Europolās Internet Organised Crime Threat Assessment (IOCTA) delivered a stark warning: Europe is under siege, not from conventional armies, but from an increasingly sophisticated and highly organised network of cybercriminals exploiting stolen data as a commodity.
Titled āSteal, Deal and Repeatā, the report lays bare the rapid evolution of cybercrime, tracing how data ā personal, corporate, and state ā is systematically exfiltrated, traded, and weaponised in ways that destabilise societies and economies alike.
The report is timely. Europeās digital infrastructure is now as vital to national security as its physical borders. Yet, the IOCTA finds that criminal actors are exploiting gaps in governance, lax enforcement in some jurisdictions, and the very tools designed to facilitate legitimate commerce and communication. The result is a shadow economy where stolen data circulates with impunity, feeding fraud, identity theft, ransomware, and even espionage campaigns.
The Mechanics of Modern Cybercrime
At the heart of the IOCTAās analysis is the recognition that data is both a target and a tool. Personal data, corporate credentials, intellectual property, and even sensitive governmental information are traded in a market increasingly structured and stratified. Cybercriminals operate not as isolated hackers but as part of a complex ecosystem resembling legitimate financial markets: Initial Access Brokers (IABs) sell entry points to compromised systems, while data brokers specialise in packaging and distributing stolen data.
The report emphasises the sophistication of these operations. Social engineering techniques, including phishing, spear-phishing, and impersonation, remain the most effective vector for data acquisition. Notably, the rise of Large Language Models (LLMs) and generative AI has increased the precision and efficiency of such attacks, enabling cybercriminals to craft highly targeted communications that deceive even tech-savvy users. The IOCTA warns that AI-driven automation is transforming what was once a labour-intensive criminal activity into a scalable, semi-industrialised operation.
Beyond the individual threat, the report highlights how these cybercriminals coordinate at scale. End-to-end encrypted communication platforms are frequently used to negotiate sales and distribute sensitive information, including the personal data of children. Such encrypted networks shield criminal transactions from law enforcement, complicating investigative efforts and enabling a degree of resilience against disruption that traditional organised crime groups could only have dreamed of.
The Commodification of Access
One of the most striking aspects of the IOCTA is its discussion of data as a tradable commodity. Access to compromised systems can be bought, sold, and repurposed, forming the backbone of a thriving underground economy. IABs now advertise their services openly on specialised platforms, catering to a wide spectrum of criminal operators, from fraudsters to ransomware gangs. Meanwhile, data brokers have adopted diversification strategies, operating across multiple platforms to hedge against law enforcement interventions.
This commodification is not confined to individual identity theft or credit card fraud. The IOCTA outlines the broader implications: stolen data facilitates organised fraud, money laundering, and large-scale ransomware attacks. Moreover, hybrid threat actors ā state-affiliated groups seeking to destabilise rivals or gather strategic intelligence ā can exploit these underground markets to augment their operations. By purchasing access or data, they circumvent the technical hurdles of infiltration, effectively outsourcing portions of their cyber campaigns to criminal intermediaries.
The Human Factor and Social Engineering
While technological vulnerabilities are often the headline-grabbing aspect of cybercrime, the IOCTA reminds policymakers that human error remains a core vulnerability. Employees, contractors, and ordinary citizens inadvertently provide entry points through phishing emails, credential reuse, and insufficient awareness of digital hygiene.
The report emphasises that AI is now being used to enhance these human-targeting strategies. Deepfake audio, AI-generated personas, and hyper-realistic messaging increase the likelihood of successful deception. This convergence of technology and social manipulation presents law enforcement with a double challenge: defending against both automated and psychologically sophisticated attacks simultaneously.
Europeās cybersecurity strategy must therefore go beyond technical safeguards, incorporating behavioural education and institutional resilience. Failing to do so risks leaving an entire generation of users vulnerable to increasingly automated cybercrime campaigns.
Hybrid Threats and the Weaponisation of Data
Perhaps the most concerning finding in the IOCTA is the intersection of cybercrime with hybrid threats. Advanced Persistent Threat (APT) groups, often state-sponsored, exploit stolen data for espionage, economic advantage, or coercion. They can purchase access and information from criminal networks, effectively blending traditional cybercrime with geopolitical operations.
The report cites cases where stolen credentials and sensitive business information have been leveraged for targeted ransomware attacks against critical infrastructure. These incidents demonstrate how cybercriminal ecosystems do not operate in isolation; they intersect with global political and economic dynamics, turning what appears to be financial crime into a national security concern.
Policy and Law Enforcement Challenges
The IOCTA 2025 makes clear that Europeās legal and regulatory frameworks are struggling to keep pace with the speed of digital crime. The dispersed nature of the data markets ā spanning multiple jurisdictions and exploiting encrypted communications ā creates enforcement challenges. Traditional investigative methods are often inadequate when perpetrators operate across borders, shielded by anonymity technologies.
Europol stresses the need for a multi-pronged approach. This includes stronger collaboration between national law enforcement agencies, proactive engagement with private sector data custodians, and investment in AI-driven detection and investigative tools. Yet, even as agencies modernise, the report notes that criminal markets are highly adaptive. Disruption in one platform often leads to migration to another, highlighting the resilience and flexibility of these underground economies.
Balancing Security and Civil Liberties
The report does not ignore the tension between security imperatives and civil liberties. Encrypted communication, anonymisation tools, and privacy protections are essential to legitimate digital activity, yet they also enable criminal operations. Policymakers face a delicate balance: how to protect citizensā privacy while disrupting criminal networks that exploit the same technologies.
The IOCTA suggests targeted interventions, intelligence-led operations, and partnerships with tech companies as preferable to blanket surveillance measures. European law enforcement agencies are urged to develop nuanced strategies that maintain public trust while responding effectively to emerging threats.
Implications for Businesses and Individuals
The reportās findings are a wake-up call for European businesses. Companies must adopt rigorous cyber hygiene practices, implement zero-trust architectures, and invest in AI-assisted monitoring. For individuals, awareness and vigilance are more important than ever: credential reuse, unverified downloads, and insufficient awareness of social engineering can transform ordinary citizens into unwitting facilitators of cybercrime.
Europeās economy, heavily reliant on digital infrastructure, is at risk from cumulative small-scale breaches that aggregate into systemic vulnerabilities. The IOCTA frames this not merely as a technological issue but as a societal one: trust in institutions, commerce, and governance depends on securing personal and corporate data against an increasingly professionalised underground economy.
Europolās āSteal, Deal and Repeatā is more than a report on cybercrime; it is a blueprint for understanding the evolving architecture of criminal networks in the digital age. Data has become a weapon, a commodity, and a vector for disruption, exploited by a sophisticated ecosystem of criminals and hybrid threat actors.
Europe faces a pivotal moment. Law enforcement and policymakers must adopt proactive, intelligence-led strategies to counter these threats, balancing the imperative of security with civil liberties and digital trust. The IOCTA makes clear that reactive measures alone will be insufficient. Combating modern cybercrime requires agility, international coordination, and the recognition that the digital battlefield is now central to national and continental security.
The report underscores an uncomfortable truth: in the age of data, security is not merely about firewalls or legislation. It is about understanding the human, technological, and economic ecosystems that underpin crime, and acting decisively to safeguard the integrity of Europeās digital society.
