Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

Measuring the changing cost of cybercrime

Anderson, Ross, Barton, Chris, Bölme, Rainer, Clayton, Richard, Gañán, Carlos, Grasso, Tom, Levi, Michael ORCID:, Moore, Tyler and Vasek, Marie 2019. Measuring the changing cost of cybercrime. Presented at: The 2019 Workshop on the Economics of Information Security, Boston, US, 3-4 Jun 2019.

[thumbnail of Levi_Measuring the Changing Cost of Cybercrime.pdf] PDF - Accepted Post-Print Version
Download (437kB)


In 2012 we presented the rst systematic study of the costs of cybercrime. In this paper, we report what has changed in the seven years since. The period has seen major platform evolution, with the mobile phone replacing the PC and laptop as the consumer terminal of choice, with Android replacing Windows, and with many services moving to the cloud. The use of social networks has become extremely widespread. The executive summary is that about half of all property crime, by volume and by value, is now online. We hypothesised in 2012 that this might be so; it is now established by multiple victimisation studies. Many cybercrime patterns appear to be fairly stable, but there are some interesting changes. Payment fraud, for example, has more than doubled in value but has fallen slightly as a proportion of payment value; the payment system has simply become bigger, and slightly more ecient. Several new cybercrimes are signicant enough to mention, including business email compromise and crimes involving cryptocurrencies. The move to the cloud means that system misconguration may now be responsible for as many breaches as phishing. Some companies have suered large losses as a side-eect of denial-of-service worms released by state actors, such as NotPetya; we have to take a view on whether they count as cybercrime. The infrastructure supporting cybercrime, such as botnets, continues to evolve, and specic crimes such as premium-rate phone scams have evolved some interesting variants. The overall picture is the same as in 2012: traditional oences that are now technically `computer crimes' such as tax and welfare fraud cost the typical citizen in the low hundreds of Euros/ dollars a year; payment frauds and similar oences, where the modus operandi has been completely changed by computers, cost in the tens; while the new computer crimes cost in the tens of cents. Defending against the platforms used to support the latter two types of crime cost citizens in the tens of dollars. Our conclusions remain broadly the same as in 2012: it would be economically rational to spend less in anticipation of cybercrime (on antivirus, rewalls, etc.) and more on response. We are particularly bad at prosecuting criminals who operate infrastructure that other wrongdoers exploit. Given the growing realisation among policymakers that crime hasn't been falling over the past decade, merely moving online, we might reasonably hope for better funded and coordinated law-enforcement action.

Item Type: Conference or Workshop Item (Paper)
Date Type: Completion
Status: Unpublished
Schools: Social Sciences (Includes Criminology and Education)
Date of First Compliant Deposit: 20 May 2019
Last Modified: 04 Nov 2022 12:20

Actions (repository staff only)

Edit Item Edit Item


Downloads per month over past year

View more statistics