Cyber‑Crime Is Becoming Physical: Why Businesses Must Prepare for a New Era of Threats
According to the BBC, there’s been a disturbing evolution in cyber‑crime where there’s been an increasing use of physical threats and real‑world intimidation alongside digital attacks. For years, ransomware gangs have relied on encrypting systems, stealing data, and demanding payment. But the BBC highlights that criminals are now going further – threatening violence, stalking employees, and even orchestrating kidnappings.
This shift marks a dangerous new chapter in the cyber‑crime landscape, and businesses of all sizes must take note.
From Digital Threats to Physical Intimidation
While negotiating with a ransomware group on behalf of a US government organisation, Tim Beasley, a security professional at US firm Semperis, received a package at his home. Inside was a threatening note implying physical harm if he did not “back off”.
This was not an empty scare tactic. The attackers had obtained his home address and were willing to escalate beyond the digital realm. As Beasley told the BBC, “It does make you want to look behind your back.”
Unfortunately, his experience is not isolated.
According to FBI data cited by the BBC, physical threats linked to cyber‑attacks more than doubled in the US last year, with total cyber‑crime losses reaching $20.8bn (£15.4bn) in 2025, up from $16.6bn the year before. UK cyber‑attacks also hit record highs.
Semperis’ own research found that in 40% of global ransomware attacks, criminals threatened physical harm to staff who refused to pay. In the US, this figure rose to 46%.
This is no longer a fringe tactic — it is becoming mainstream.
How Criminals Are Using Personal Data to Intimidate Staff
One of the most alarming trends highlighted in the report is the use of personal data to threaten employees directly.
Zac Warren of cybersecurity firm Tanium described a hospital attack where hackers phoned nurses by name, recited their home addresses, and even quoted their social security numbers.
The goal was simple: create fear, panic, and pressure to pay the ransom.
This tactic is effective because:
Employees feel personally targeted
Organisations fear for staff safety
Pressure mounts internally to resolve the situation quickly
Criminals gain psychological leverage
In some cases, attackers have even demonstrated control over physical machinery – switching robots or conveyor belts on and off – creating the potential for workplace injuries or worse.
Who Is Behind These Attacks?
The BBC report notes that while some ransomware gangs are state‑sponsored (including groups linked to Russia, China, Iran, and North Korea), most physical threats come from financially motivated criminals, often surprisingly young, many between 17 and 25.
These groups frequently outsource the physical intimidation. As Beasley explained, hackers “don’t want to get their own hands dirty”, so they recruit others online to carry out stalking, vandalism, or assaults.
This has given rise to what Europol and the FBI call “violence‑as‑a‑service” – a chilling marketplace where anyone can pay for real‑world harm.
The FBI recently warned about a network known as “In Real Life Com”, a loose collective of criminals offering everything from throwing bricks through windows to arson and kidnapping.
Adam Meyers of CrowdStrike told the BBC that lower‑skilled criminals gravitate toward violence‑as‑a‑service because “violence is often the only thing they have that they can bring to the party.”
Cryptocurrency Wealth: A Magnet for Kidnapping and Extortion
The BBC report also highlights the growing link between cryptocurrency and physical violence.
In one shocking case, French police rescued the father of a crypto‑millionaire who had been kidnapped and held for ransom. Reports suggest one of his fingers was cut off.
Across Europe, including the UK, there were more than 18 such cases last year, with Europol noting a “dramatic increase” in cyber‑crime involving physical attacks.
Why crypto investors?
Because many inadvertently advertise their wealth online. As Meyers put it:
“Cryptocurrency people tend to have discussions about it in a way that you don’t find with people who maybe have gold.”
Public bragging, social media posts, and online trading discussions make them easy targets.
Why Physical Threats Are Rising
The BBC report suggests a simple reason: because it works.
Victims pay to protect their families. Businesses pay to protect their staff. And as long as ransoms are paid, criminals will escalate.
Beasley warns that threats of violence will continue to rise “because people keep paying… They don’t want their kids getting kidnapped.”
This is the uncomfortable reality businesses must now confront.
What This Means for UK Businesses
Cyber‑crime is no longer just an IT issue – it is a board‑level risk with potential consequences for:
Staff safety
Business continuity
Regulatory compliance
Financial stability
Reputation and customer trust
Even small businesses are vulnerable. Criminals often target organisations with weaker defences, knowing they are more likely to pay quickly.
Practical Steps Businesses Can Take Today
To help businesses protect their organisations from both digital and physical escalation, here are five actionable recommendations:
Strengthen Cyber Hygiene
Enforce strong password policies
Implement multi‑factor authentication
Keep systems patched and updated
Limit access to sensitive data
Train Staff to Recognise Threats
Employees should know how to spot phishing attempts, suspicious calls, and social engineering tactics. Regular training reduces risk dramatically.
Protect Employee Personal Data
Review what personal information your business stores and who can access it. Reduce unnecessary data retention and encrypt sensitive records.
Develop a Ransomware Response Plan
This should include:
Clear escalation procedures
Communication protocols
Legal and regulatory considerations
A plan for engaging cybersecurity specialists
Conduct Regular Risk Assessments
Identify vulnerabilities across IT systems, physical security, and staff exposure. Update assessments annually or after major organisational changes.
How ATN Partnership Can Support You
While cybersecurity may not traditionally fall within the remit of an accountancy practice, modern financial and operational risk management increasingly overlaps with cyber‑risk.
How we can support you:
Reviewing your financial exposure to cybercrime
We help quantify potential losses, assess insurance adequacy, and model the financial impact of downtime or ransom payments.
Strengthening internal controls
We can identify weaknesses in payment processes, authorisation workflows, and financial data handling that criminals often exploit.
Supporting compliance and governance
From GDPR to financial reporting obligations, we ensure your organisation meets its legal duties around data protection and risk management.
Connecting you with trusted cybersecurity partners
We work alongside reputable IT and security specialists who can provide penetration testing, incident response, and staff training.
To find out more about how ATN can assist you, contact our friendly and experienced Client Managers.