Cybercrime is not chaotic; it is geological. Like metamorphic rock, it transforms under pressure, hardening, folding, and resurfacing wherever the environment creates weakness. And it doesn’t move randomly: rather, it is guided by geopolitical tension, fragile supply chains, exposed sectors, weak security habits, and the simple logic of return on investment. For MSPs, that matters because they have become high-value strategic targets.
Dr. Stefanie Frey, Managing Director of Deutor Cyber Security Solutions GmbH, studies cybercrime through a wider lens: not only as a technical problem, but as part of a global threat landscape shaped by state actors, organized crime, geopolitical instability, and the growing complexity of digital supply chains.
During a friendly yet profound conversation with Dr. Frey, she explains what a “cybercrime heatmap” really shows, why every company is now part of the attack surface, and why MSPs need to move beyond generic threat warnings. Because in today’s environment, the question is not only who gets attacked. It is who becomes the route into everyone else.
She is also among the prominent speakers set to engage the audience at MSP GLOBAL 2026 with her talk, “Geo-Strategic Threat Landscape and Global Perpetrator Groups: How Does It Influence MSPs?”.
When we talk about a “cybercrime heatmap,” what exactly are we looking at?
A comprehensive cybercrime heatmap is a multidimensional view of risk. It integrates geopolitical tensions, the specific motivations of state actors, and the modus operandi of various perpetrator groups. It is not just a map of locations, but a synthesis of geography, industry vulnerability, and evolving attacker strategies.
What does the current landscape reveal that many companies still underestimate?
Many organizations fail to realize that cyber-attacks are now a standard tool in the global “toolbox,” sitting alongside conventional and economic levers. In our hyper-connected, globalized economy, supply chains have become so intricate that most companies lack visibility into their own dependencies. This complexity masks the true capabilities of modern perpetrators, leading to a dangerous gap in institutional resilience.
Are there particular regions or industries becoming more visible?
While certain sectors may see spikes in activity based on global events, the reality is that everyone is a target. In a digitized economy, every organization serves as either a primary goal or a secondary steppingstone to a larger prize.
How should MSPs use intelligence beyond simple “high threat” warnings?
MSPs must move toward transparency and accountability. Currently, the relationship between vendors, MSPs, and end customers is often opaque, creating significant ambiguity regarding liability and risk ownership. Practical intelligence involves clarifying who is responsible for specific security and establishing clear protocols for when—not if—an attack occurs.
What are the main indicators that a company or sector is moving into a higher-risk zone?
A sector enters a “high-risk zone” when it experiences:
- Increased Geopolitical Friction: If a sector is critical to national infrastructure or economic stability during a conflict.
- Technological Consolidation: When many companies rely on a single software or service provider, creating a “single point of failure”.
- High Ransom Potential: Industries with low downtime tolerance, such as healthcare or logistics, are inherently higher-risk targets.
How do cybercriminals choose their targets?
It is a combination of intent and opportunity. While geopolitical context drives state actors, criminal groups often prioritize the path of least resistance. MSPs are now the premier target because they offer a “one-to-many” ROI. By breaching a single MSP with inadequate security, a perpetrator gains access to dozens, or even hundreds, of downstream companies simultaneously.
What role does organized cybercrime play today?
The line between organized crime and white-collar business is blurring. Criminal organizations are adopting professional Cloud-based infrastructures and corporate-style hierarchies. They treat cyber-attacks as a “means to an end” for financial gain, often mirroring the sophistication of state-linked groups. In a digital world, almost all organized crime now has a cyber component.
What is the most important message for an MSP advising an SME?
Success is built on five pillars:
- Rigorous IT Hygiene: Master the basics first.
- Threat Intelligence: Understand the who, why, and how of the threat landscape.
- Risk Mapping: Align cyber security with actual business risks.
- Mutual Trust: Ensure the MSP and the client have both invested equally in security.
- Vulnerability Awareness: Identify and fortify the weakest link in the chain.
What is the one takeaway for a Board of Directors?
Cybercriminals are often more successful than we are because they invest more time in understanding our business and technology than we do. They treat an attack as a high-stakes investment; we must treat our defense with the same level of strategic priority.
Dr. Stefanie Frey will be speaking at MSP GLOBAL 2026, taking place October 21–22 at PortAventura Theme Park near Barcelona, Spain, with her session: “Geo-strategic Threat Landscape and Global Perpetrator Groups: How does it influence MSPs.”
Join the global community of MSPs, MSSPs, resellers, systems integrators, IT leaders, cybersecurity experts, and digital enablement specialists for two days of intelligence, networking, and real-world security insight.
Registration is free for MSPs, MSSPs, resellers, systems integrators, and corporate IT managers.
GET A FREE TICKET!
