The Hollywood picture of felony hackers being largely teenage ne’er do wells is due for an replace.
That’s as a result of profit-seeking profession criminals — typically approaching center age — make up the biggest cohort of right this moment’s cybercriminals, in keeping with an evaluation of felony instances carried out by Orange Cyberdefence.
The Orange Group’s cybersecurity unit analysed 418 publicly introduced regulation enforcement actions performed between 2021 and mid-2025, discovering that cyber offenders’ engagement in crime peaks between the ages of 35 and 44, with this demographic accounting for 37% of all of the cybercrime instances reviewed.
Collectively, the mixed age teams of from 25 to 44 make up properly over half (58%) of analysed cybercrime instances. This all goes in opposition to the Hollywood picture of the maladjusted teen hacker dwelling of their mum’s basement and as much as no good.
Revenue-motivated cybercrime escalates with age — not like different types of crime the place felony behaviour emerges in adolescence, peaks within the late teenagers or early maturity, after which sharply declines.
The evaluate of felony instances discovered that 18- to 24-year-olds had been the defendants in 21% of cybercrime instances, a determine that drops to five% for the 12-to-17 age vary.
Offender profiling
The research discovered a notable development in cybercrime exercise as offenders age.
Amongst 18- to 24-year-olds, cybercriminal exercise is extremely various, with a deal with hacking (30%), adopted by promoting stolen knowledge and DDoS assaults (10% every).
“The variety of activities indicates the experimental, multifaceted nature of this demographic’s engagement in cybercrime as they test boundaries and trial tactics,” in keeping with Orange Cyberdefence.
This begins to shift amongst offenders aged 25 to 34, the place actions resembling promoting stolen knowledge (21%), cyber extortion (14%), and malware deployment (12%) paved the way — indicating a transfer towards profit-motivated crime.
The pattern intensifies among the many 35-44 cohort, the place cyber extortion (22%) is the dominant offence, adopted by malware (19%), cyber espionage (13%), hacking (10%), and cash laundering (7%).
“While younger, less experienced hackers engage in highly diverse crime they may be less likely to engage in calculated, profit-seeking activity,” mentioned Charl van der Walt, head of safety analysis at Orange Cyberdefense. “Instead, cybercrime careers appear to peak much later into adulthood, accompanied by vastly more sophisticated and intentional techniques.”
Cybercrime cartels
Dray Agha, senior safety operations supervisor at managed detection and response providers agency Huntress, mentioned the evaluation illustrates that the “Hollywood image of a teenage lone wolf hacking for bragging rights” is vastly outdated for the reason that risk panorama is dominated by “highly organised, profit-driven syndicates.”
“While young people may still engage in digital vandalism or act as low-level affiliates, the architects orchestrating large-scale extortion and malware campaigns are mature adults operating what are essentially illicit technology companies,” Agha mentioned.
Agha argued that the 35-44 age group aligns completely with the talents required to run fashionable cybercrime operations, resembling ransomware-as-a-service (RaaS). These professionally run campaigns require mission administration, software program improvement lifecycles, human sources (recruiting associates), and customer support (negotiating with victims).
“This level of operational maturity is rarely found in teenagers; it requires the business acumen typical of midcareer professionals,” Agha mentioned.
Whereas it may be comparatively straightforward to breach a weak system, efficiently cashing in on illicit entry is a difficult course of that requires expertise.
“The prominence of cyber extortion and money laundering in the 35-44 demographic highlights the need for a deep understanding of corporate pressure points, cryptocurrency tumbling, and illicit financial networks,” Huntress’ Agha added. “Older offenders have the real-world experience necessary to navigate these complex financial logistics and turn stolen data into usable cash.”
Whereas youthful offenders typically act as “initial access brokers” — discovering the preliminary means right into a community — this entry is usually bought onto older, extra skilled risk actors who execute the high-stakes extortion and espionage.
“The young ‘pick the locks,’ while the adults ‘run the syndicate,’” Agha mentioned.
Profession ladder
Andra Zaharia, cybersecurity group lead at Pentest-Instruments.com, mentioned that many cybercrime operations look “less like solo activity and more like organised networks with roles, handoffs, and repeatable processes.”
“That structure naturally skews older because it rewards operational discipline and trust networks that take time to build,” Zaharia instructed CSO. “Technical skill matters, but so does reliability and consistency over months and years.”
Zaharia added: “Profit motive also reshapes the ‘career path.’”
Extortion and malware campaigns typically contain totally different individuals for various jobs: entry, tooling, infrastructure, negotiation, and transferring cash.
“Reputation becomes a form of currency in those environments,” Zaharia concluded. “Actors build it, protect it, and use it to climb into higher-earning roles.”
