We often talk at length about cybercrime—whether it’s the rise of email phishing, ransomware, or evolving cybersecurity threats. But we rarely pause to ask: Who are the people behind these attacks, and what drives them?

The motivations behind cybercriminal behavior are usually straightforward. The two primary drivers are money and information. In fact, a report from Verizon Enterprise found that financial gain and espionage account for a staggering 93% of all attack motivations. Beyond these, other motives are often grouped under the acronym “FIG” (Fun, Ideology, and Grudges).

A cybercriminal’s goals can vary widely depending on what they’re after, whether they’re acting independently or hired by a third party, and who stands to benefit. These motives can be broken down as follows:

Money

Money, Let’s be real — most cybercriminals are in it for the cash. Whether it’s through ransomware, phishing scams, or stealing and selling data, money is usually the end goal. Smaller jobs might involve cryptocurrency transactions, while bigger scores use wire transfers. Some attackers demand money directly from their victims. Others make a profit by selling personal or business data on shady parts of the internet. That’s why email security matters so much. Tools like Proofpoint Essentials, OnDMARC, and solid email phishing protection aren’t just nice to have — they’re your first line of defense against these types of attacks. You’re not just protecting your inbox; you’re protecting your wallet, too.

Competition

Competition Corporate sabotage is more common than you’d think. Getting into a rival’s system can uncover trade secrets, sensitive communications, or even disrupt business entirely. Industries that rely heavily on intellectual property — like tech, pharma, or manufacturing — are big targets. But really, any company with valuable internal info could be at risk. That’s why having strong email authentication and malware protection in place isn’t just about compliance — it’s about staying ahead of the competition in more ways than one.

Political Motivation

Political Motivation Cybercrime isn’t just about businesses — entire governments are in the game now. State-backed hackers are using cyberattacks to mess with power grids, influence elections, or cause public chaos. Even if your business isn’t directly targeted, you can still get caught in the crossfire. That’s why companies in sensitive sectors — like healthcare, infrastructure, and public service — need airtight cybersecurity plans. Think HIPAA-compliant email, strong email encryption, and policies that make sure you’re not an easy target.

FIGs

FIGs: Fun, Ideology, and Grudges Some attackers are motivated by personal ideology or the thrill of exploitation. Others act out of personal grievances—targeting organizations for reasons ranging from poor service to ethical disagreements. Tactics like DDoS attacks or public data leaks often fall into this category. Organizations should consider email archiving solutions and robust email encryption to ensure their communications remain secure in the event of such attacks.

While concrete data on attacker motives can be limited, an interesting Raconteur infographic offers some compelling insights:

• Financial crime is the primary objective in 41% of cases.
• Insider threats (27%) and competitive intelligence (26%) follow closely behind.
• The manufacturing sector is more often targeted for espionage than financial reasons.
• Healthcare, targeted heavily for its valuable data, also sees the highest rate of FIG-related attacks.
• Public administration surprisingly suffers fewer espionage attacks than manufacturing, potentially due to better awareness and preparedness or fewer viable targets.

The “Hacker”: A Misunderstood Label

It’s also important to clarify the term “hacker.” Too often, hackers are confused with cybercriminals. However, many hackers are ethical researchers—often referred to as white-hat hackers—who find vulnerabilities and report them responsibly. Their motivations differ from those of cybercriminals. According to a report, 72% of these hackers do it for financial reward, including bug bounties from companies like Google, Apple, and Microsoft. Interestingly, 70% say they do it for fun.

Regardless of their motivations, defending against cybercriminals requires strong, layered protection. Robust email security, proper email authentication, and proactive solutions like Proofpoint and comprehensive email phishing protection are crucial. Understanding the different types of attackers is key to building better defences.

Vircom remains committed to helping organizations stay ahead of cybersecurity threats by offering trusted solutions like Proofpoint Essentials, Security Awareness Training, DMARC implementations (including tools like OnDMARC from Red Sift), and capabilities to encrypt email in Outlook or send secure email outlook effortlessly.