Cybersecurity

Cybercrime is increasingly complex. Here's how data awareness can help

Beyond financial costs, the impact of cybercrime on businesses and people is significant

Beyond financial costs, the impact of cybercrime on businesses and people is significant

Image: REUTERS/Kacper Pempel

This article is part of: Centre for Cybersecurity
  • The increasing sophistication of cybercrime, such as ransomware and AI-powered cyberattacks, brings substantial financial costs and disruptions to global businesses and economies.
  • Personal data enables cybercrime, yet securing data remains a significant challenge for cyber leaders, who face competing priorities.
  • Effective resilience and recovery practices, such as defining a minimum viable company (MVC) and modernizing infrastructure, are essential for minimizing business disruption and ensuring rapid recovery after a cyberattack.

The 2025 Global Cybersecurity Outlook (GCO) identifies several challenges facing security professionals and executives in addressing cyber risks. A major concern is the increasing sophistication and industrialization of cybercrime, which significantly impacts the global economy.

Ransomware is named by 45% of executives as the top cyber risk, followed by the rapid growth in cyber fraud (named by 20%). Beyond financial costs, the impacts on businesses and people are significant.

It seems a day cannot pass without news of another major data leak, often involving a major company. Data breaches have skyrocketed in the last decade, rising to 10,626 confirmed breaches in 2023 – double the number of breaches in 2022.

Cybercriminals’ increased interest in healthcare records is of particular concern. In 2024, more than 180 million healthcare records were breached in the US, affecting 53% of the population. According to reports, healthcare records are now considered 10 times more valuable than credit cards. Just consider the amount of verified personal data embedded within healthcare records – a crucial enabler of cybercrime.

How data underpins and fuels the evolution in cybercrime and fraud

Personal data acts as a critical enabler of cybercrime in three ways:

  • Initial access: Threat actors use personal data and credentials from data leak sites for entry, often exploiting exposed infrastructure from legacy or shadow IT, sometimes originating from third-party sites.
  • Lateral movement/privilege escalation: Adversaries target privileged users, using compromised data to escalate privileges. Criminals might seek specific data or financial access based on the account that has been compromised.
  • Monetization: Criminals profit through data extortion, ransom payments and reselling compromised data. Sensitive or hard-to-acquire data can fetch higher pay-outs, especially where business disruption carries a wide-reaching societal impact.

Today’s cybercriminal tactics, techniques and procedures seem to confirm this trend. Historically, ransomware actors would seek a rapid move to payment by gaining network access, locking machines and demanding ransom. Nowadays, their choice of targets reflects the focus on data and deep network access to facilitate the pursuit of the most sensitive data, while simultaneously degrading the ability of organizations to recover as a means of forcing ransom payment.

Although data security is a hot topic, it is also a challenging topic for cyber leaders. First, it is competing with other priorities, such as coping with a rapidly expanding attack surface from new technology adoption. For example: only 37% of companies surveyed in this year’s GCO report have a process in place to assess the security of AI tools before implementation.

Second, even though data security, “crown jewel assessments” to identify an organization's most important digital assets and data management are common topics in security, security leaders are not always directly accountable for data security. It’s frequently a responsibility that sits with other important business leaders.

Security focuses on protecting the infrastructure, networks and access methods supporting this data. Yet, the underlying target when attacking these areas – and frequently a pre-requisite to the success of the attack – is the data that allows those attacks to be monetized.

Just 37% of companies surveyed in this year’s GCO report have a process in place to assess the security of AI tools before implementing
Just 37% of companies surveyed in this year’s GCO report have a process in place to assess the security of AI tools before implementing Image: 2025 Global Cybersecurity Outlook

Best practices to combat business disruption and build resilience

The principles and best practices of resilience and recovery have not significantly changed even as technology has rapidly advanced. These practices continue to emphasize the importance of having a backup, developing a recovery plan and conducting tests. This principle assumes highly available infrastructure, which is what today’s attackers aim to destroy along with their exfiltration of data.

As attackers use increasingly sophisticated tools to breach and exfiltrate data, cyber leaders recognize that the fundamentals of resilience must evolve from critical backup recovery to enabling a company to rebuild itself in time. Here’s how:

1. We need to understand that traditional disaster recovery focuses on applications, while cybercriminals attack and disrupt businesses at the infrastructure level

With cybercriminals using novel methods to breach and attack, the concept of recovery has become outdated. Complex attacks on infrastructure undermine assumptions for disaster recovery. For instance: how do you deploy a backup when the attacker is still present on your network? Organizations that are open to rebuilding new infrastructure – instead of recovering existing setups – can rebuild in a new environment more quickly as they don’t have to deal with a threat actor and attempt to recover in the same space.

2. Ask the question: If my company is deleted, what do I need to rebuild on day one to minimize the impact on my customer?

Business impact assessments traditionally focus on identifying the most critical processes, often putting a narrow focus on sources of revenue generation rather than the core elements essential for a business to operate. This concept, the minimum viable company (MVC), can be understood as a set of functions that create and distribute either a product, service, or functionality to customers or citizens. In the fog of a cyberattack, having these defined gives recovery teams a solid first step and a place to start the tedious task of rebuilding a company in the aftermath of a breach.

3. Agreeing a minimum viable company, including stakeholder interactions and supporting infrastructure, can help reduce recovery time significantly

As companies move to the cloud, modernize legacy systems and adopt new technologies, infrastructure becomes more complex and harder to manage, protect and recover. An additional benefit to defining an MVC is the opportunity for enterprise-wide alignment on the core functions an entity needs to operate, more focused investments and ultimately more confidence in corporate processes. This approach to recovery places increased emphasis on the functions and data that bad actors are likely to target, enabling a secure-by-design approach to recovery and reducing complexity for defenders.

Discover

How is the Forum tackling global cybersecurity challenges?

Trends indicate that the growth of cybercrime and fraud is likely to continue with criminal groups using their experiences to enhance these attacks at scale. Data will play a critical role in how such attacks are both carried out and monetized. To defend against such activities, organizations should consider implementing effective mechanisms to maintain resilience against these threats and facilitate rapid business recovery, even while addressing ongoing threats.

This article was written with contributions from Ryan Whelan and Rouzbeh Hashemi.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Share:
World Economic Forum logo

Forum Stories newsletter

Bringing you weekly curated insights and analysis on the global issues that matter.