I find it very interesting when cybersecurity news enters mainstream media and shows up in an unlikely place. A case in point is a recent article in Popular Mechanics about the gigantic size of the underground economy. 

The article titled “A Catastrophic Mutating Event Will Strike the World in 2 Years, Report Says” by journalist Tim Newcomb recently popped up on my feed. Wow! Talk about an eye-catching headline found on a website that also discusses the best drill bits and electric toothbrushes. This is not the headline I would expect from Popular Mechanics.

The article, which is rather well written, essentially references a portion of the presentation recently unveiled at the 2023 World Economic Forum (WEF) in Davos, Switzerland, in which WEF managing director Jeremy Jurgens highlights the 2023 Global Security Outlook, and he does not pull any punches. He states that “93 percent of cyber leaders, and 86 percent of cyber business leaders, believe that the geopolitical instability makes a catastrophic cyber event likely in the next two years. This far exceeds anything that we’ve see in previous surveys.”

The article references the global response to COVID-19, and points out that a significant global equivalent of a digital pandemic (a phrase I like to use) would have a far more catastrophic outcome. Jurgens’ predictions connect with a previous blog I wrote about black swan events in cybersecurity. I’ll revisit this topic in the next week’s blog to discuss what you can do to be better prepared.

The article gets more interesting as one reads on. The part that blew me away was where Edi Rama, Albania’s prime minister, states that “the growth of the cybercrime industry — from $3 trillion in 2015 to an expected $10.5 trillion in 2025 — means that if cybercrime was a state, it would be the third largest global economy after the U.S. and China.”


Now we all know cybersecurity issues are a growing problem. It is a massively growing problem, but even I, who lives and breathes cybersecurity, had no idea it was this big, and nothing seems to be slowing it down. The size of the cybercrime based economy is growing at an estimated annual rate of 15%. Cybercrime has become very organized over the last decade, and it’s clear why that is the case. Money talks, and this amount of financial incentive is staggering. 

As we all know, it is not just people having fun “owning” someone’s system. Cybercriminals don’t go only after big targets, but they also now do enough covert research on enterprise systems so they can determine precisely what the payout will be. It has reached the point where it makes sense for an investor with a criminal mindset (e.g., a cartel) to speculate and be almost guaranteed a substantial return on investment. 

I still wonder - as many cybersecurity professionals do - what it will take to persuade organizations to get more serious about addressing cybersecurity. While cybercrime continues to grow at an alarming rate, there are steps that organizations can take to mitigate the risk. 

Embracing early warning systems can provide crucial alerts about potential cyber-attacks, allowing organizations to act before significant damage occurs. Conducting regular vulnerability assessments and penetration testing can help identify and address cybersecurity risks, while addressing known vulnerabilities through prompt patching and updates can prevent cyber attacks from exploiting these weaknesses.

Still, one thing is sure, if something does not change substantially very soon, we will be reading about the errors of our ways in every major and minor publication in the world…unless, of course, cyberattackers manage to shut those down as well. A 10 trillion dollar underground economy with no scruples simply can not be ignored.

Latest news