neppen1 - stock.adobe.com
Teen hackers aren't the problem. They're the wake-up call
If we take the time to build the right pathways into cyber, young people could be our best line of defence.
The face of cyber crime has changed. It’s no longer the cliche of a shadowy figure operating in anonymity from their basement. Today, some of the most disruptive attacks are being carried out by smart, curious teenagers, often still in school and forming their identity, but already capable of breaching billion-dollar systems. The global cost of cyber crime in 2025 is expected to hit $10.5tn (£7.7tn) – the global cost of Covid.
Recent cases have exposed this uncomfortable reality. Multi-million pound attacks on well known UK companies Co-op, M&S, and Harrods have been traced to individuals aged 17, 19, and 20. Scattered Spider is the most recent, most famous case, but it isn’t an isolated event – the average age of someone arrested for cyber crime is 19, compared to 34 for other crimes. Law enforcement is understandably cautious in how they talk about these cases due to the vulnerability of those involved, but the pattern is clear.
The uncomfortable truth is that these young people are not criminal masterminds. Europol found 69% of European teens have committed a cyber crime or misdemeanor. These are middle-of-the-curve kids, not hardened hackers, emboldened by cash, with years of professional experience. They are symptoms of a much broader failure to engage with the emerging reality of a generation that learns, explores and socialises online, and increasingly pushes boundaries there too.
We need to stop treating teenage cyber crime as an isolated behavioural issue
What we’re seeing is a societal and educational blind spot, where the true failure is a lack of guidance, development, and opportunity. These teenagers aren’t joining gangs on street corners, which does come with a code of ethics in its own way. They’re testing code and pushing systems because they’re curious, driven, and have nowhere else to aim that energy. This natural inclination, when nurtured, is the foundation of intelligence and underpins all innovation. As Steve Jobs said, “Much of what I stumbled into by following my curiosity and intuition turned out to be priceless later on.” We need to celebrate this curiosity rather than stifling it.
In many cases, they don’t fully understand the legal consequences. They’re experimenting, often for recognition in the Discord servers that egg them on, sometimes for the challenge itself. The system fails to spot their potential early on and only responds once they cross a line. That’s not a security strategy, it’s a failure of imagination from all involved.
As we mention ethics above, every talking point comes back to young people being left to figure out the rules of an online world without the guidance or opportunities that might direct them towards something constructive. Organised crime groups have already recognised this and are actively recruiting. Networks like The Com or 764 on Discord and Telegram have groomed children in private chat groups, coercing them into extortion, doxing, self-harm material, and laundering stolen data. Young recruits often remain unaware of the full magnitude of their crimes until it’s far too late.
Every organisation that relies on digital systems – which is to say, obviously, is nearly all of them – is now facing a growing threat landscape and a critical shortage of talent to defend against it. Globally, there are nearly five million unfilled cyber security roles. At the same time, governments, businesses and schools continue to treat cyber security as a niche subject rather than a foundational skill set. It’s taken quite literally decades to have an appropriate amount of technology literacy at schools as preparation for a world where careers are increasingly moving solely online. Yet, there is an entire generation of natural born hackers.
If we took half the effort we spend on reacting to youth cyber crime and redirected it toward early education, real-world challenges and career pathways in cyber, we could start converting those vulnerabilities into national assets. The UK government has taken a step towards this with the TechFirst programme, investing £187m over four years to impact a million British kids in cyber, AI, and engineering.
What do we need to do to create change?
We need to meet kids where they are, on gaming platforms, watching content, and on social media, to spark passion for cyber. Here at The Hacking Games, our AI platform, HAPTAI, does exactly that. It looks at gaming behaviours and performances, modding, psychographics, and tests aptitudes for cyber skills, offering a solution for inspiring, evaluating, and placing talent.
A great example of this step in the right direction is The Hacking Games recent community partnership with Co-op. This new partnership will combine Co-op's reach into every post code area of the UK, community expertise, 38 Co-op Academy schools, 20,000 students, and their 6.5 million member base with The Hacking Games’ extensive knowledge and expertise in cyber crime.
Having been attacked and understanding the implications, Co-op wants to help prevent cyber crime before it starts by supporting young people to put their skills to good use. By opening doors and widening access, it aims to reduce risk and offer real alternatives to those who might otherwise be led down the wrong path.
The partnership, a long term initiative with ambitions to develop into a large scale national movement, activated through a wide scale, multi-channel approach, begins with an independent research study led by professor Jonathan Lusthaus of the University of Oxford, a leading expert on the social dimensions of cyber crime and hacking, with the findings informing future prevention strategies.
Read more about ethical hackers
- The NCSC is expanding its vulnerability research project to draw in external expertise from ethical hackers, among others.
- Ethical hackers protect businesses by identifying vulnerabilities. They use the same techniques as malicious hackers, but for the greater good.
- Software companies Salesforce and Zoom discuss their successful bug bounty programmes, what they learned at a recent in-person hackathon in which they participated, and why others shouldn’t be scared of hackers.
What these stories of teen hackers really reveal is a failure to connect the dots.
If a 16-year-old manages to breach a corporation's defences, that’s not just a lapse in cyber security, it’s an indictment of every system that failed to notice their capabilities sooner.
But we don’t have to wait for more young people to be caught on the wrong side of the law to start changing that. The talent is already here. It’s in the schools. It’s online. It’s writing scripts, testing limits, and trying to figure out where it fits in.
If we build the right pathways, these young people could be our greatest line of defence. Ignore them, and they may just become the next threat. We need to create a generation of ethical hackers to make the world safer.
Fergus Hay is co-founder and CEO at The Hacking Games.
Read more on Hackers and cybercrime prevention
-
![]()
Co-op chief ‘incredibly sorry’ for theft of 6.5m members’ data
By: Alex Scroxton
-
![]()
Four arrested in M&S cyber attack investigation
By: Alex Scroxton
-
![]()
British hacker IntelBroker faces years in a US prison cell
By: Alex Scroxton
-
![]()
Teenage Lapsus$ ringleader was responsible for crime spree, UK court rules
By: Alex Scroxton
