Cybercrime and cyberterrorism trends are widely affecting any Digital Transformation domain. We need to consider cybercriminals and terrorists full stakeholders of the systems, because their business plans are evolving to take advantage of the digital transformation of the selected areas. Nonetheless, their business plans are relatively obscure, due to the increasingly mysterious ways cybercrime and cyberterrorism evolve. Moreover, Organised Crime Groups completed their migration to a business-driven approach over the past few years. Nowadays, business logic drives them like any other enterprise. By now, security professionals have internalised that it is only a matter of time until their organisation’s defences are breached, as there are always going to be undiscovered or modernised threats that can bypass them.

Key Findings

  • Today’s attacks hit either tangible or intangible assets (e.g. reputation, stocks, brand, IPR, human capital, etc…).
  • Increasingly, cyber-attacks are hitting the intangible assets as a primary target.
  • In many cases, the attacks mean to steal intangible assets only (e.g., "crowdturfing", a combination of "crowdsourcing", meaning recruiting large numbers of people to contribute a small effort each toward a big task, and "astroturfing", meaning false grassroots support).
  • Intangible assets constitute approximately 60% of an organization’s global value.
  • Modelling these attacks is difficult. Because of the relative “obscurity” of the cybercriminal attack plan, it is hard to understand the real aim of the attacker and their real intentions.
  • “Above the surface” costs of cyber-attacks are only the tip of the iceberg. They are relatively small in comparison with the overall impacts.
  • In many cases, we documented a cascading effects on losses of intangible assets.