I was invited to a high (Ministerial) level meeting where The Threat of Cybercrime was the center stage topic. One of the questions put before the participants was Is cybercrime a threat to our economies?
I commented that there are two contexts to consider when answering this question:
- How is your economy directly victimized? Specifically, what harm is being inflicted on your citizens, your infrastructures or your economic assets?
- What harm are your citizens (or residents), your infrastructures or your assets inflicting on citizens, infrastructures or economic assets of other countries?
The consequences of (1) are obvious. The consequences of the (2) are less so but no less worrisome. I shared the following two possible outcomes:
Criminals may flock to your country as a safe harbor. Criminals seek places to operate where they have ready access to tools of their trade and where they can operate with impunity. Moreover, in economies experiencing high unemployment, technology-aware youth may see ecrime as a practical or only alternative, too. Your country's reputation can become as tarnished as Nigeria or Russia. The unfortunate reality for both of these sovereign states is that they are popularly associated with Internet fraud and scams. Restoring reputation is likely to be an expensive and lengthy path, and it's hard to imagine that the economies of these countries are not adversely affected by the lack of public confidence or private sector willingness to invest.
Your failure to act may cause multi-national organizations to lose confidence. Imagine a situation where your country's top level domain is repeatedly hacked and the attackers persistently deface a major brand's Internet presence. The brand may lose faith in your ability to execute and cease localization efforts. The merchant or search experience your citizens receive from these global corporations suffers, and local merchants may suffer as well. Similarly, if criminals emit spam from your country's ISPs with no indication that they will cooperate to disrupt spam campaigns, you risk having entire address blocks used by your citizens blocked. The impact to a local economy that is cut off from the global Internet is rather obvious.
While it is not always obvious, sovereign states that take no, too little, or ineffective measures to combat cybercrime indeed put economies at risk.