Measuring the Cost of Cybercrime

  • Ross AndersonEmail author
  • Chris Barton
  • Rainer Böhme
  • Richard Clayton
  • Michel J. G. van Eeten
  • Michael Levi
  • Tyler Moore
  • Stefan Savage


This chapter documents what we believe to be the first systematic study of the costs of cybercrime. The initial workshop paper was prepared in response to a request from the UK Ministry of Defence following scepticism that previous studies had hyped the problem. For each of the main categories of cybercrime we set out what is and is not known of the direct costs, indirect costs and defence costs – both to the UK and to the world as a whole. We distinguish carefully between traditional crimes that are now “cyber” because they are conducted online (such as tax and welfare fraud); transitional crimes whose modus operandi has changed substantially as a result of the move online (such as credit card fraud); new crimes that owe their existence to the Internet; and what we might call platform crimes such as the provision of botnets which facilitate other crimes rather than being used to extract money from victims directly. As far as direct costs are concerned, we find that traditional offences such as tax and welfare fraud cost the typical citizen in the low hundreds of pounds/euros/dollars a year; transitional frauds cost a few pounds/euros/dollars; while the new computer crimes cost in the tens of pence/cents. However, the indirect costs and defence costs are much higher for transitional and new crimes. For the former they may be roughly comparable to what the criminals earn, while for the latter they may be an order of magnitude more. As a striking example, the botnet behind a third of the spam sent in 2010 earned its owners around $2.7 million, while worldwide expenditures on spam prevention probably exceeded a billion dollars. We are extremely inefficient at fighting cybercrime; or to put it another way, cyber-crooks are like terrorists or metal thieves in that their activities impose disproportionate costs on society. Some of the reasons for this are well-known: cybercrimes are global and have strong externalities, while traditional crimes such as burglary and car theft are local, and the associated equilibria have emerged after many years of optimisation. As for the more direct question of what should be done, our figures suggest that we should spend less in anticipation of cybercrime (on antivirus, firewalls, etc.) and more in response – that is, on the prosaic business of hunting down cyber-criminals and throwing them in jail.


Credit Card Defence Cost Online Banking Indirect Loss Email Spam 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Alvarez, L.: With personal data in hand, thieves file early and often. The New York Times. (2012)
  2. 2.
    Anderson, R., Böhme, R., Clayton, R., Moore, T.: Security economics and the internal market. (2008)
  3. 3.
    Brynjolfsson, E., Saunders, A.: Wired for Innovation: How Information Technology Is Reshaping the Economy. MIT, Cambridge (2009)Google Scholar
  4. 4.
    Bushnell, T.: How Google developers use Ubuntu. (2012)
  5. 5.
    Caballero, J., Grier, C., Kreibich, C., Paxson, V.: Measuring pay-per-install: the commoditisation of malware distribution. In: Proceedings of the 20th USENIX Conference on Security, SEC’11, Berkeley. USENIX Association (2011)Google Scholar
  6. 6.
  7. 7.
    Communications Fraud Control Association: 2011 Global fraud loss survey. (2011)
  8. 8.
    Consumers Union: State of the ‘net’ survey ’07. Consum. Rep. 9, 28–34 (2007)Google Scholar
  9. 9.
    Detica and Office of Cyber Security and Information Assurance: The cost of cyber crime. (2011)
  10. 10.
  11. 11.
    European Commission: Towards a general policy on the fight against cyber crime. COM(2007) 267 final. (2007)
  12. 12.
  13. 13.
    Federal Bureau of Investigation: International cooperation disrupts multi-country cyber theft ring. Press release. (2010)
  14. 14.
    Florêncio, D., Herley, C.: Evaluating a trial deployment of password re-use for phishing prevention. In: Cranor, L.F. (ed.) Proceedings of the Anti-phishing Working Groups 2nd Annual eCrime Researchers Summit, Pittsburgh, vol. 269, pp. 26–36, 4–5 Oct 2007. ACM (2007)Google Scholar
  15. 15.
    Florêncio, D., Herley, C.: Sex, lies and cyber-crime surveys. In: 10th Workshop on the Economics of Information Security, Fairfax (2011)Google Scholar
  16. 16.
    Foley, L., Barney, K., Foley, J., Leeii, J., Fergerson, J., Sarrel, M., Nelson, C., Frank, M.: Identity theft: the aftermath 2009. (2010)
  17. 17.
    Forrester Data: Consumer attitudes toward spam in six countries. (2004)
  18. 18.
    Frost and Sullivan: Increasing security needs of enterprises to fuel growth in the world content filtering market. Press release. (2006)
  19. 19.
    Gözenoglu, M., Morawe, R.: The German Anti-Botnet Advisory Center. Presentation at ‘Internet Security Days’, 13–15 Sept 2011, Brühl. (2011)
  20. 20.
    Herley, C., Florêncio, D.: Nobody sells gold for the price of silver: dishonesty, uncertainty and the underground economy. In: Proceedings (online) of the Workshop on Economics of Information Security. (2009)
  21. 21.
    Home Office: The economic and social costs of crime against individuals and households 2003–2004. (2005)Google Scholar
  22. 22.
    House of Lords European Union Committee: Stopping the carousel: missing trader fraud in the EU. 20th Report of Session 2006–2007 (2007)Google Scholar
  23. 23.
    Huygen, A., Rutten, P., Huveneers, S., Limonard, S., Poort, J., Leenheer, J., Janssen, K., van Eijk, N., Helberger, N.: Ups and downs – economic and cultural effects of file sharing on music, film and games. TNO report 34782 (2009)
  24. 24.
    Innes, M.: Signal crimes and signal disorders: notes on deviance as communicative action. Br. J. Sociol. 55, 335–355 (2004)CrossRefGoogle Scholar
  25. 25.
    Institute for the Prevention of Crime: Cost of the criminal justice system. (2012)
  26. 26.
    Irish, H.: Machine learning to classify fraudulent websites. 3rd Year Project Report, Computer Laboratory, University of Cambridge (2012)Google Scholar
  27. 27.
    Kalapesi, C., Willersdorf, S., Zwillenberg, P.: The connected kingdom: how the Internet is transforming the U.K. economy. (2010)
  28. 28.
    Kanich, C., Kreibich, C., Levchenko, K., Enright, B., Voelker, G.M., Paxson, V., Savage, S.: Spamalytics: an empirical analysis of spam marketing conversion. In: Proceedings of the ACM Conference on Computer and Communications Security, Alexandria (2008)Google Scholar
  29. 29.
    Kanich, C., Weaver, N., McCoy, D., Halvorson, T., Kreibich, C., Levchenko, K., Paxson, V., Voelker, G.M., Savage, S.: Show me the money: characterizing spam-advertised revenue. In: Proceedings of the USENIX Security Symposium, San Francisco (2011)Google Scholar
  30. 30.
    Khan, A., Hunt, J.: UK online fraud report 2012. (2012)
  31. 31.
    Krebs, B.: SpamIt, Glavmed pharmacy networks exposed. Krebs on security blog. (2011)
  32. 32.
    Krebs, B.: Who’s behind the world’s largest spam botnet? Krebs on security blog. (2012)
  33. 33.
    Kuksov, D.: Buyer search costs and endogenous product design. Mark. Sci. 23(4), 490–499 (2004)CrossRefGoogle Scholar
  34. 34.
    Leontiadis, N., Moore, T., Christin, N.: Measuring and analyzing search-redirection attacks in the illicit online prescription drug trade. In: Proceedings of the USENIX Security, San Francisco (2011)Google Scholar
  35. 35.
    Levchenko, K., Chachra, N., Enright, B., Felegyhazi, M., Grier, C., Halvorson, T., Kanich, C., Kreibich, C., Liu, H., McCoy, D., Pitsillidis, A., Weaver, N., Paxson, V., Voelker, G.M., Savage, S.: Click trajectories: end-to-end analysis of the spam value chain. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland (2011)Google Scholar
  36. 36.
    Levi, M.: Social reactions to white-collar crimes and their relationship to economic crises. In: Deflem, M. (ed.) Economic Crisis and Crime, pp. 87–105. The JAI Press/Emerald, London/Bingley (2011)CrossRefGoogle Scholar
  37. 37.
    Levi, M., Burrows, J.: Measuring the impact of fraud in the UK: a conceptual and empirical journey. Br. J. Criminol. 48, 293–318 (2008)CrossRefGoogle Scholar
  38. 38.
    Leyden, J.: Russian bookmaker hackers jailed for eight years. (2006)
  39. 39.
    Lieber, E., Syverson, C.: Online vs. Offline Competition. In: Peitz, M., Waldfogel, J. (eds.) The Oxford Handbook of the Digital Economy. Oxford University Press, New York (2012)Google Scholar
  40. 40.
    M86 Security Labs: Canadian pharmacy no longer king. (2010)
  41. 41.
    McCoy, D., Pitsillidis, A., Jordan, G., Waver, N., Kreibich, C., Krebs, B., Voelker, G.M., Savage, S., Levchenko, K.: PharmaLeaks: understanding the business of online pharmaceutical affiliate programs. In: Proceedings of the USENIX Security Symposium, Bellevue (2012)Google Scholar
  42. 42.
    Microsoft Inc.: Microsoft security intelligence report, vol. 10 (2010).
  43. 43.
    Microsoft Inc.: Microsoft security intelligence report, vol. 9 (2010).
  44. 44.
    Moore, T., Clayton, R.: Examining the impact of website take-down on phishing. In: Cranor, L.F. (ed.) Proceedings of the Anti-Phishing Working Groups 2nd Annual eCrime Researchers Summit, Pittsburgh, vol. 269, pp. 1–13, 4–5 Oct 2007. ACM (2007)Google Scholar
  45. 45.
    Moore, T., Clayton, R., Anderson, R.: The economics of online crime. J. Econ. Perspect. 23(3), 3–20 (2009)CrossRefGoogle Scholar
  46. 46.
    National Commission on Terrorist Attacks Upon the United States: The 9/11 Commission Report: Final Report of the National Commission on Terrorist Attacks upon the United States. W.W. Norton, New York (2004)Google Scholar
  47. 47.
    Oberholzer-Gee, F., Strumpf, K.: File-sharing and copyright. Harvard Business School Working Paper 09–132. (2009)
  48. 48.
    Peel, M.: Nigeria-Related Financial Crime and its links with Britain. Chatham House Report, London (2006)Google Scholar
  49. 49.
    Samosseiko, D.: The Partnerka – What is it, and why should you care? In: Proceedings of the Virus Bulletin Conference, Geneva (2009)Google Scholar
  50. 50.
    Snow, G.: Cyber security: threats to the financial sector. Testimony before the House Financial Services Committee. (2011)
  51. 51.
    Stiglitz, J.E., Bilmes, L.J.: The Three Trillion Dollar War: The True Cost of the Iraq Conflict. W.W. Norton, New York (2008)Google Scholar
  52. 52.
    Stone-Gross, B., Abman, R., Kemmerer, R.A., Kruegel, C., Steigerwald, D.G., Vigna, G.: The underground economy of fake antivirus software. In: 10th Workshop on the Economics of Information Security, Fairfax (2011)Google Scholar
  53. 53.
    Symantec: MessageLabs Intelligence Report. (2010)
  54. 54.
    Taylor, J.: Overseas cyber-crimewave taking £600 million a year from the taxman. The Independent (2011).
  55. 55.
    Van Eeten, M., Bauer, J.M.: Economics of malware: Security decisions, incentives and externalities. Tech. Rep. OECD STI Working Paper 2008/1, OECD, Paris. (2008)
  56. 56.
    Van Eeten, M., Bauer, J.M., Asghari, H., Tabatabaie, S.: The role of Internet service providers in Botnet mitigation: an empirical analysis based on spam data. Tech. Rep. s0 STI Working Paper 2010/5, OECD, Paris. (2010)
  57. 57.
    Van Eeten, M., Asghari, H., Bauer, J.M., Tabatabaie, S.: Internet service providers and Botnet Mitigation: a fact-finding study on the Dutch market. The Hague: Ministry of Economic Affairs. (2011)
  58. 58.
    Vancouver Sun: Online drugs can prove deadly: Coroner. (2007)
  59. 59.
    Wondracek, G., Holz, T., Platzer, C., Kirda, E., Kruegel, C.: Is the Internet for porn? An insight into the online adult industry. In: Proceedings (online) of the 9th Workshop on Economics of Information Security, Cambridge (2010)
  60. 60.
    Zittrain, J.: The Future of the Internet: And How to Stop It. Allen Lane, London (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Ross Anderson
    • 1
    Email author
  • Chris Barton
    • 2
  • Rainer Böhme
    • 3
  • Richard Clayton
    • 1
  • Michel J. G. van Eeten
    • 4
  • Michael Levi
    • 5
  • Tyler Moore
    • 6
  • Stefan Savage
    • 7
  1. 1.Computer LaboratoryUniversity of CambridgeCambridgeUK
  2. 2.Security Research and Operations, Cloudmark, Inc.ReadingUK
  3. 3.Department of Information SystemsUniversity of MünsterMünsterGermany
  4. 4.Faculty of Technology, Policy and ManagementDelft University of TechnologyDelftNetherlands
  5. 5.School of Social SciencesCardiff UniversityCardiffUK
  6. 6.Department of Computer Science and EngineeringSouthern Methodist UniversityDallasUSA
  7. 7.Department of Computer Science and EngineeringUniversity of CaliforniaSan DiegoUSA

Personalised recommendations