Cybercrime-as-a-Service (CaaS) represents a significant evolving threat that mirrors legitimate 'as-a-Service' models and provides sophisticated, user-friendly toolkits that lower the barrier to entry for malicious actors. This talk presents the findings of a three-round Policy Delphi conducted with 50 cross-sector experts intended to identify future threats, enablers, and challenges of CaaS.

Findings suggest that CaaS drives high-volume, low-level crime while attracting diverse actors including state-sponsored and Organised Crime Groups. Current enablers include under-reporting, unregulated decentralised finance, and accessibility via open web and other platforms. Future threats are anticipated to be shaped by cloud interconnectedness, cybersecurity monopolies, and the proliferation of new technologies including small language models. Experts advocate for proactive regulatory interventions (e.g. mandating security-by-design), legislating against cryptocurrency-driven profit mechanisms, and clearer government guidance on responsible cyber conduct. 


The talk provides expert-validated insights into the evolving cybercrime landscape and underscores the need for a proactive, multi-pronged approach to disrupting CaaS.