4 steps towards creating an international agency against cybercrime

Recent cyber events that transcend borders – from breaches of government institutions to ransomware attacks crippling critical infrastructure – are increasingly taking centre stage in global conflict. Such disruption highlights the urgent need for a unified global alliance; while intelligence-sharing networks like Five Eyes and global institutions like the United Nations (UN) have historically played a role in international warfare, they are not sufficient to address the scale, complexity and speed of modern digital threats. A strong stance and a focused strategy is needed to address the problem of global cybercrime.

One of the biggest challenges in cyberspace is that it is generally hard to know where national security ends and criminal activity begins. Cyber incidents can be acts of large-scale industrial espionage, national defense strategies, military operations or simply profit-driven crime. The good news is that debates about cyberwarfare, offensive capabilities and threats from nation-states are ongoing. The bad news is that these conversations are deeply political, and therefore they are unlikely to lead to global consensus any time soon.

What the world can agree on right now is that cybercrime is out of control and must be urgently addressed. In 2021, a ransomware attack crippled Ireland’s national health system, forcing the cancellation of appointments and surgeries, and leading to patients’ records being leaked. In 2022, Conti malware was used to infiltrate 27 government institutions in Costa Rica, including municipalities and state-run utilities, and demand tens of millions of dollars in ransom. In 2024, the ransomware attack on UnitedHealth-owned health tech company Change Healthcare resulted in the largest data breach of health data in US history, impacting approximately 190 million Americans. All of these, as well as hundreds and thousands of other cybercrime events, have endangered lives, led to the theft of billions of dollars and exposed just how vulnerable our digital infrastructure really is.

Unlike cyberwarfare and nation-state attacks, which often trigger debates about national security, sovereignty and how to attribute responsibility, cybercrime offers a more clear-cut path to international cooperation. With the exception of North Korea, which relies on cybercrime to fund its budget and evade international sanctions, other countries generally draw a line between cybercrime and national security interests – which makes tackling the problem a much more realistic goal.

One of the biggest barriers to effective enforcement is disagreement over what is and isn’t a crime in cyberspace. Some countries consider spyware vendors national assets, while others view them as criminals. Some harbour ransomware gangs as long as they don’t attack domestic targets, while others invest a lot of resources into bringing them to justice.

Without establishing a global agreement over what is acceptable in cyberspace and what is not, it is hard to move forward with discussing enforcement. Building on top of the work by Partnership against Cybercrime (PAC), a globally recognized legal definition of cybercrime could include attacks on hospitals, emergency services, airports and public utilities, ransomware, digital extortion, financial fraud, phishing, and identity theft at scale, as well as operation of criminal infrastructure such as botnets and dark web marketplaces.

By defining what’s off-limits, the international community can begin enforcing consequences regardless of who is behind the keyboard. In cyberspace, impact matters more than attribution, especially given that proving who is behind any single attack can be incredibly hard. When this proof is available, there should be a clear path to hold cybercriminals accountable.

The fact that cybercriminal organizations operate beyond national borders begs for a multinational approach to law enforcement and policy coordination. Since none of the existing international organizations and alliances – be it the UN, NATO, or Five Eyes – are able to address the problem holistically and effectively, there is an urgent need for an institution that can close the looming gap.

At the same time, over the past few years we’ve seen compelling examples of international cooperation successfully dismantling cybercrime and ransomware groups. Agencies like the FBI, Interpol and the UK’s National Crime Agency, working alongside law enforcement from countries including Canada, Germany, France, Spain and Ireland, have demonstrated that cross-border collaboration can be a powerful force in holding cybercriminals accountable. From Hive in 2023, to Radar/Dispossessor and LockBit in 2024, the work of criminal gangs has been disrupted by collaborative efforts of law enforcement agencies spanning countries and continents.

We have the opportunity to build on this momentum and turn successful joint operations into the foundation for more permanent and structured collaboration. While ad-hoc cooperation has proven effective, it's not enough to match the scale and speed of today’s cyberthreats. It is time to formalize these efforts through the creation of an International Cybercrime Coordination Authority (ICCA), a standing alliance of nations committed to coordinated enforcement, intelligence-sharing, legal harmonization and joint disruption of cybercriminal infrastructure. By formalizing international cooperation around cybersecurity, we can move from reactive case-by-case responses to a proactive, global strategy to combat cybercrime at scale.

In order to stop safe havens like Russia, we need to standardize extradition laws for cybercriminals and strengthen Interpol-led cybercrime enforcement. Without consistent international cooperation, threat actors will continue to exploit jurisdictional loopholes, operating with impunity from nations that refuse to prosecute or extradite them, or worse yet actively encourage and support their activity. A unified legal framework, combined with real consequences for harbouring cybercriminals, would enable us to disrupt ransomware gangs and international cybercrime groups.

The safe havens are unlikely to be addressed through confrontation, but it can be done through leverage. The ICCA would push to standardize cybercrime extradition laws, simplify digital evidence-sharing procedures and impose collective penalties (financial or diplomatic) on nations that refuse to cooperate or actively harbour offenders. While we won’t eliminate safe havens overnight, coordinated legal frameworks and pressure mechanisms can reduce their effectiveness and raise the cost of harbouring digital criminals.

Just as poverty and weak governance have historically created breeding grounds for crime, the same dynamics are now enabling cybercrime to thrive. In countries where skilled people have access to the internet but no ability to find gainful employment, where local authorities lack the ability to prosecute cyber offences, and where digital infrastructure lacks effective oversight, cybercrime becomes an attractive, low-risk, high-reward path to making a living. Not only do these circumstances create perfect environments for individual cybercriminals and criminal gangs, but they also give rise to entire ecosystems, such as ransomware-as-a-service platforms and money-laundering networks.

While the US has spearheaded efforts to boost cyber programmes both through development assistance and offensive security, we must now recognize that digital poverty and weak cyber governance create a threat to global security and need a coordinated international approach. Without the right support mechanism and effective intervention, many regions risk becoming safe havens and launchpads for global cybercrime.

Cybersecurity is sadly an inherently political issue given the rampant use of cyber tools by state and non-state actors for espionage, military and disinformation purposes. Cybercrime, on the other hand, is a non-political problem, and something that should be high on everyone’s agenda regardless of where they live or their personal beliefs and convictions. The four steps outlined here are not easy, but they are necessary if we want to secure our increasingly more digitized economy from bad actors.