How diverse are cybercriminals?

Insights, inspiration and exclusive interviews with the global Black Hat MEA community – in your inbox every week. 

This week we’re focused on…

Diversity among cybercriminals. 

Why? 

Because we talk about the importance of diversity in the cybersecurity industry all the time. But we don’t talk about what diverse threat actors mean for cyber resilience. 

The Hollywood hacker trope looks like a young man in a hoodie, hunched over a laptop in a dimly lit room. But that’s not the reality of cybercrime today. In recent years, more data has emerged about who cybercriminals really are. They come from everywhere – across age groups, genders, countries, socio-economic classes, and cultural backgrounds. 

For practitioners, that diversity complicates efforts to understand hacker mindsets. Because different threat actors have different drivers; and if we want to build a resilient future, we need to be able to understand them on a case-by-case basis. 

A global threat landscape 

Cybercrime is an international business. According to the World Cybercrime Index (developed by researchers at Oxford University), just six countries dominate the global cybercrime stage: Russia, Ukraine, China, the United States, Nigeria, and Romania. These nations lead both in technical skill and in the global impact of their criminal activity. 

But threat actors aren’t confined to these hotspots. Emerging trends suggest significant activity coming from countries including Ghana, Bangladesh, and Vietnam as well. What unites many of these regions is a blend of digital access, economic disparity, and in some cases, weak enforcement or even government tolerance.

Take Ghana, for example, where a subculture known as sakawa blends cyber fraud with ritual practices. Typically involving young, unemployed urban men under 30, sakawa is as much about social status and community pressure as it is about money. For cybersecurity practitioners, this use of spiritual rituals for digital crime is a reminder of how important local culture and context are in understanding threat behaviour. 

Are threat actors gender-diverse?

Cybersecurity is working towards greater gender diversity; and cybercrime is doing the same. 

According to a Trend Micro study, about 30% of participants in cybercriminal forums identify as women. While male hackers still make up the majority, it appears that the gender gap is smaller in underground communities than in professional cyber roles. 

Why is that? 

Well, it could be partly because on anonymous forums, status is earned by skill – not by identity. And the ability to hide behind usernames and avatars means hackers can operate free of many of the biases that might hold them back elsewhere. This makes it more likely that women and gender-diverse individuals find a foothold in these spaces.

This has direct implications for defence, because incorrect assumptions about attacker demographics could leave gaps in your threat modelling.

From teenagers to seasoned pros 

Some cybercriminals have been executing complex attacks for years; and sophisticated ransomware groups are both technically skilled and highly educated on business strategy. 

But a growing number of malicious hackers in some markets are teenagers. 

In the UK, the National Crime Agency (NCA) has repeatedly warned about ‘teenage hackers as a significant threat’, often motivated by boredom, peer prestige, or financial gain. Groups like Scattered Spider have recruited teenagers as young as 17 to carry out social engineering campaigns and infrastructure attacks. And many of these younger hackers collaborate with more experienced international actors via platforms like Discord or Telegram. 

In the US, FBI data shows the average age of cybercrime arrests is just 19 years old – compared to 37 for other crimes. 

This represents a serious challenge. Because unlike traditional criminal careers that develop slowly, a teenage hacker can go from pre-made scripts to serious threat in a matter of months.

The role of socio-economic background 

There’s often a social or economic reason behind cybercrime participation.

In lower-income regions, for example, access to technology mixed with a lack of economic opportunity might push people towards cybercrime as a viable income source. Global studies like the World Bank’s exploration of cybersecurity economics in emerging markets show that higher levels of digital infrastructure in low-income regions are strongly associated with increased cybercrime rates. 

If digital infrastructure is available, but positive opportunities within that infrastructure are not accessible, then the door is open to illicit use. 

This doesn’t mean that all threat actors come from low-income backgrounds. But it’s important for cybersecurity leaders and practitioners to recognise the economic drivers behind criminal activity; and when hacking can offer a route to a better life, that’s strong motivation to develop skill and execute attacks. 

Why does diversity make cyber defence harder?

We’re constantly speaking to cybersecurity leaders who know that diversity within the industry makes security stronger. 

When we interviewed Sam Curry (CISO at Zscaler), he said that cybersecurity wants everyone and every perspective:

“It’s not just the right thing, but it is a competitive advantage because we have human adversaries. That means gender, religious, ethnic, neurological and every other form of diversity enriches us, and it’s not just for technical people!”

But this works the other way around as well. Diversity among threat actors makes it harder to predict their behaviours and get ahead of the next attack – because they’re motivated by different backgrounds and goals. 

For cybersecurity practitioners, this means we mustn’t rely on assumptions. Malicious hackers aren’t always who we think they are. They might be older or younger, a different gender, working alone or as part of a global syndicate; and their motivations might be financial, ideological, or cultural. 

We have to take this into account when we build defences; otherwise we risk creating systems that are ignorant to how diverse attackers actually operate. 

Within cybersecurity, we’re constantly talking about the human factor in 2025. So let’s make sure we talk about the human factor among attackers too.