Massive Changes to Tech and Platforms, But Cybercrime? Not So Much

The still-relevant recommendation is to invest more in law enforcement, concludes an economic study of cybercrime.

In 2012, a group of cybersecurity researchers and social scientists studied the impact of cybercrime and its cost to society, concluding that the money spent anticipating an attack is less effective than money spent responding to an attack.
This week, many of the same researchers released an updated paper at the Workshop on the Economics of Information Security (WIES) conference, in Cambridge, Mass., that looks at direct and indirect damages due to cybercrime, as well as the cost to defend against the crimes. Their conclusion? While people and technology are more interconnected and different platforms have become dominant, the overall impact of cybercrime remains relatively the same.
One of the lessons of the paper is that, although theres been huge changes — new platforms, some crime types replacing others, etc. — the overall picture is little changed, says Richard Clayton, a co-author of the paper, director of the Cambridge Cybercrime Centre, and a security researcher at the Computer Laboratory at the University of Cambridge. Thats because fixes are not technical but have to do with incentives, economics, criminal justice, sociology, [and] criminology.
The latest research attempting to quantify the costs of cybercrime comes as estimates for the market for cybersecurity products and services continue to grow. Largely unsupported estimates of cumulative annual growth vary from
9%
to
18%
, and estimates vary from
$119 billion in 2019
to
more than $300 billion in 2024
.
Similarly, the cost of cybercrime has been a quantity of much speculation. One firm estimates costs of
about $1 trillion annually in 2019
, while another estimates
a supersized $6 trillion in yearly damages by 2021
.
The paper presented at
WEIS
aims to inject some sanity into all of these estimates, representing the most complete look at the state of cybercrime without relying on data collected by companies that are trying to sell security products, says security expert Bruce Schneier, a lecturer at Harvard Universitys Kennedy School of Government.
It is the best data that we have that isnt being driven by some corporate agenda, he says. To me, that is the key for why this is important. They dont have a dog in the fight. They are just trying to figure it out.
For the most part, the paper underscores the unreliability of current data. Among the best data is payment fraud, which has doubled in total volume since 2012 but has decreased as a percentage of the total amount of payments.
The paper finds that only a dozen or so crimes — such as online credit-card fraud, cryptocrime, ad fraud, and telecom fraud — actually result in more than $1 billion in damages. However, new ways of doing business using connected devices has resulted in new pathways for fraud; the world has changed since the original paper, the authors stressed.
New apps, such as ride hailing, and new technologies, such as cryptocurrencies, create new targets, while old targets, such as medical records, have migrated to cloud services, they wrote. So larger quantities of personal information are kept online and are open to a variety of attacks.
This leaves the authors with little advice for the average user or small or midsize enterprise (SME), Clayton says.
It might make sense to replace your Windows machines with Chromebooks because that allows you to eliminate some attack types, he says. But, generally, the step change in response is needed by law enforcement, not SMEs.
The actual economic problem is paying for defenses for every person is extremely inefficient. The cost of securing their systems outpaces the damages caused by cybercriminals. Instead, nations should focus on empowering law enforcement to pursue and punish cybercriminals, the authors argued.
The core problem is that many cybercriminals operate with near-complete impunity,
the paper
states. We will not get a real handle on cybercrime until we put an end to impunity.
Yet that remains a difficult, Schneier says.
That is easy to say and hard to do anything about because it is so international, he says. A lot of the impunity comes from the difficulty of reaching into some country in, say, sub-Saharan Africa and exacting penalties.
In addition, attempts by the United States to hold actors from larger countries accountable has typically failed. In 2018, as part of the Mueller investigation, the US government issued arrest warrants for 12 Russian nationals who allegedly took part in that countrys interference in the US elections. To reduce the cost of cybercrime, such actions need to become more common and effective, the paper stated.
Related Content:
Certifiably Distracted: The Economics of Cybersecurity
FBI: Cybercrime Losses Doubled in 2018
Mueller Probe Yields Hacking Indictments for 12 Russian Military Officers
Can Businesses Stand Up to Cybercrime? Only 61% Say Yes
Taming the Digital Wild West

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Massive Changes to Tech and Platforms, But Cybercrime? Not So Much