The age of cybercrime 2025: a new economic reality

Guest writer:
Daniel Wittinghoff
business development
director
Mastercard

Guest writer:
Péter Mondovics
head of marketing
Mastercard

In our two-part series we rely on Mastercard data and analysis to explain the new modus operandi of attackers, the most vulnerable targets and the economic consequences. AI-powered systems not only map vulnerabilities, but also personalise attack patterns in real time: messages generated based on language, style and behavioural data are far more convincing than ever before.

Attacker motivations and types

Cybercrime is now an industrially organised activity characterised by business models, specialised roles and service chains. Attackers may be motivated by financial gain, political pressure or intelligence gathering. Mastercard distinguishes between three main types of perpetrators: “script kiddies” with low skill levels who work using automated tools; “cyber warriors” who attack for ideological reasons, and “black hats” who are professional, profit-oriented criminals, often organised into networks. By using the Cybercrime-as-a-Service model, attacks can be more targeted, sophisticated and difficult to detect.

According to Mastercard Cyber Insights, the number of registered cyber incidents in Hungary is lower than the Central and Eastern European average. The most frequently targeted areas include the public sector, financial services and the technology industry.

The damage caused by cybercrime has skyrocketed and could reach $9,500 billion by the end of 2024, which, if it were a country’s GDP, would make it the world’s third largest economy

User vulnerability and misconceptions

Mastercard’s study has found that Hungarian users overestimate their actual knowledge: while their self-assessment average is 3.02 (on a scale of 4), their actual knowledge level is only 1.86. The report finds it particularly worrying that although 70% of respondents know that a financial institution can’t ask for a bank PIN code over the phone, fraud involving tens of millions of forints is still common. The root of the problem isn’t lack of knowledge, but the fact that knowledge doesn’t translate into behaviour. In crisis situations many people disregard basic precautions. Attackers often target human behaviour instead of technological flaws.

The industries targeted in Hungary are largely in line with the Central and Eastern European benchmark. Technology is targeted the most.

Behavioural security – how can we protect ourselves?

Mastercard says the efficiency of cybersecurity increasingly depends on user behaviour. Those who react appropriately in critical situations such as phishing e-mails or suspicious phone calls are less likely to become victims. This is a really big challenge for companies, as many organisations – especially SMEs – don’t have internal security experts. One wrong click or opening an attachment can be enough to paralyse operations if there is no practical training, protocol or climate of trust. Education only works if it is continuous, situation-based and practical. (X)

Those who did better in the practical exercise were less likely to be victims