Many cybercrime investigations end with arrests or indictments that reveal little about the people behind the operations. When authorities do disclose demographic details, the pattern that emerges does not match the common assumption that cyber offenders are mostly very young. Analysis in the Security Navigator 2026 report from Orange Cyberdefense points to a different age profile, with a strong concentration of offenders in mid-career adulthood.
What the law enforcement data reveals
The analysis is based on a dataset of 418 publicly announced cybercrime law enforcement actions collected between 2021 and mid-2025. Orange Cyberdefense compiled the cases from official announcements and media reporting and then enriched them with contextual details when available.
The researchers stresses that the dataset reflects publicly disclosed actions, not the total universe of cybercrime activity. Many incidents never reach the stage of a public investigation, and some jurisdictions release more information than others.
Even with those limits, the demographic information attached to many cases offers a rare look at who is being identified in cybercrime prosecutions and investigations.
The 35–44 age group stands out
Age data was available for 193 offenders within the dataset. In that subset, the 35-44 age group accounts for 37% of identified offenders, making it the single largest cohort.
The next largest groups are younger adults. The 25–34 bracket represents 30%, while the 18-24 group accounts for 21%. Together, those three ranges make up nearly nine out of ten offenders with verified age information.
This distribution differs from the traditional age-crime curve seen in many forms of offline crime, where offending tends to peak earlier in life and decline more sharply afterward. In the cybercrime cases examined here, activity appears to extend across a longer portion of adulthood.
This pattern is consistent with criminal engagement that involves planning, technical competence, and deliberate evaluation of risk and reward.
Profit-driven cybercrime rises with age
The researchers also compares the types of cybercrime associated with different age cohorts.
Among younger adults, activity spans a broad set of offenses and often centers on hacking. This period as one where technical experimentation, skill development, and peer reputation may play a larger role.
In the next age band, offense patterns begin to move toward financially motivated activity. Actors in the 25-34 range show signs of a shift toward profit-oriented operations.
The pattern becomes more pronounced in the oldest of the three main groups. Within the 35-44 cohort, cyber extortion accounts for 22% of identified activity, followed by malware at 19%. Other crimes recorded in the group include cyber espionage, hacking, and money laundering. The report links this mix to actions that tend to carry greater financial or political impact.
Cybercrime cases span dozens of nationalities
Offenders identified in the cases represent 64 nationalities, reflecting the cross-border nature of digital crime. Investigations frequently involve actors operating in different jurisdictions, which complicates attribution and prosecution.
Despite that geographic spread, the public record shows a strong concentration around a small number of countries. The five most represented nationalities account for 58% of identified offenders in the dataset.
Nationality data should not be interpreted as a definitive indicator of where cybercrime originates. Public law enforcement disclosures vary widely between countries, which can influence what appears in global datasets.
A different profile of cyber offenders
The concentration of offenders in the 35-44 range challenges a persistent stereotype that cybercrime is primarily driven by teenagers or very young adults.
The data suggests many offenders involved in major cybercrime operations are individuals with the experience and technical skills needed to run complex activities. These can include malware development, infrastructure management, financial laundering operations, or extortion campaigns.
That interpretation aligns with the offense patterns seen in the older cohort, where extortion and malware operations appear frequently. These activities often require coordination, infrastructure, and financial management that extend beyond opportunistic hacking.
Webinar: The True State of Security 2026
