The Three Priority Cybercrime Threats

by John Bandler

Cybercrime threatens every single organization and individual. No business and no individual is immune or invulnerable, we all must evaluate the threats. Protection starts with understanding the three priority cybercrime threats, and then reducing the risks. The three cybercrimes to know areThree Priority Cybercrime Threats 2023-7 (1) Overview

  • Data breach
  • Ransomware, and
  • Email based funds transfer frauds (also known as CEO fraud, or business email compromise, BEC).

Attacks can disable operations and cause serious harms that are costly, time consuming, and stressful. Organizations and individuals can take steps to reduce their risks, and many of these steps are no more burdensome than putting on a seatbelt when getting in a car, a helmet before riding a bike, or the routine maintenance we do to protect our homes and automobiles.

Here is a brief description of the three priority cybercrime threats to know and plan against:

Data breaches

A data breach is an unauthorized access to confidential data. A cybercriminal that breaks into an email account, network, or stored data. This breach can have many negative effects, require notification to government and affected parties, damage reputation, and more. There are many ways a cybercriminal can breach an information system to access and steal data.


Ransomware locks computer systems making them unusable. The cybercriminal uses malware and encryption to encode data and then extorts the victim to pay a significant ransom to try regain access to systems and data. Business disruption can be immense, reputational harm follows, and organizations need to evaluate if a data breach occurred.

Email based funds transfer frauds

Cybercriminals steal funds large and small through their clever abuse of email communication. This can create fiscal devastation. Large payments can be diverted and stolen. The funds may never be recovered, are not insured, and litigation and other disruption ensue. This fraud is sometimes called CEO or CxO) fraud (when executives are impersonated to engineer a funds transfer) or business email compromise (BEC) when businesses are impersonated to engineer a fraudulent transfer. Criminals use many techniques to attempt and succeed with these frauds. Organizations need to evaluate if email systems were accessed, and if a data breach occurred.


The way to protect against these three priority cybercrimes is through good cybersecurity, and that starts with knowledge and proceeds through effective steps and good decisions to plan, protect, and prevent cybercrime. This can start with my Four Pillars of Cybersecurity. Organizations and individuals can evaluate their risks and plan for continual improvement.

Organizations and individuals may have legal duties to protect against these crimes, and to properly investigate and report after they occur. Some laws essentially require reasonable cybersecurity to protect personal information, and require organizations to properly investigate and report to the government and affected parties after a data breach.

But wait, there's more

Of course, cybercrime is an enormous black market industry, there are lots of criminals working on lots of schemes. Mostly it is about theft. Stealing. Victimizing others. There are many names for many schemes. Some involve social engineering, con artistry, trickery. Some involve highly technical activity. It is still mostly about theft. Read more in the links below.


I provide more details on each of the crimes and how to protect against them in the links below.

My usual disclaimers apply, this is generalized information and is not legal or consulting advice.

Additional reading

This article is hosted at, copyright John Bandler, all rights reserved.

This article is also available on at (though perhaps not updated as frequently).

Originally posted 1/3/2022. Last updated 7/24/2023.