On 19 September, several European airports experienced flight delays and operational issues after their check-in and boarding systems were hit by a cybersecurity breach, causing disruption for thousands of travellers over several days. This incident, along with a string of other significant attacks in recent years, reflects the broader reality that cybercrime has grown in scale and reach, with no signs of slowing down.

In 2023, the Global Organized Crime Index introduced cyber-dependent crimes as a new criminal market indicator, defined as crimes that depend on the use of information and communications technology. Although these types of crimes were far from the most prevalent criminal markets measured in that version of the Index (with a global average score of 4.55 out of 10), recent developments suggest they may be among the fastest growing.

In 2024, a US cybersecurity company revealed that over 30 000 vulnerabilities were disclosed globally that year, a 17 per cent increase from previous figures. The UK reported a threefold increase in major cyberattacks compared to 2023, while India recorded a surge in cyber incidents, rising from nearly 86 000 in 2019 to almost 205 000 in 2023. This upward trajectory continued in 2024, making India the second most targeted country in the world in terms of cyberattacks.

The World Cybercrime Index identified other geographical hubs for this criminal market. Russia, North Korea, Ukraine and China faced some of the highest levels of cybercrime threats in 2024, a trend also reflected in their poor rankings for cyber-dependent crimes in the 2023 Global Organized Crime Index. Although less visible for lack of violence, cyber-dependent crimes are a mounting threat globally. With worldwide cybercrime costs projected to reach US$10.5 trillion annually by the end of 2025, it is critical that countries develop more robust cybersecurity measures.

Efforts to combat cyber-dependent crimes are advancing through a variety of initiatives. In November 2024, for example, INTERPOL and AFRIPOL launched an Africa-wide operation that resulted in over 1 000 arrests and the dismantling of more than 134 000 malicious networks and infrastructures. Meanwhile, the World Bank has focused on capacity building, providing developing countries with assistance to strengthen their cyber resilience.

Some countries are also strengthening their own cybersecurity frameworks, with varying degrees of success, as reflected in their Global Organized Crime Index scores. From Germany to South Africa, a number of countries have improved their cyber resilience by updating legislation, implementing strategic plans and investing in international cyber cooperation to secure critical infrastructure against increasingly sophisticated cyber threats.

At the forefront of the global push to combat cybercrime is the UN Convention against Cybercrime. Adopted by the UN General Assembly in December 2024, the new treaty aims to enhance global cooperation against cyber threats. It criminalizes a broad range of cybercrimes and requires countries to improve their digital investigative and enforcement capabilities. However, the convention also highlights the complex reality of how states respond to digital threats, showing that the ways in which countries address these dangers can have significant real-world consequences. Although the convention is celebrated for providing tools to combat serious online offences, it has also drawn widespread criticism for lacking robust, enforceable human rights safeguards.

Failing to protect rights such as privacy, the right to a fair trial, non-discrimination and freedom of expression opens the door to abuse, turning cyber legislation into a potential tool for repression rather than a means of protecting people against cybercrime. This is particularly risky when most safeguards depend on national legislation in countries with weak institutions, high levels of corruption and poor records of respecting international standards.

Human rights organizations have already begun to highlight that broad and vague provisions risk enabling states to misuse cyber laws to suppress dissent, surveil activists and journalists, and thus turn legitimate online expression into a crime. In 2024, for example, Amnesty International warned that Jordan’s 2023 Cybercrimes Law had resulted in the arbitrary detention and unfair trial of critics, journalists and activists. ‘Under the pretext of protecting the digital space, Jordanian authorities have escalated their blatant assault on the rights of freedom of expression, association and peaceful assembly,’ said Amnesty’s deputy director for the Middle East and North Africa.

Even more concerning is the case of Myanmar, where recent cybersecurity legislation has granted the military broad control over digital spaces, enabling the targeting of dissenters and the implementation of surveillance, censorship and severe penalties. In Türkiye, a proposed cybersecurity law aimed at bolstering national security has also raised concerns due to its vague wording, which could criminalize legitimate journalism and reporting. 

In addition to the challenges of safeguarding human rights, many countries face obstacles that hinder their ability to bolster their resilience to cybercrime. The rapidly changing nature of cybercrime makes it difficult for the authorities to keep pace with emerging criminal activity. Many agencies depend on outdated IT systems with inadequate security features, creating vulnerabilities caused by incompatibility with new technologies. For instance, the UK government has invested billions and created bodies such as the National Cyber Security Centre, yet a 2025 National Audit Office report highlights that many government departments remain vulnerable, with dated IT systems and skills shortages undermining resilience efforts.

Complex regulatory and organizational frameworks further complicate the implementation of cybersecurity efforts, as weak oversight mechanisms and fragmented responsibilities reduce governance and accountability. Some governments also lack the monitoring and evaluation frameworks needed to effectively assess their security in relation to threats, resulting in slow progress and persistent weaknesses. In addition, budgetary constraints limit investments in advanced technologies, skilled personnel and ongoing training, leaving many agencies under-resourced.

The battle against cyber-dependent crimes is an ongoing struggle. Although large-scale disruptive attacks are still the exception rather than the norm, cybercrime is moving fast. The recent European airport ransomware attacks are another reminder that such cyber intrusions can continue to happen, and with worsening consequences. Although the efforts made so far are a start, they are not enough to tackle this expanding criminal market, and the road ahead is complex. Overcoming the challenges will require sustained national commitment and continuous investment in international cooperation and technological development.

This analysis is part of the GI-TOC’s series of articles delving into the results of the Global Organized Crime Index. The series explores the Index’s findings and their effects on policymaking, anti-organized crime measures and analyses from a thematic or regional perspective.