The Changing Costs of Cybercrime
The Workshop on the Economics of Information Security generates year after year some of the best research on information security. This year is no different with the publication of a new paper on the costs of cybercrime. Here are the main takeaways for the financial industry.
To measure the costs of cybercrime, we include:
1. Direct costs: value of all damages to victims;
2. Indirect costs: social costs of a criminal activity such as lost of trust in e-commerce and;
3. Defence costs: preventive measure costs such as spam filtering.
How Cybercrimes Compare To Each Other
Finding reliable data on all three costs is still very much an issue but the authors scraped together the best estimates they could for the 14 main cybercrime types as shown below.
The authors find that bank and credit fraud are on the rise. They remain much smaller than telecom fraud (ex. abusing PABX systems), ad fraud and fiscal fraud which all range in the billions of dollars.
Increase in Online Card Fraud to over US$900M
The costs of online card fraud have increased over the past decade but that should not necessarily worry financial institutions. That is because online payments are growing much faster than the fraud it makes possible. Offenders are therefore left being because of better prevention strategies and new technologies like chips on a card. In the long term, it is possible that online card fraud will only represent a negligible portion of all online payments.
Increase in Online Banking Fraud to over US$150M
The authors indicate that authorized push payments are growing quickly. These payments are made by individuals who are social-engineered by fraudsters. As the individuals themselves authorize the payments, it is often difficult to get a refund for the lost funds. Another worrying trend is mobile malware on Android. This malware steals the confirmation code received by SMS and uses them to authorize payments on bank accounts without the victim’s knowledge.
Increase in Ransomware and Cryptocrime to over US$10M
This section is perhaps the largest and most diverse of those presented here. It includes ransomware campaigns which attract major attention from mainstream media but generate merely $16 million in losses. Other financial frauds such as exchange abuses, theft of cryptocurrency and theft of computing power to generate cryptocurrencies are much more prevalent. As an example, about 4% of all Monero cryptocurrency generated were done so by offenders.
A New Hope
Looking forward, the authors identify multiple new national surveys which specifically ask a large number of citizens how they were victimized online. This promises to generate new and more precise data on the costs of cybercrime. They will also enable us to better understand who is targeted and how by offenders and to develop better prevention strategies. We will continue to monitor the results of those surveys in the coming years to better tailor our products and services to the latest adaptations of offenders.
Subscribe to our blog to stay up to date on darknet and cybersecurity.