Cybersecurity and the Cybercrime Business
Cybercrime as an economy not just as a business A study sponsored by Bromium, takes the position that cybercrime is no longer just a business, following corporate business strategies, but should be viewed as an economy. An economy that parallels the legitimate world economy and often intersects with it. The study states that cybercrime now generates at an estimated $1.5 trillion annually. To put that in comparison, the annual GDP of US: $19.4 trillion, China: $11.8 trillion and Japan: $4.84 trillion. Cybercrime is at about the range of Canada: $1.5 trillion. The revenue breakdown of cybercrime is estimated at: Illicit, illegal online markets: $860 billion Trade secret, intellectual property theft: $500 billion Data trading of stolen data: $160 billion Crimeware, Cybercrime-as-a-Service: $1.6 billion Ransomware: $1 billion
The study explores in depth the shift of cybercrime from selling data to make money vs using stolen data to make money. The study talks about platform capitalism, practices by companies such as Facebook, Google, YouTube, and others when the profit is from leveraging a platform, rather than selling a specific hard commodity or service. The author labels current cybercrime as platform criminality. The owners of the cybercrime platforms make the big money; the users of the actual malware for example, make less. The study also explores how the illegal revenue is spent. In some ways, criminals spend money like honest workers. Standard living expenses: 15% Status spending: 15% Property investment: 30% Hedonistic spending: 20% Reinvestment into criminal activities: 20%
The study’s conclusions, observations and recommendations include Cybercrime prevention needs to be approached holistically, beyond fixes for just specific problems such as ransomware. It is easier to make money by cybercrime that by “traditional crimes” such as robbery. Start-up cost is low and easy for wantabe criminals to get into the crime business. Different approach to dealing with the expanding threat of stolen corporate secrets is needed. With the huge increase in revenue from cybercrime, more funds are available to be invested into expanding the crime efforts and to be allocated to other crime activities such as terrorism and human trafficking. The overlap of legitimate business with criminal business is increasing. Corporations, national states and others are involved with the revenue generation, laundering, and revenue disposal by nature of the focus and mechanics of the cybercrime. Data and data protection are not just about privacy. Data is a key source for generating wealth, both legitimately and illegally. Significantly more research is needed to determine the revenue numbers and related impacts as an economy.
If you are interested is the money components of cybercrime, this 178 page paper is worth reading. There is an extensive bibliography included. The author is Dr. Michael McGuire Senior Lecturer, University Of Surrey.