Organized crime groups are weaponizing cyberspace more than ever before, with staggering costs and consequences that continue to grow. To stop 21st century cybercriminals, we need countries to sign up to the new UN Convention against Cybercrime now.
Organized crime has long been one step ahead of law enforcement. Modern transnational organized crime groups are dynamic and increasingly decentralized, operating through flexible structures across borders while making and laundering vast profits.
Cybercrime has given organized crime groups an exponentially greater advantage.
Thanks to technology, crime groups can operate from the city or country where they are least likely to get caught and carry out operations in the places they are most likely to profit, faster than ever before, at a scale previously unimaginable.
Cybercriminals exploit digital systems through malware, ransomware and hacking to steal money, data and other valuable information. Or they use technology to facilitate other “traditional” crimes, like trafficking, money laundering and fraud. And they are selling code and services to the highest bidders.
Online child sexual exploitation through social media, ransomware shutdowns of hospitals, fatal cocktails of illicit substances bought anonymously on a dark market: these are just some of the many facets of transnational organized crime today.
Organized crime groups are on the forefront of technology adoption. For example, UNODC research has documented how scam compounds are integrating AI into their operations, combining multilingual chatbots and automated outreach to target victims worldwide for fake romance and investment scams, while using cryptocurrency to launder criminal proceeds.
The next generation of cyber organized crime is here, and the world is not ready. While criminal models have seamlessly integrated new tech to bring down risk and maximize profit, responses across the globe remain fragmented and partial, and cybercriminals are exploiting vulnerabilities with devastating consequences. Vast seas of personal data stolen. Public systems and services debilitated. Life savings wiped out and businesses bankrupted by ransom demands. People exploited, robbed and killed.
This isn’t a distant future. In the United States, the FBI Internet Crime Report found that suspected internet crime losses increased 33 per cent from 2023 to 2024, to exceed 16 billion dollars, while Eurojust reported a 25 per cent increase in the number of cybercrime cases over the same period. Canada’s national cyber threat assessment notes that the number of ransomware incidents grew an average of 26 percent per year from 2021 to 2024.
Even the private sector cannot keep up. According to the World Economic Forum, some 71 percent of chief information security officers surveyed said that small organizations have already reached a critical tipping point where they can no longer adequately secure themselves against the growing complexity of cyber risks. More than 76 per cent said that fragmentation across jurisdictions has greatly affected their organizations’ ability to maintain compliance with cybersecurity regulations.
These are the risks and repercussions that high-income countries and multinationals face. The threats are far more devastating for the developing world, where the adoption of digital technology is moving faster than the readiness to face the new threats that come with it.
Take Sub-Saharan Africa, where digital adoption is surging and mobile money accounts have surpassed one billion, according to the Global System for Mobile Communications Association. Yet only five countries from the region are in the top tier of ITU’s Global Cybersecurity Index.
And a compromised system in one place can be used by cybercriminals to attack systems in another. There are reports that developing countries have been used as testing grounds for new ransomware attacks, and organized crime groups operating in Asia have explored setting up shop in Africa.
We urgently need to do more to give governments, law enforcement, companies and communities a fighting chance against cybercrime. We need to strengthen legal and regulatory frameworks around the world, provide training and equipment to enforcement agencies and promote cross-border cooperation. We also need to raise awareness and improve digital literacy to reduce victimization, build cybercrime resilience and strengthen prevention.
The UN Convention against Cybercrime will open for signature in Hanoi, Viet Nam at the end of October. The Convention is the result of a five-year negotiation process between UN Member States, and some 160 organizations – tech companies, civil society, academia – had a voice in the consultations. It was adopted at the end of 2024 by the United Nations General Assembly without a vote. It is the first global agreement of its kind, providing for international cooperation and human rights safeguards in the joint fight against cybercrime, and representing a victory for multilateralism.
Once in force, the Convention will be the first ever global framework for the collection and sharing of digital evidence – a crucial step in going after transnational criminals who might be in one location while victimizing people in multiple countries and storing the evidence in another place entirely. An agreed international framework will help ensure that digital evidence can be admissible across jurisdictions, giving criminals no place to hide online or off. The Convention is also “futureproof”, defining crimes based on activities and outcomes and not the technologies used, ensuring that it will serve as an effective instrument even as technology and cybercrime evolve. In addition, it takes huge strides to protect victims of online abuse, especially women and children, establishing criminal offenses for the non-consensual dissemination of intimate images as well as for child sexual exploitation and abuse online.
Our cybercrime defences are only as strong as the weakest link. The Convention will provide clear and agreed international rules and regulations, and help channel training and resources to shore up cybercrime responses in every part of the world. We need governments to sign up and invest in a safer digital future for all.
For more on the UN Convention against Cybercrime, which opens for signature 25-26 October 2025 in Hanoi, Viet Nam: unodc.org.
