It’s no secret that there is a lot of money involved in cybercrime. With McAfee estimating the annual global cost of cybercrime at just under $1 trillion, the dark side of tech is big business. Clearly, those losses have an impact on the global economy.

It’s also become a pressing question to see if macroeconomic/geopolitical trends impact cybercrime. We want to know: Is there a clear-cut correlation between macroeconomic conditions like recessions, war, and political turmoil to a global rise in cybercrime trends? Let’s see where the data takes us.

Does cybercrime go up during recessions?
The jury is still out on this question. Part of the problem is simply decoupling causation from correlation. Because cybercrime has been rapidly increasing for years, it’s difficult to attribute a given spike to, say, an economic downturn.

Before I jump into stats that suggest economic turmoil drives cybercrime up, let’s take a look at some general cybercrime trends. AV Atlas tracks malware and potentially unwanted applications (PUA), and as we can see, there has been a continuous upward trend for over thirteen years that included both periods of economic growth and contraction.

Total malware and PUA from December 2007 to September 2021. Source: AV Atlas.
Total malware and PUA from December 2007 to September 2021. Source: AV Atlas.
Malware and PUA growth from December 2007 to September 2021. Source: AV Atlas.
Malware and PUA growth from December 2007 to September 2021. Source: AV Atlas.

While that’s just one way to slice the cybercrime data, it’s far from the only indicator of a general upward trend in cybercrime. If cybercrime booms in bear and bull markets, we can’t really call recessions a driver of cybercrime.

The analysis gets even more complex when considering the constant cat-and-mouse game of threat actors vs. security professionals. Specific exploits will ramp up when they work (like WannaCry and Log4Shell) and die down when the industry adapts. That ebb-and-flow will naturally influence cybercrime trends in any given period.

The case for recession as a cybercrime driver

While we say for sure that recessions directly increase all cybercrime, there are some interesting data points and trends to consider. The oft-cited 2009 University of Brighton Crime online: cybercrime and illegal innovation study indicated that financial recessions were likely to increase financial cybercrime. Similarly, Seon cites a 69.4% increase in complaints to the FBI’s Internet Crime Complaints Center (IC3) between 2019 and 2020 as a link between economic conditions and cybercrime.

Did COVID-19 increase cybercrime?

Narrowing our focus to the recent COVID-19 pandemic, it gets a little easier to identify cybercrime trends.

Intuitively, this makes sense. COVID changed people’s behavior on a large scale, including how people behave online (check out our deep dive How COVID-19 Changed Our Internet Habits for some specific examples). A lot of cybercrime is about social engineering and exploiting behavior, so we naturally saw a spike in those specific cybercrime trends.

Some specific examples of COVID-related cybercrime include scams directly related to COVID (IC3 received over 28,000 COVID-19-related crime reports in 2020) and an increase in breaches due to remote work (a Diligent survey attributed a large chunk of the UK’s £374 million losses to remote work breaches).

Does cybercrime go up during political turmoil and war?

Yes. There is a strong case to be made for cybercrime increasing in wartime, and many cyberattacks are motivated by politics. This is particularly true for denial of service (DoS) attacks against the governments involved and critical infrastructure in the affected regions.

The obvious example is the increase in DoS attacks related to the Russia-Ukraine war. There have been noticeable spikes in attacks in both directions. Here’s a breakdown of some of the most notable attacks and trends:

Cybersecurity authorities from the US, UK, Canada, Australia, and New Zealand jointly released a Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure advisory in April of 2022 related to increased cyber attacks from Russia. And while we’ve focused on the social-economic factors that can drive global upticks in cybersecurity events, let’s not forget about one of your most important vulnerabilities. In the modern network, security isn’t just limited to a castle-and-moat-style posture. Hybrid workers are using networks where they find them—regardless of the risks. We’ve looked at the potential issues you should be aware of in our rundown of Managing IT Risk When Everyone’s Working Remote


Infographic: How cybercrime overlaps with global events

Here’s a breakdown of significant events and corresponding cyberattacks since 2017.

An infographic that outlines the intersection of global events and cybersecurity incidents of note since 2017

Get templates for network assessment reports, presentations, pricing & more—designed just for MSPs.

Ebook cover - The Ultimate Guide to Selling Managed Network Services

Leave a Reply

Your email address will not be published. Required fields are marked *