What are the real trends in cybercrime? Recent media coverage has been rife with stories of large-scale data breaches, hacks and online financial crime. IT security firms publish yearly reports that generally show the security of cyberspace to be poor and often getting worse, but, as argued in this paper, the level of security in cyberspace is actually far better than the picture we’re given. Currently, numbers on the occurrence of cybercrime are almost always depicted in either absolute numbers or year-over-year terms. To get a more accurate picture of the security of cyberspace, cybercrime statistics — including mobile vulnerabilities, malicious web domains, zero-day exploits and web-based attacks, among others — need to be expressed as a proportion of the growing size of the Internet.
This paper better illustrates cyberspace security by normalizing the statistics for cybercrime around various measures of the growing size of cyberspace. A clear picture emerges: the absolute numbers always paint a worse scenario of the security of cyberspace than the normalized numbers. With this in mind, the following policy recommendations are proposed for the improvement of IT security: focus on the individual user; detect and counter new vulnerabilities faster by relying on open source software; develop international agreements on spam and phishing emails; figure out how to spread the costs of cybercrime; private companies must do more to protect themselves; and cyber security companies should collect and represent data on cybercrime in normalized terms.