In this paper the Authors present the first systematic study of the costs of cybercrime.
For each of the main categories of cybercrime Authors set out what is and is not known of the direct costs, indirect costs and defence costs - both to the UK and to the world as a whole.
They distinguish carefully between traditional crimes that are now "cyber" because they are conducted online (such as tax and welfare fraud); transitional crimes whose modus operandi has changed substantially as a result of the move online (such as credit card fraud); new crimes that owe their existence to the Internet; and what they might call platform crimes such as the provision of botnets which facilitate other crimes rather than being used to extract money from victims directly.
As far as direct costs are concerned, they find that traditional offences such as tax and welfare fraud cost the typical citizen in the low hundreds of pounds/Euros/dollars a year; transitional frauds cost a few pounds/Euros/dollars; while the new computer crimes cost in the tens of pence/cents.
However, the indirect costs and defence costs are much higher for transitional and new crimes.
As a striking example, the botnet behind a third of the spam sent in 2010 earned its owners around US$2.7m, while worldwide expenditures on spam prevention probably exceeded a billion dollars.
We are extremely inefficient at fighting cybercrime. Some of the reasons for this are well-known: cybercrimes are global and have strong externalities, while traditional crimes such as burglary and car theft are local, and the associated equilibria have emerged after many years of optimisation.
Read all the paper here: