loader image

Why we need global rules to crack down on cybercrime

by | Jan 2, 2023 | Cybersecurity

Why we need global rules to crack down on cybercrime

by | Jan 2, 2023 | Cybersecurity

Stijn.Berghmans, CC0, via Wikimedia Commons

Why we need global rules to crack down on cybercrime

by | Jan 2, 2023 | Cybersecurity

Key takeaways:

  • The cost of cybercrime could reach $10.5 trillion annually by 2025.
  • Targets range from individuals right up to governments and critical infrastructure.
  • Cybercriminals operate internationally, and we need international rules in order to crack down on them.

Cybercrime is high on the agenda of nation states, corporations and international organizations everywhere. As the forthcoming 2023 Global Risk Report will show, deepening geopolitical tensions have increased the prevalence of so-called advanced persistent threats (APTs), which are becoming as sophisticated as they are pervasive.

New technology is scaling up the reach and impact of cybercrime: malware and ransomware attacks (the latter threaten to publish data or permanently block it unless a ransom is paid) soared by over 350 percent and 430 per cent respectively in 2020. Next generation tools are bypassing antivirus programs, which is why living off the land (LOtL) attacks, in which attackers use legitimate software and functions to perpetrate malicious actions, accounted for almost two thirds of all reported incidents in 2021.

These problems are compounded by a scarcity of security experts, poor reporting habits and a lack of global agreements about how to regulate cyber threats.

Cybercrime is big business. One industry group estimated that the damages incurred by all forms of cyber crime, including the cost of recovery and remediation, totalled $3 trillion in 2015, $6 trillion in 2021, and could reach $10.5 trillion annually by 2025. But the impact of cybercrime extends far beyond the economic costs. It also degrades trust among internet users, and damages the reputations of public and private service providers. Online attacks ratchet up tensions between nations, since governments and critical infrastructure are increasingly the targets. Yet despite all this, there are still few clear global norms, standards and rules to mitigate and prevent cybercrime. 

A big part of the problem is that many of the public authorities, corporations and civil society groups that are targeted are not mandated to report data breaches and cyber theft. Many are reluctant to do so, fearing reputational damage. This is starting to change: the US’s 2022 Cyber Incident Reporting for Critical Infrastructure Act provides industry-specific guidance for voluntary disclosures, and the European Union’s 2018 Directive on Security Network and Information Systems and a host of other regulations mandate telecom payment services, medical device manufacturers, and critical infrastructure providers to also report breaches. Until global rules are strengthened and reporting of breaches is mandatory across most sectors, it will be impossible to understand the true magnitude of the challenge, much less develop targeted solutions.

Get legit expertise

* indicates required

Cyber criminals are making fortunes not just in black-mailing targets with ransomware, but also in selling-off their data assets, including credit card information, login credentials of financial accounts, subscription credentials, social security numbers and usernames and passwords. The perpetrators of cybercrime range from powerful intelligence agencies to teenage hackers. Cybercrime is hard to stop precisely because of its distributed nature. Consider the Cobalt CyberCrime gang that in 2018 breached 100 financial institutions in over 40 countries, reaping some $11 million per attack. Although its leader was captured in Spain in 2018, three members arrested by the US in 2018, and three more convicted in Kazakhstan and Ukraine in 2021, experts believe this will do little to dent its operations.

Without global cooperation or a major structural change to the internet, there is not much that victims can do to defend themselves. Cyber insurance is not only increasingly out of reach to most buyers, but it’s potentially making a bad problem even worse. We urgently need international rules that are enforced as well as a more expansive approach that fosters cyber resilience.

The United Nations is discussing precisely this, having voted to set-up a cybercrime treaty in 2019. The first meeting of the treaty was held in 2022 amid concerns that it could also expand government regulation of online content, criminalize free expression and undermine privacy. For now, states are negotiating over the parameters of a treaty – called the Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes – with most western governments determined that it upholds individual data protection and privacy rights.


This article was republished from the World Economic Forum under a Creative Commons license to point warfighters and national security professionals to reputable and relevant war studies literature. Read the original article.


Robert Muggah and Mac Margolis

Robert Muggah is Co-founder of the SecDev Group and Co-founder of the Igarapé Institute. He has given TED talks on fragile and resilient cities in 2017 and 2015. Research and data visualizations on homicide, arms, and cities have been featured by the BBC, CBC, CNN, FastCompany, Financial Times, Foreign Affairs, New York Times and Wired. Robert is the author of seven books, dozens of articles; and named one of the top 100 most influential people working on violence (2013).

Mac Margolis is a Washington Post Columnist and Associate at the Igarapé Institute.


This article does not constitute endorsement of Analyzing War by the author/s.


Related Articles

Expert: TikTok could be a risk to national security

Expert: TikTok could be a risk to national security

More than 86 million Americans use the social media app TikTok to create, share, and view short videos, featuring everything from cute animals and influencer advice to comedy and dance performances.
Concerned experts point out that TikTok’s parent company, the Beijing-based ByteDance, has been accused of working with the Chinese government to censor content and could also collect sensitive data on users.

Pentagon leaks suggest China developing ways to attack satellites – here’s how they might work

Pentagon leaks suggest China developing ways to attack satellites – here’s how they might work

The recent leak of Pentagon documents included the suggestion that China is developing sophisticated cyber attacks for the purpose of disrupting military communication satellites. While this is unconfirmed, it is certainly possible, as many sovereign nations and private companies have considered how to protect from signal interference.

Ransomware Attack Hits Marinette Marine Shipyard, Results in Short-Term Delay of Frigate, Freedom LCS Construction

Ransomware Attack Hits Marinette Marine Shipyard, Results in Short-Term Delay of Frigate, Freedom LCS Construction

The Wisconsin shipyard that builds the U.S. Navy’s Freedom-class Littoral Combat Ship and the Constellation-class guided-missile frigate suffered a ransomware attack last week that delayed production across the shipyard, USNI News has learned.

Fincantieri Marinette Marine experienced the attack in the early morning hours of April 12, when large chunks of data on the shipyard’s network servers were rendered unusable by an unknown professional group, two sources familiar with a Navy summary of the attack told USNI News on Thursday.