Forum Institutional

Why we need global rules to crack down on cybercrime

The impact of cybercrime is compounded by a scarcity of security experts, poor reporting habits and a lack of global agreements about how to regulate cyber threats.

The impact of cybercrime is compounded by a scarcity of security experts, poor reporting habits and a lack of global agreements about how to regulate cyber threats. Image: Pixabay for Pexels

Robert Muggah
Co-founder, SecDev Group and Co-founder, Igarapé Institute
Mac Margolis
Washington Post Columnist and Associate, Igarapé Institute
Share:
Our Impact
What's the World Economic Forum doing to accelerate action on Forum Institutional?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:

Tech and Innovation

This article is part of: World Economic Forum Annual Meeting

Listen to the article

  • The cost of cybercrime could reach $10.5 trillion annually by 2025.
  • Targets range from individuals right up to governments and critical infrastructure.
  • Cybercriminals operate internationally, and we need international rules in order to crack down on them.

Cybercrime is high on the agenda of nation states, corporations and international organizations everywhere. As the forthcoming 2023 Global Risk Report will show, deepening geopolitical tensions have increased the prevalence of so-called advanced persistent threats (APTs), which are becoming as sophisticated as they are pervasive.

New technology is scaling up the reach and impact of cybercrime: malware and ransomware attacks (the latter threaten to publish data or permanently block it unless a ransom is paid) soared by over 350 percent and 430 per cent respectively in 2020. Next generation tools are bypassing antivirus programs, which is why living off the land (LOtL) attacks, in which attackers use legitimate software and functions to perpetrate malicious actions, accounted for almost two thirds of all reported incidents in 2021.

These problems are compounded by a scarcity of security experts, poor reporting habits and a lack of global agreements about how to regulate cyber threats.

Have you read?

The need for international rules to tackle cybercrime

Cybercrime is big business. One industry group estimated that the damages incurred by all forms of cyber crime, including the cost of recovery and remediation, totalled $3 trillion in 2015, $6 trillion in 2021, and could reach $10.5 trillion annually by 2025. But the impact of cybercrime extends far beyond the economic costs. It also degrades trust among internet users, and damages the reputations of public and private service providers. Online attacks ratchet up tensions between nations, since governments and critical infrastructure are increasingly the targets. Yet despite all this, there are still few clear global norms, standards and rules to mitigate and prevent cybercrime.

In the absence of global regulation, the costs of cybercrime have spiralled
In the absence of global regulation, the costs of cybercrime have spiralled Image: Cybersecurity Ventures

A big part of the problem is that many of the public authorities, corporations and civil society groups that are targeted are not mandated to report data breaches and cyber theft. Many are reluctant to do so, fearing reputational damage. This is starting to change: the US’s 2022 Cyber Incident Reporting for Critical Infrastructure Act provides industry-specific guidance for voluntary disclosures, and the European Union’s 2018 Directive on Security Network and Information Systems and a host of other regulations mandate telecom payment services, medical device manufacturers, and critical infrastructure providers to also report breaches. Until global rules are strengthened and reporting of breaches is mandatory across most sectors, it will be impossible to understand the true magnitude of the challenge, much less develop targeted solutions.

Cyber criminals are making fortunes not just in black-mailing targets with ransomware, but also in selling-off their data assets, including credit card information, login credentials of financial accounts, subscription credentials, social security numbers and usernames and passwords. The perpetrators of cybercrime range from powerful intelligence agencies to teenage hackers. Cybercrime is hard to stop precisely because of its distributed nature. Consider the Cobalt CyberCrime gang that in 2018 breached 100 financial institutions in over 40 countries, reaping some $11 million per attack. Although its leader was captured in Spain in 2018, three members arrested by the US in 2018, and three more convicted in Kazakhstan and Ukraine in 2021, experts believe this will do little to dent its operations.

Discover

How is the Forum tackling global cybersecurity challenges?

Without global cooperation or a major structural change to the internet, there is not much that victims can do to defend themselves. Cyber insurance is not only increasingly out of reach to most buyers, but it's potentially making a bad problem even worse. We urgently need international rules that are enforced as well as a more expansive approach that fosters cyber resilience.

The United Nations is discussing precisely this, having voted to set-up a cybercrime treaty in 2019. The first meeting of the treaty was held in 2022 amid concerns that it could also expand government regulation of online content, criminalize free expression and undermine privacy. For now, states are negotiating over the parameters of a treaty - called the Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes - with most western governments determined that it upholds individual data protection and privacy rights.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Related topics:
Forum InstitutionalCybersecurity
Share:
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

Institutional update

World Economic Forum

May 21, 2024

About Us

Events

Media

Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum