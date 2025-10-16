Ayman El Hajjar, University of Westminster

When cybercriminals targeted the UK nursery chain Kido, it represented a disturbing new low for the hackers. They allegedly threatened to expose personal data about young children and their families, shocking parents and cybersecurity experts alike.

The Kido hack is far from an isolated incident. Cyberattacks have struck organisations across many sectors in the last year, disrupting businesses from retail to manufacturing.

These recurring attacks highlight an important reality – cybercrime has become a very profitable activity. While the official advice is not to pay hackers, the frequency of these attacks suggests that many companies do. They will want to avoid losing their data or having their business and reputation damaged. But most will never admit to paying up.

Whenever there is money involved, more criminals want to participate – which has led to cybercrime becoming an organised industry. Cybercrime has shifted from individual and uncoordinated group attacks to an established business model that generates revenue and mirrors genuine companies.

This model has its own supply chains, affiliates (for example, criminals who use the malware rather than developing it) and even customer support.

The cybercrime ecosystem has evolved to run using the “as-a-service” model. For legitimate businesses, this is an efficiency model that lets them pay to use something “as a service”, rather than purchasing it. Just as businesses use software or security as a service, criminals have mirrored this model into an similar underground economy of cybercrime.

In this underground market, hackers sell ready-made malware, rent out botnets (networks of infected devices), and run payment platforms. They even go as far as providing customer support and help pages for the criminals they serve.