomberg’s subscriber-only tech newsletters, and full access to all the articles they feature.
Bloomberg may send me offers and promotions.
Plus Signed UpPlus Sign UpPlus Sign Up
By submitting my information, I agree to the Privacy Policy and Terms of Service.
Whether this can be sustained isn’t clear. AI developer Anthropic said the barriers to performing sophisticated cyberattacks have fallen substantially and will continue to do so. Hackers can use AI systems “to do the work of entire teams of experienced hackers: analyzing target systems, producing exploit code and scanning vast datasets of stolen information more efficiently than any human operator,” the company said.
Can anything be done?
There’s no guaranteed protection against hacks, but experts say using basic cyber hygiene can prevent many of them. That means using strong passwords, regular software updates and multifactor authentication, among other security practices. Passwords alone just aren’t enough anymore, in part because many people reuse simple and obvious ones. Hackers have also found various ways to breach them. Adding those additional security measures can stop all but the most dedicated or sophisticated hackers.
Companies can prevent, or at least reduce, social engineering attacks by requiring additional verification before providing information such as login details and drilling employees on how to spot such attacks. Red flags include callers who ask for sensitive information or who demand that the employee act urgently. Consumers can help avoid becoming the victim of a social engineering attack by being wary of suspicious texts or emails, particularly those with attachments, and confirming that a phone call seeking money — even from a relative or friend — is genuine before sending cash.
Cybersecurity officers at most major companies now assume their defenses will be breached at some point, so their focus is on being able to spot an attack fast and fix it before it can cause too much disruption. That means most companies now have an incident response plan in place detailing how to contain the damage as quickly as possible. Limiting access to the most critical data and systems can also mitigate the impact of a breach.
Most, if not all, major cybersecurity companies are using AI to enhance their security products, and the technology is speeding up and improving their ability to identify potential threats. It’s too soon to know which side will gain the long-term advantage.
Is hacking impacting the economy?
Yes, though measuring this is a bit of an inexact science. A 2018 report from the Center for Strategic and International Studies and McAfee estimated the annual cost of cybercrime at $600 billion — and it has become significantly worse since then. In the UK, cyberattacks cost about 14.7 billion pounds ($19.8 billion) a year, equivalent to 0.5% of the country’s economic output, according to a report from the Department of Science, Innovation and Technology.
Read more on Bloomberg Business
