Developing economies are falling behind in the fight against cybercrime

Cybercrime is a global problem, but not every country is equally equipped to fight it. In many developing economies, cybersecurity is still seen as a luxury, something nice to have when budgets allow. That means little investment in tools, training, or talent.

At the same time, limited job opportunities and high unemployment make cybercrime an appealing alternative for some. When income matters more than how it’s earned, online crime can look like an easy way out.

There’s also a huge skills gap. Many users are new to digital tech and don’t know how to protect themselves. Add language barriers, low awareness, and a shortage of qualified professionals, and the risk multiplies.

Weak or outdated laws don’t help either. In many places, cybercrime legislation and processes for handling electronic evidence are incomplete or rarely enforced. Law enforcement cooperation is patchy at best, nowhere near the level of coordination you’d see in the West.

Regional focus

Africa

Cybercrime is on the rise in Africa. As internet access grows, more people are coming online, and criminals are exploiting the opportunity. Governments are dealing with pressing issues like poverty, political and ethnic conflict, and violent crimes, which leaves less focus on cybercrime. Limited digital skills and weak legal frameworks at both national and regional levels add to the problem.

“Compounding the threat is a severe shortage of trained professionals. Africa has a small share of certified professionals, fewer than 25,000 across a population of 1.4 billion. This shortage leaves both public and private sectors exposed, with limited capacity to detect, prevent, or respond to attacks,” said Sadrah Irasubiza, Founder of NetFella.

INTERPOL’s latest report shows the scale of the problem. Between 2019 and 2025, cyber incidents across Africa caused an estimated $3 billion in financial losses. In Western and Eastern Africa, cybercrime now makes up more than 30% of reported crime.

The most common attack types in Africa look similar to those seen worldwide but with local variations. Online scams, especially phishing, remain the top threat. Criminals also run romance scams and investment frauds, often tied to cryptocurrency.

Ransomware is also spreading fast. Attackers have targeted companies, utilities, and government databases, with groups such as LockBit, Hunters International, and BlackSuit disrupting sectors including telecoms, healthcare, and public services.

West African groups have built BEC into a global operation, with Nigeria, Ghana, Côte d’Ivoire, and South Africa serving as key hubs.

Some African countries are strengthening cyber resilience by updating laws, aligning with international standards, and building specialized units and digital forensics capacity.

Alongside these steps, law enforcement is striking back. During INTERPOL’s Operation Serengeti 2.0, authorities in 18 African nations arrested more than 1,200 people, shut down over 11,400 malicious infrastructures, and recovered nearly $97 million.

Asia-Pacific (APAC)

The Asia-Pacific region has seen major digital change in the past decade. Wider internet access, new technology, shifting consumer habits, and government and business adoption of digital services have all played a role. These changes have also fueled a rise in cybercrime. In the first half of 2024 alone, the Asia-Pacific recorded over 57,000 ransomware attacks, and this pace has extended into 2025.

According to the UN, the use of automation and AI is allowing criminal networks to expand faster than governments and regulators can keep up.

What once involved individual hackers is now driven by coordinated groups that use advanced tools to reach more victims, automate attacks, and move money across borders with little resistance.

Southeast Asia has become a cyber scam epicenter in recent years. Crimes such as fraud, extortion, and human trafficking are now run through digital platforms and automated systems.

This trend is most visible in large-scale scam operations run out of countries like Cambodia, Myanmar, and Laos. Victims are lured with fake job offers and then forced to work in so-called pig butchering scams. As in many low-income countries, cybercriminals take advantage of difficult living conditions and the struggles people face in finding work.

Many of these fraud factories trace back to the collapse of Southeast Asia’s gambling boom and remain tied to Chinese criminal networks. Before COVID-19, billions went into casinos and hotels across the region. When lockdowns stopped travel, revenue collapsed. Operators turned many of these sites into cyber-scam compounds that have since stolen billions worldwide.

A U.S. government estimate found that Americans lost at least $10 billion in 2024 to scam operations based in Southeast Asia.

Since this is a recent shift, governments, investigators, and civil society groups are still mapping trafficking routes and studying the scam tactics used in these centers.

Building cybersecurity in developing countries starts with strategy

Building cybersecurity takes many players, but governments need to lead the charge. Progress also depends on countries working together and staying consistent across borders.

In developing nations, tight budgets make cybersecurity a tough sell. Any program has to be affordable, practical, and built for local realities.

A national strategy is the first step. It should make cybercrime prevention a top priority and use proven best practices as a foundation. Moving fast on strategy shows commitment and gives direction for future decisions.

New legal challenges are already emerging, and compromise will be part of the process. Cross-border access to electronic evidence is one issue already shaping global discussions.

Big, all-encompassing agreements will be hard to achieve. Starting small may work better, building trust and consensus on specific problems. That approach can produce quicker wins and set the stage for broader cooperation later on.