IN less than 15 years, cybercrime has moved from obscurity to the spotlight of consumer, corporate and national security concerns. Popular accounts suggest that cybercrime is large, rapidly growing, profitable and highly evolved; annual loss estimates range from billions to nearly $1 trillion. While other industries stagger under the weight of recession, in cybercrime, business is apparently booming.
Yet in terms of economics, there’s something very wrong with this picture. Generally the demand for easy money outstrips supply. Is cybercrime an exception? If getting rich were as simple as downloading and running software, wouldn’t more people do it, and thus drive down returns?
We have examined cybercrime from an economics standpoint and found a story at odds with the conventional wisdom. A few criminals do well, but cybercrime is a relentless, low-profit struggle for the majority. Spamming, stealing passwords or pillaging bank accounts might appear a perfect business. Cybercriminals can be thousands of miles from the scene of the crime, they can download everything they need online, and there’s little training or capital outlay required. Almost anyone can do it.
Well, not really