The evolution of new offensive capabilities by non-state actors and nation-states has broadened the scope of the cyber threat landscape. These new tools have unprecedented surveillance and espionage capabilities. The proliferation of cyber tools has lowered entry barriers for those wanting to enter the cybersecurity space. The increasing ability of non-state actors and nation-states to acquire commercial cyber tools has enabled them to leapfrog beyond established threats allowing a threat actor to create difficult to predict geopolitical instability. In today's environment, private sector and government executives face the constant challenge of managing the emergence of these new cyber threats. Our goal is to provide a framework for understanding the capabilities of threat actors in a future where cyber arms are the norm. This framework includes three distinct categories of sophistication:
1. Established actors: Those with the most advanced, accurate, and agile tools.
2. Emerging actors: Includes nation-states, criminal organizations, and those with defined processes.
3. Opportunistic actors: Generally those associated with cybercriminal activity.