Hollywood’s image of gangsters and mainly young ne’er do wells will be revised.
That’s because for-profit criminals — often approaching middle age — make up today’s largest group of cybercriminals, according to a crime analysis by Orange Cyberdefence.
The Orange Group’s Cybersecurity Division analyzed 418 publicly announced law enforcement operations conducted between 2021 and mid-2025, and found that cybercriminal involvement peaked between the ages of 35 and 44, with these figures accounting for 37% of all cybercrime cases reviewed.
Combined, the combined age groups from 25 to 44 make up more than half (58%) of the cybercrime cases analyzed. All of this runs counter to the Hollywood image of a young outlaw who lives in their mother’s basement and it’s even fun.
Profit-motivated cybercrime increases with age – unlike other types of crime where criminal behavior emerges in adolescence, peaks in late teens or early adulthood, and then declines.
A review of criminal cases found that 18- to 24-year-olds were the defendants in 21% of cybercrime cases, a figure that dropped to 5% in the 12- to 17-year-old age range.
Offender profiling
The study found a noticeable progression in cyber crime activity as the perpetrators age.
Among 18- to 24-year-olds, cybercrime activity is more diverse, focusing on hacking (30%), followed by selling stolen data and DDoS attacks (10% each).
“The range of activities reflects the exploratory, multi-disciplinary nature of this study of cybercrime involvement as they explore the boundaries and tactics of surveillance,” according to Orange Cyberdefence.
This begins to change among criminals aged 25 to 34, where activities such as selling stolen data (21%), cyber fraud (14%), and the distribution of malware (12%) lead the way – indicating a move to profit-driven crime.
The trend is strongest among the 35-44 age group, where online fraud (22%) is the leading crime, followed by malware (19%), cyber espionage (13%), hacking (10%), and money laundering (7%).
“While young, inexperienced hackers engage in a wide variety of crimes they may be less likely to engage in calculated, profit-seeking activity,” said Charl van der Walt, head of security research at Orange Cyberdefense. “Instead, cybercriminal activities seem to increase over time in adulthood, with more sophisticated and purposeful techniques.”
Cyber crime carts
Dray Agha, senior security manager at private detection and response company Huntress, said the analysis shows that “the Hollywood image of teenagers being robbed by a lone wolf for bragging rights” is largely outdated as the crisis is dominated by “highly organized, profit-driven organizations.”
“While young people may engage in digital vandalism or work as low-level accomplices, the architects of large-scale extortion and malware campaigns are mature adults who operate illegal technology companies,” Agha said.
Agha argued that the 35-44 age group is well suited to the skills needed to run modern cybercrimes, such as ransomware-as-a-service (RaaS). These professionally run campaigns require project management, software development life cycle, human resources (collaborators), and customer service (negotiations with victims).
“This level of operational maturity is rarely found in young people; it requires the general business acumen of mid-level professionals,” Agha said.
While it may be easy to breach a vulnerable system, successfully monetizing illegal access is a difficult process that requires experience.
“The prevalence of online fraud and money laundering among the 35-44 population highlights the need for a deeper understanding of corporate stress, the fallout from cryptocurrency, and illicit financial networks,” added Huntress’ Agha. “Senior law enforcement officers have the real-world experience needed to navigate these complex financial systems and turn stolen data into usable money.”
While young offenders often act as “first access brokers” – getting the first way into a network – this access is often sold to older, more experienced threat actors who engage in high-level fraud and espionage.
“The younger ones ‘pick the locks,’ while the older ones ‘run the team,'” Agha said.
Career ladder
Andra Zaharia, who leads the cybersecurity community at Pentest-Tools.com, said that many cybercriminal activities look “less like doing it alone and more like organized networks with roles, exploits, and repetitive processes.”
“That structure is inherently volatile because it rewards operational discipline and trust networks that take time to build,” Zaharia told CSO. “Technical ability is important, but so is reliability and consistency over months and years.”
Zaharia added: “The profit motive is also reshaping the ‘way of work.’
Extortion and malware campaigns often involve different people for different jobs: access, use of tools, infrastructure, negotiations, and money transfer.
“Reputation becomes a currency in those places,” concluded Zaharia. “Actors build it, protect it, and use it to move up to more lucrative roles.”
