New York Times: The Cybercrime Wave That Wasnt, by Dinei Florêncio, researcher and Cormac Herley, principal researcher at Microsoft Research
“In less than 15 years, cybercrime has moved from obscurity to the spotlight of consumer, corporate and national security concerns. Popular accounts suggest that cybercrime is large, rapidly growing, profitable and highly evolved; annual loss estimates range from billions to nearly $1 trillion. While other industries stagger under the weight of recession, in cybercrime, business is apparently booming. Yet in terms of economics, theres something very wrong with this picture. Generally the demand for easy money outstrips supply. Is cybercrime an exception? If getting rich were as simple as downloading and running software, wouldnt more people do it, and thus drive down returns? We have examined cybercrime from an economics standpoint and found a story at odds with the conventional wisdom. A few criminals do well, but cybercrime is a relentless, low-profit struggle for the majority. Spamming, stealing passwords or pillaging bank accounts might appear a perfect business. Cybercriminals can be thousands of miles from the scene of the crime, they can download everything they need online, and theres little training or capital outlay required. Almost anyone can do it. Well, not really. Structurally, the economics of cybercrimes like spam and password-stealing are the same as those of fishing. Economics long ago established that common-access resources make for bad business opportunities. No matter how large the original opportunity, new entrants continue to arrive, driving the average return ever downward. Just as unregulated fish stocks are driven to exhaustion, there is never enough easy money to go around. How do we reconcile this view with stories that cybercrime rivals the global drug trade in size? One recent estimate placed annual direct consumer losses at $114 billion worldwide. It turns out, however, that such widely circulated cybercrime estimates are generated using absurdly bad statistical methods, making them wholly unreliable.”
Sorry, comments are closed for this post.