Louis Zezeran
12. veebr. 2026
Over the last decade, cybercrime has transformed from isolated hacks and scams into a highly organized “digital economy” that affects governments, businesses, and individuals alike. In this episode of NEVERHACK Estonia CyberCast, host Anett Numa—NEVERHACK Estonia’s Chief of International Affairs—sits down with Estonian State Prosecutor Vahur Verte to examine what cybercrime has become, why prosecuting it is uniquely difficult, and what needs to change if societies like Estonia’s want justice to keep up with the speed of data.
Cybercrime’s biggest evolution: it scales
A central theme runs through the entire discussion: cybercrime has learned to scale—“absurdly well.” Vahur explains the difference in simple terms. A traditional criminal can rob a bank one at a time; a cybercriminal with the right tools can attack thousands—or millions—simultaneously. That scalability isn’t a small detail. It’s the defining feature that turns cybercrime into a societal-level problem, not just a series of isolated cases.
For law enforcement and prosecutors, this creates a problem the justice system wasn’t originally built for. Systems designed to investigate individual crimes, one suspect at a time, now face campaigns that generate massive victim counts and complex infrastructure chains. The “unit economics” of crime have changed: a small effort by an attacker can create disproportionately large harm.
The myth of the lone genius is outdated
Anett raises a misconception many people still hold: cybercriminals as mysterious lone wolves—hoodies, basements, and elite genius-level skill. Vahur’s response is direct: that picture no longer fits reality. While lone actors still exist, cybercrime today often resembles a business—comparable to a startup. It has operational structure, logistics, and even HR-like functions. Tools are widely available, cheap, and increasingly easy to use.
This matters for organizations and policymakers because it shifts the threat model. The risk isn’t only “top-tier” attackers; it’s also the expanding pool of people who can assemble effective capabilities with off-the-shelf tools and a willingness to act. In Vahur’s view, the barrier to entry has become so low that a teenager can cause serious damage—he references a case where a young person hacked a major Estonian logistics company with minimal effort and exposed large amounts of personal data. The “shock,” he notes, is not always sophistication—it’s how little effort can now produce real harm.
The emotional dimension: victims at scale become statistics
Anett asks an important human question: how does prosecuting cybercrime feel compared to violent or organized crime? Vahur explains that cybercrime’s scale changes how it registers emotionally and intellectually. In traditional crimes you can see the victim and understand their pain directly; in large cyber cases, where there may be tens of thousands or hundreds of thousands of victims, that pain risks turning into numbers and statistics.
This is not a moral claim that victims matter less. It’s an operational reality: at that volume, individual stories can be harder to surface inside processes built for manageable case sizes. For leaders and citizens, the takeaway is clear: cyber harm is real harm—often distributed across many people in smaller slices, but still devastating in aggregate.
From criminal justice to national security: trust becomes the target
The conversation then expands from crime into national security. Vahur distinguishes between two driving forces behind cybercrime. The first is greed—profit-seeking criminals going after money. The second, especially when state-linked or geopolitically motivated actors are involved, shifts from money toward trust. Here, the goal may be to gather sensitive data, spread mistrust, and shake foundational pillars of democracy—through influence operations, attacks on government systems, or campaigns designed to destabilize confidence in institutions.
For Estonia, this is particularly significant. Estonia is a deeply digital “e-state,” where day-to-day life relies on digital services and trust in government systems. Vahur argues that once trust begins to crumble, adversaries have achieved something strategically valuable. In this framing, cyber defense isn’t merely technical—it’s tied to societal cohesion.
Anett and Vahur also discuss disruptive attacks that appear linked to political timing, sometimes clustering around notable dates or moments when geopolitical tensions rise. The point isn’t only “there are attacks,” but that motivation can be symbolic and strategic: disruption, signaling, and erosion of confidence.
Are we doing enough? Defense vs. citizen-level fraud
On preparedness, Vahur expresses confidence in Estonia’s ability to defend itself compared to earlier years. The country has improved its resilience and capability to withstand large-scale attacks without collapsing into crisis. He emphasizes that Estonia has agencies operating continuously, and that Estonia’s “digital warriors” are highly capable on a global scale.
But he also points to a different category that still demands attention: cyber-enabled crimes that target ordinary citizens—fraud, scams, and social engineering that drain real money from real people. Here, prevention isn’t only a matter of state defense; it’s also education and practical awareness—helping citizens understand how criminals operate and what tools and habits reduce risk.
For business leaders, there’s an implicit message: cyber resilience has layers. Even if national infrastructure is robust, organizations and individuals still need to address the “everyday” threat layer—where attackers exploit human behavior, weak authentication, and exposed personal data.
The prosecution reality: cybercrime is always international
Perhaps the most valuable part of the episode for professionals is Vahur’s explanation of why investigating and prosecuting cybercrime is uniquely difficult in practice: cybercrime is almost always international. Victims may be in one country, infrastructure in another, suspects in a third, and the money flowing through a fourth. It’s a “mess,” as Anett describes—and Vahur agrees.
There are frameworks for cooperation (Vahur mentions the Budapest Convention), but the core challenge remains: law enforcement moves at human speed while data moves instantly. Investigators and prosecutors are often two or three steps behind by default. Evidence disappears, gets overwritten, or becomes harder to retrieve as time passes—especially when it sits inside private systems or foreign jurisdictions.
The only consistent path forward, Vahur argues, is strong international cooperation between law enforcement agencies. But—and this is crucial—there is no silver bullet. The system is deliberately slow in places because democracies prioritize checks and balances, human rights, and sovereignty. That slowness protects citizens from abuse, yet it also creates friction that criminals exploit.
Punishment vs. deterrence: why certainty matters more than severity
Anett asks a question many listeners will be thinking: are cybercriminals treated too lightly compared to the harm they cause? Vahur’s answer is nuanced. He doesn’t focus on harsher punishments. He focuses on deterrence through certainty: deterrence works when a potential criminal believes they will be identified and that consequences will follow. If criminals believe they can escape justice—by hiding behind borders, anonymity, and slow processes—then increasing sentences alone won’t fix the problem.
In other words: the most important improvement is raising the likelihood of being caught and prosecuted. That requires better cross-border processes, faster evidence sharing, and more effective cooperation structures. It’s not about building a surveillance state; it’s about making lawful cooperation work at a tempo that is at least closer to the tempo of digital crime.
The biggest bottleneck: international cooperation built for a slower world
When Anett asks Vahur to name the biggest bottleneck—technology, legislation, skills, or international cooperation—he chooses international cooperation. He acknowledges law enforcement can be strong in skills and tools, but the cross-border system is built to function slowly, sometimes intentionally. It was designed for a world where evidence and criminals traveled physically and where sovereignty boundaries were harder lines. Cybercrime ignores those boundaries.
Vahur provides a useful illustration: even within one country, a search warrant involves multiple steps—police to prosecutor, prosecutor to judge, judge approval—often taking days or weeks. Those checks protect rights. But cybercriminals do not respect the same constraints. They move instantly, copy data endlessly, and scale impact cheaply. This mismatch is the core tension modern democracies must manage.
If Vahur could change one thing “tomorrow,” it would be faster, more trusted evidence sharing across borders—so that evidence collected in one jurisdiction can be used effectively and quickly in another, without long delays and procedural bottlenecks. He emphasizes that for meaningful impact, this needs to work globally, not only among close neighbors.
The personal cost: public officials live with extra caution
The episode closes on a personal note: as a cyber prosecutor and public figure, Vahur has been targeted digitally. He takes precautions and relies on a safety network and investigative support when needed. He also notes that public officials—law enforcement, prosecutors, judges—understand the environment Estonia operates in and tend to be more careful than the average citizen, particularly given regional realities.
What listeners will learn—and how to apply it
This episode matters because it connects cyber threats to the real-world machinery of justice and security. Listeners will come away with a clearer understanding that:
- Cybercrime’s defining feature is scalability—and that changes how we must defend and prosecute.
- Modern cybercrime often operates like a business, not a solo act, and the barrier to entry is low.
- Cybersecurity is now inseparable from trust, especially for digital societies like Estonia.
- The biggest constraint on justice isn’t only technology—it’s cross-border cooperation built for a slower era.
- Deterrence improves when prosecution becomes more likely, not merely when punishments are harsher.
Practical application for leaders: treat cyber risk as both operational and strategic. Invest in prevention and resilience, but also understand that response and accountability depend on evidence—and evidence depends on speed, logging, retention, and cooperation. For citizens: awareness and basic hygiene still matter because many crimes succeed through simple, repeatable tactics at scale.
Call to action: Listen to the full episode to hear how Estonia’s cyber prosecutor sees the evolving threat landscape, the justice system’s real bottlenecks, and what needs to change next. Visit NEVERHACK Estonia for more CyberCast episodes, and subscribe so you don’t miss what’s coming next.
