Cybercrime has become one of the most important economic challenges on a global scale in recent years. The development of new technologies has allowed for more and more information and data to be stored in Cloud. This trend has also increased due to the Covid-19 pandemic. The confinement contributed to the global expansion of teleworking since a good part of social relations had to be carried out online.
We live in a digitalized society and, although we are not aware of it, the security of our social and economic relations is threatened by cybercrime.
Cybercrime as an economic problem
The crimes associated with cybercrime are very varied, with a wide diversity of agents and motivations. In this sense, it should be noted that there is an important category of crimes that are difficult to understand from the logic of economics, such as cyberterrorism or attacks for ideological reasons or revenge. In these cases, the motivations of cybercriminals are more related to psychological aspects than to the search for economic benefits.
Although cybercrime is a threat that affects all Internet users, companies are the most affected, mainly due to the costs it generates. So, for example, the NotPetya cyber attackconsidered the most harmful in history, meant for FedExa multinational courier company listed on the New York Stock Exchange, more than 300 million dollars in losses.
The same volume of losses was reported by the Swedish shipping company Maersk as a result of the same attack, which forced it to paralyze part of its production chain for weeks. In total, NotPetya is estimated to have caused losses close to 10 billion dollars in the affected companies.
Loss of customer confidence
The damage caused by cybercrime to companies is not limited to the costs they have to bear for interrupted business or to repair the damage caused. Companies affected by cyberattacks have to face the damage suffered by their reputation on the Internet and the loss of trust of their potential consumers.
A paradigmatic case is the cyberattack suffered by the website of extramarital contacts Ashley Madison in 2015 by the group of hackers The Impact Team. This attack revealed 300 GB of personal data of web users, including bank details, real names and intimate information. Then many users were extorted by other cybercriminals, who demanded money in exchange for not revealing this information to their relatives.
Precisely because of the reputational damage that publicly admitting to having been the victim of a cyberattack entails for a company, many keep secret and they are not even reported.
In addition to the fear of losing the trust of your customers, there are other causes that can explain this behavior. One of them may be mistrust of the ability of national security forces to deal with international criminal groups. Another is the need to resume business activity as soon as possible. Even if this means giving in to the extortion of cybercriminals and paying the amounts they demand in order to restore normality in the company.
Determinants of cybercrime
Cybercrime is a complex phenomenon, encompassing many very different activities that are carried out by a wide variety of actors. For this reason, it is difficult to detail its causes, since they are very varied and range from personal factors, such as the personality or ideology of cybercriminals, to international phenomena such as growing globalization or the expansion of the Internet and new technologies.
There are also other factors that influence cybercrime, such as the regulatory framework or the socioeconomic level of a country. For example, Russia or China they do not usually collaborate with other countries in the investigation of cybercrimes that do not adversely affect their national interests. In fact, they have refused to sign the Budapest Convention, the only existing international treaty on cybercrime. Thus, cybercriminals see how their actions abroad can go unpunished, which creates an incentive to continue their criminal activity. The threats are global, but the laws are not.
It has also been noted that many cybercrimes arise from developing countries with limited regulation and high unemployment rates. In this sense, cybercrime is more likely to emerge in countries where the IT workforce does not find employment opportunities suitable for their level of training. is what has happened in Russia and other Eastern European countries.
How to act in the face of this global challenge?
First of all, it is essential to have reliable sources of information on cybercrime and its economic impact. It is also recommended that the information come from independent bodies. The fact that the authors of the investigations are companies specialized in cybersecurity causes distrust in the reliability of their data.
Second, cybercrime is an activity that is constantly innovating and transforming. This is a serious problem for both cybersecurity companies and law enforcement agencies, which cannot respond to the immediacy of changes in cybercrime.
In this sense, although it is very difficult to foresee the future, there are many reasons for concern, especially due to the development of the 5G technology and artificial intelligence. Although they can contribute to improving economic cybersecurity, they can also greatly expand the possibilities of cybercrime.
International cooperation, personal privacy
Cyber attacks are transnational threats that country borders cannot stop. In order to advance in this direction, it would be necessary to establish strong cooperation ties between countries and institutions, but also with private companies.
Unfortunately, it is very difficult to achieve an effective degree of international and public-private collaboration. In addition, the measures aimed at combating cybercrime and increasing the security of networks happen, in many cases, by collecting personal information from citizens, which can be considered as an intrusion on their privacy, thus making their application difficult.
In short, cybercrime is a major challenge for global governance. While the threat has no borders, the institutions and regulations aimed at its control and eradication are limited to national territories.
Therefore, it is essential to establish supranational regulatory and normative institutions that can provide a global solution to this problem.
Maria Teresa AceytunoPhD in Economics, University of Huelva
This article was originally published on The Conversation. read the original.
