A powerful warning from the front lines of cybercrime: young minds are increasingly drawn into hacking, and many parents are unaware of the scale or seriousness of the risk.
Children as young as seven are being referred to Britain’s cybercrime intervention program, Cyber Choices, as companies face multimillion-pound hacks. For the current financial year, the average age of referrals is 15, with the youngest just seven, according to the National Crime Agency. Referrals are rising year after year, driven largely by gamers aged 10 to 16. At the same time, insurance payouts for hacked UK businesses have surged by about 230%.
“Some of these 15, 16-year-olds are sitting on millions,” warns a former hacker who speaks to Money. He and another reformed hacker describe how easy access and mainstream involvement have changed the game, making young people more vulnerable than in the past.
The message from authorities is clear: pay attention to what your kids are doing online. It’s dangerous to assume “my child would never do that.” The reality is that some teenagers already have access to substantial sums through cybercrime.
Beyond individual cases, experts say the Cyber Choices referrals likely only scratch the surface of the broader threat. A senior officer from the National Crime Agency notes that cybercrime affecting schools is widespread, and the Information Commissioner’s Office reports that students caused 57% of insider data breaches in schools between January 2022 and August 2024.
Recent high-profile breaches illustrate the scale of the problem. Marks & Spencer and Co-op endured multi-million-pound losses and disrupted services, Jaguar Land Rover halted production for five weeks, and Transport for London disruptions followed a separate attack. Teenagers and young adults were among the suspects in these incidents.
The gaming world is a major gateway into cybercrime. Gaming participation is nearly universal among in-tro teens, and skilled players can transition from game exploits to real-world hacks. Reformed activists recount how initial hacks started as curiosity or for financial gain, often within a loosely connected network rather than a single, tightly knit gang.
A recurring theme is social belonging: hacking communities offer recognition and a sense of identity to youths who may feel marginalized offline. This social reinforcement can be as powerful as the potential money involved.
The path into crime typically starts with curiosity and technical talent, evolves through challenges and status within online circles, and can spiral into increasingly serious offenses, including crypto theft and account takeovers. Yet the same skills can be redirected toward legitimate work. There is a growing push to channel teenage hackers toward cybersecurity careers, with organizations experimenting with non-traditional hiring metrics that value gaming prowess and practical problem-solving over formal degrees.
Still, money talks. Bug bounty programs provide a legitimate outlet for talent, but many payouts are modest compared with the lucrative stakes of real-world hacks. Reformed hackers emphasize that higher, more meaningful incentives are likely needed to persuade young talents to choose ethical paths over criminal ones.
The broader takeaway is twofold: first, the cyber threat is real, widespread, and fueled by accessible gaming culture and online communities; second, there is untapped potential among young people to contribute positively to cybersecurity if properly guided and rewarded. This raises provocative questions: should national programs intervene earlier or more aggressively in households? How can education, compensation, and mentorship be balanced to deter crime while fostering legitimate skills? And what responsibilities do parents, schools, and industry share to redirect talent before it veers into illegal activity? Share your thoughts below on how best to protect young people while unlocking their cybersecurity potential.
