To fight cybercrime, we need to understand its economics

Open laptop, dark room; cybercrime, security, ransomware, disinformation, dark web, digitalization, technology

Understanding the economics of cybercrime will help uncover the incentives that drive attacks. Image: Unsplash / Markus Spiske

Alejandro Romero
Chief Operations Officer, Constella Intelligence
Akshay Joshi
Head of Industry and Partnerships, Centre for Cybersecurity, World Economic Forum
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:


This article is part of: Annual Meeting on Cybersecurity

Listen to the article

  • The commodification and commercialization of ransomware and disinformation has made cybercrime increasingly possible in the era of digital everything.
  • Such attacks negatively affect all sorts of people and businesses, as well as distorting elections and public health initiatives.
  • Understanding the relationships, connections and behaviours of those involved – that is, the economics of cybercrime - can uncover the incentives that drive cybercriminals.

Economics is driving digitalization – both for businesses and for criminals. As the great digitalization of everything continues, distributed remote workforces and new digital dependencies that touch every facet of personal and professional life present a double-edged sword.

Have you read?

On the one hand, tech-enabled digitalization delivers efficiencies and flexible, agile processes. On the other hand, individuals and organizations find themselves connected to the expansive economy of threats that pervade the digital sphere.


The trade-off is clear: the more digitally dependent we become, the more we increase our attack surfaces and the more risk we incur. The economics of cybercrime takes advantage of these trade-offs. To understand it, we need to recognize that cybercriminals' ecosystems are fundamentally driven by sensitive personal information and our collective failure to protect it.


How is the Forum tackling global cybersecurity challenges?

The 2021 Identity Breach Report published by digital risk protection firm Constella Intelligence shows how two major technological threats – ransomware and disinformation – can be explained by looking at the economics of cybercrime.

The commodification of ransomware attacks

Ransomware is one of the most talked-about cyberthreats of 2021 so far. It involves cybercriminals installing malicious software that blocks access to an organization's computer system—including sensitive data and any assets stored on that system—until the owner pays up or meets the cybercriminal’s demands. Major, high-publicity ransomware attacks in 2021 have crippled the critical infrastructure of school systems, hospitals, and energy companies, with devastating effects.

The commodification and commercialization of ransomware seems to have peaked with the rise in ransomware as a service (RaaS) attacks. Such methods involve ransomware developers working with affiliate groups that distribute their ransomware and then benefit economically from the attacks. The ransomware groups can provide these affiliates with tools so that they do not even need advanced skills to participate in the attack.

The ubiquity of personally identifiable information (PII) is critical to the continued deployment of these potentially devastating attacks. Since one of the weakest links in cybersecurity is usually the human factor, a common entry point is through phishing. This kind of attack uses PII to generate a false sense of security in the victim and dupe them into falling for an attacker's advances. Through phishing, employees' devices are infected, internal corporate systems are infiltrated, and data is stolen using encryption that forces a company to pay to recover its own data. In this way, there is a clear and intimate relationship between PII and ransomware.

The impact of ransomware attacks on SMEs

The commercial viability of small ransomware attacks—with small and medium-sized enterprises (SME) as principal targets—appears to be surging. The US Senate Judiciary Committee even highlighted the impact of these developments on SMEs in July 2021.

The commodification of the tools and capabilities that enable successful ransomware attacks has enabled this threat to be repeated on a local scale. This shows the real effects of a fluid and dynamic economy in which threat actors can leverage diverse resources and data points to execute attacks.

The market-based features of the threat economy make it challenging to shut down. Understanding how this economy works, however, enables us to seek more effective solutions that target the network of incentives and actors driving these threats.

The commodification of the tools and capabilities that enable successful ransomware attacks enables this threat to be repeated on a local scale.

Alejandro Romero, Constella & Akshay Joshi, World Economic Forum

PII and disinformation

Disinformation, while often characterized by a more diverse set of motivations, also showcases the economics of cybercrime. Deliberately spreading false or manipulated information has proven highly effective at distorting key conversations on the public agenda, negatively affecting elections and public health initiatives, and jeopardizing the reputational and financial health of executives and companies. What seldom gets mentioned, however, are the economic goals and resources available to the producers of disinformation.

Constella's 2021 Identity Breach Report highlights how commodification and weaponization of PII contributes to the commercialization of the building blocks of the disinformation ecosystem and the broader threat economy. These include automated networks of bots, false accounts, and deepfake production capabilities – all of which are for sale in deep and dark marketplaces.

Like in any marketplace, the price of digital assets vary based on their functionality. Botnets and false accounts are frequently priced higher when they have an older creation date because this increases their chances of evading the detection algorithms of platforms like Twitter, Facebook and Instagram. Thus, the more PII that can be purchased in deep and dark marketplaces, or scraped from open sources like public social media channels, the more effectively cybercriminals can operationalize their efforts.

Infographic table listing bots and automated capabilities identified in underground forums.
Automated networks of bots, false accounts, and deepfake production capabilities are all available to buy in deep and dark marketplaces. Image: Constella, 2021 Identity Breach Report

An ecosystem with incentives

Taking an ecosystem-level approach to understanding cybercrime pushes us to consider the relationships between the human, technological, and geopolitical spheres of influence that inform the interactions, behaviours, and outcomes driven by different actors in the digital sphere.

Incentives are tough to map and quantify. Through advanced analysis of trends and activity on the surface, deep and dark web, however, we can better understand threats and vulnerabilities as building blocks of a wider ecosystem of threat actors and their tactics, techniques, and procedures (TTPs).

In taking this view, disinformation or ransomware are not isolated, anomalous occurrences involving a few malicious actors. Rather, they are enabled by other structural factors in the ecosystem such as the proliferation and availability of PII, or the lack of effective regulation in a fragmented and rapidly evolving online sphere.

Creating more secure connections

In order to make real progress in addressing these challenges, institutions and technologists need to understand the incentives that drive the exploitation of vulnerabilities. And they must be able to assess these challenges within the context of the bigger picture of our shared technological and communications infrastructure.

At the World Economic Forum's Centre for Cybersecurity, leaders from governments, businesses, and academia work collaboratively to understand these incentives. Together we are building a collective response to cybercrime that makes our connected world more secure and more trustworthy.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Related topics:
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

'Pig-butchering’ scams on the rise as technology amplifies financial fraud, INTERPOL warns

Spencer Feingold and Johnny Wood

April 10, 2024

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum