A new World Cybercrime Index developed by researchers shows that a majority of cybercriminals come from just a few countries.
It is estimated that cybercrime costs the world around $9.22 trillion in 2024, and this is expected to grow to $13.82 trillion in 2028. However, finding out where cybercriminals work is difficult because they use methods to block their locations. Also, documented legal cases only capture a small part of cases that won’t necessarily be representative of the global scenario.
But to figure that out, Miranda Bruce (University of Oxford/University of New South Wales), Jonathan Lusthaus (University of Oxford), Ridhi Kashyap (University of Oxford), Nigel Phair (Monash University), and Federico Varese (Sciences Po) spoke to leading cybercrime experts to create a survey. After that, they used expert focus groups and pilots to refine it.
This survey was then completed by 92 top cybercrime experts around the world. They named the countries they believed were the biggest hubs of five categories of cybercrime — technical products or services, attacks and extortion, data or identity theft, scams, and cashing out or money laundering.
(University of Oxford)
The results of this survey were then used to create the new World CyberCrime Index. This seemed to suggest that cybercriminal threats seem to originate from a small number of countries — China, Russia, Ukraine, the United States, Romania, and Nigeria ranked in the top 10 for each of the selected five categories. At the same time, 97 countries were named by at least one expert as being a hub for a particular category.
India captured the number 10 spot on the rankings, getting a score of 7.90 for impact, 6.60 for professionalism of cybercriminals, and 6.65 for technical skills. In comparison, China got 8.22, 7.70, and 7.81, while the United States got 7.99, 7.21, and 7.21, respectively. Overall, India got a score of 7.05 while China and the United States got 7.91 and 7.47, respectively, putting them in the third and fourth places. The top two positions were held by Russia and Ukraine.
The researchers also found that certain kinds of cybercrimes were associated with particular countries. For example, the United States was associated with data and identity theft, while those related to technical products or services seemed to often originate from China.
In the future, this index could help cybercrime research, allowing organizations to create preventive efforts targeted at specific “hub countries.” But the study also has limitations because its pool of experts is not very large and perhaps not globally representative. Also, there could be inaccuracies caused by how different experts interpreted survey questions. It also does not address the blurred lines between profit-driven cybercrime and state-protected (or encouraged) crime.
The results of the study were published in the journal PLOS ONE on Wednesday.