Adding up the costs of cybercrime
Ever wonder what is the real, actual cost of cybercrime? A team of researchers did it back in 2012 – and now they have done it again. Their key finding: About half of all property crime, by volume and by value, is now done online. In most cases, the cost of these criminal activities are socialized – spread out everywhere – with people paying on average about 10 times more to defend themselves than the bad guys are able to take in from their illicit activities.
The researchers looked into victimization surveys from the UK, France, USA, and a few other countries tin their attempt to tally up the costs from cybercrime. Some of the biggest areas were the $2 billion attributed to cryptocurrencies, ad fraud in the low billions, and WannaCry/NotPetya $1-2 billion. Their findings were released at the 2019 Workshop on the Economics of Information Security this June in Boston.
In France, for example, a victimization survey found that fraud and scams together amount for more offences than the rest of more traditional property crimes combined such as burglaries (2%), vandalism (2%), pickpocketing, and mugging. “Thus Fraud is growing strongly, having doubled since 2011 – and the only other property crime that’s growing rapidly is nonviolent personal theft, thanks to smartphones,” stated the report.
Crimes in a nutshell
Much of the growth in cybercriminal activities is societal. We do lots of activities now online – file taxes, buy groceries, plan trips – so any criminal activities targeting them are also online. In addition, the researchers tried to take a look at the direct financial costs – not the time costs involved in re-mediating something like identity theft. That said, here are some interesting angles on the theme:
- Payment fraud – While payment fraud has more than doubled in value, the percentage has fallen slightly. This means that we are making more online payments and the overall safety is marginally better.
- Business email compromise and those involving cryptocurrencies (i.e. empowering ransomware) are two significant forms of cybercrimes.
- Cloud – The move to the cloud means that configuration errors might be causing as many breaches as phishing attacks.
- Nation state activities – If a country sponsored malware such as NotPetya does damage, is it considered criminal damage or an act of war?
- Infrastructure – Networks such as smart device botnets were just a dream in 2012 and are still evolving.
In the seven years from their first study, the world has changed technologically. Instead of a Windows powered PC, more people are on their Android mobile phones. In addition, there is a huge jump in both people and businesses storing data in the cloud instead of on a local hard drive. Even changes in what drugs are protected under patent law have had an impact. Since protection for Viagra has ended, the online market for this substance has collapsed. That said, the core problem according to the researchers is that cybercriminals operate with near-complete impunity – and it might be better to spend less on the anticipation of cybercrime and a lot more on catching and punishing the perpetrators. “We will not get a real handle on cybercrime until we put an end to impunity,” they concluded.