What are the real trends in cybercrime? Recent media coverage has been rife with stories of large-scale data breaches, hacks and online financial crime. IT security firms publish yearly reports that generally show the security of cyberspace to be poor and often getting worse, but, as argued in this paper, the level of security in cyberspace is actually far better than the picture we’re given. Currently, numbers on the occurrence of cybercrime are almost always depicted in either absolute numbers or year-over-year terms. To get a more accurate picture of the security of cyberspace, cybercrime statistics — including mobile vulnerabilities, malicious web domains, zero-day exploits and web-based attacks, among others — need to be expressed as a proportion of the growing size of the Internet.

This paper better illustrates cyberspace security by normalizing the statistics for cybercrime around various measures of the growing size of cyberspace. A clear picture emerges: the absolute numbers always paint a worse scenario of the security of cyberspace than the normalized numbers. With this in mind, the following policy recommendations are proposed for the improvement of IT security: focus on the individual user; detect and counter new vulnerabilities faster by relying on open source software; develop international agreements on spam and phishing emails; figure out how to spread the costs of cybercrime; private companies must do more to protect themselves; and cyber security companies should collect and represent data on cybercrime in normalized terms. 

About the Author

Eric Jardine is a CIGI fellow and assistant professor of political science at Virginia Polytechnic Institute and State University, in Blacksburg, Virginia. He joined CIGI as a research fellow in May 2014. In this role, he contributed to CIGI’s work on Internet governance, including the CIGI–Chatham House sponsored Global Commission on Internet Governance.

The Global Commission on Internet Governance was established in January 2014 to articulate and advance a strategic vision for the future of Internet governance. The two-year project conducts and supports independent research on Internet-related dimensions of global public policy, culminating in an official commission report that will articulate concrete policy recommendations for the future of Internet governance.