While much emphasis has been placed on the rise of youth cyber crime over the last two years, new research shows hacker activity peaks much later.
Orange Cyberdefense looked at the numbers and found that it’s actually thirty- and forty-somethings that are the greatest threat.
The company’s intelligence team analyzed 418 publicly announced law enforcement activities between 2021 and mid-2025 and found that offenders’ activities peaked between the ages of 35 and 44. This age group, they said, accounted for 37% of cyber crime cases.
Put together, the combined age groups of 25-to-44 make up well over half (58%) of analyzed cyber crime cases.
Only one-in-five (21%) incidents were the work of 18-to-24-year-olds. Despite the bad press they get in movies and the news, 12-to-17s were behind fewer than 5% of cases.
“The surge in cyber offences committed by teenagers in recent years may be creating a false impression of the age of today’s cyber criminals,” said Charl van der Walt, head of security research at Orange Cyberdefense.
“The sensationalist interpretation of cyber crime’s youthfulness makes for a good headline, but these findings appear to tell a different story.”
Differing motives
One big difference between the kids and their elders is the underlying motivation behind attacks, researchers noted. As you might expect, younger hackers are frequently experimenting while the older cohort is in it primarily for financial gain.
Among 18-24-year-olds, cyber criminal activity is highly diverse, though there’s a focus on hacking (30%) in particular, followed by selling stolen data and DDoS attacks (10% each).
Things start to change among offenders aged between 25 and 34, who tend to focus on more profitable activities such as selling stolen data (21%), cyber extortion (14%) and malware deployment (12%).
This trend continues among 35-to-44 year olds, where cyber extortion (22%) is the crime of choice, followed by malware (19%) and cyber espionage (13%), hacking (10%), and money laundering (7%).
“While younger, less experienced hackers engage in highly diverse – and often noticed and reported – actions, they may be less likely to engage in calculated, profit seeking activity,” said van der Walt.
“Instead, cyber crime careers appear to peak much later into adulthood, accompanied by vastly more sophisticated and intentional techniques.”
Some of those teen-related activities are very high profile indeed. Late last year, for example, a 15-year-old was outed by security researcher Brian Krebs as a member of Scattered LAPSUS$ Hunters – the group responsible for the Jaguar Land Rover (JLR) and M&S cyber attacks.
Two teenagers, meanwhile, are set to face charges for the 2024 hack of Transport for London (TfL), while another pair have been arrested for the data breach of the Kido chain of children’s nurseries.
FOLLOW US ON SOCIAL MEDIA
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
