IDEAS home Printed from https://ideas.repec.org/p/pra/mprapa/102706.html
   My bibliography  Save this paper

The Economics of Hacking

Author

Listed:
  • Hui, Kai-Lung
  • Zhou, Jiali

Abstract

Hacking is becoming more common and dangerous. The challenge of dealing with hacking often comes from the fact that much of our wisdom about conventional crime cannot be directly applied to understand hacking behavior. Against this backdrop, this essay reviews hacking studies, with a focus on discussing the new features of cybercrime and how they affect the application of classical economic theory of crime in the cyberspace. Most findings of hacking studies can be interpreted with a parsimonious demand and supply framework. Hackers decide whether and how much to “supply” hacking by calculating the return on hacking over other opportunities. Defenders optimally tolerate some level of hacking risks because defense is costly. This tolerance can be interpreted as an indirect “demand” for hacking. Variations in law enforcement, hacking benefits, hacking costs, legal alternatives, private defense, and the dual use problem can variously affect the supply or demand for hacking, and in turn the equilibrium observation of hacking in the market. Overall, this essay suggests that the classical economic theory of crime remains a powerful framework to explain hacking behaviors. However, the application of this theory calls for considerations of different assumptions and driving forces, such as psychological motives and economies of scale in offenses, that are often less prevalent in conventional (offline) criminal behaviors, but that tend to underscore hacking in the cyberspace.

Suggested Citation

  • Hui, Kai-Lung & Zhou, Jiali, 2020. "The Economics of Hacking," MPRA Paper 102706, University Library of Munich, Germany.
    • Handle: RePEc:pra:mprapa:102706
    as

    Download full text from publisher

    File URL: https://mpra.ub.uni-muenchen.de/102706/1/MPRA_paper_102706.pdf
    File Function: original version
    Download Restriction: no
    File URL: https://mpra.ub.uni-muenchen.de/103047/1/MPRA_paper_103047.pdf
    File Function: revised version
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Raphael, Steven & Winter-Ember, Rudolf, 2001. "Identifying the Effect of Unemployment on Crime," Journal of Law and Economics, University of Chicago Press, vol. 44(1), pages 259-283, April.
    2. Gary S. Becker, 1974. "Crime and Punishment: An Economic Approach," NBER Chapters, in: Essays in the Economics of Crime and Punishment, pages 1-54, National Bureau of Economic Research, Inc.
    3. Arunabha Mukhopadhyay & Samir Chatterjee & Kallol K. Bagchi & Peteer J. Kirs & Girja K. Shukla, 2019. "Cyber Risk Assessment and Mitigation (CRAM) Framework Using Logit and Probit Models for Cyber Insurance," Information Systems Frontiers, Springer, vol. 21(5), pages 997-1018, October.
    4. Kai-Lung Hui & Ping Fan Ke & Yuxi Yao & Wei T. Yue, 2019. "Bilateral Liability-Based Contracts in Information Security Outsourcing," Information Systems Research, INFORMS, vol. 30(2), pages 411-429, June.
    5. A. Mitchell Polinsky & Steven Shavell (ed.), 2007. "Handbook of Law and Economics," Handbook of Law and Economics, Elsevier, edition 1, volume 2, number 2.
    6. Polinsky, A. Mitchell & Shavell, Steven, 2007. "The Theory of Public Enforcement of Law," Handbook of Law and Economics, in: A. Mitchell Polinsky & Steven Shavell (ed.), Handbook of Law and Economics, edition 1, volume 1, chapter 6, pages 403-454, Elsevier.
    7. Chul Ho Lee & Xianjun Geng & Srinivasan Raghunathan, 2013. "Contracting Information Security in the Presence of Double Moral Hazard," Information Systems Research, INFORMS, vol. 24(2), pages 295-311, June.
    8. Ian Ayres & Steven D. Levitt, 1998. "Measuring Positive Externalities from Unobservable Victim Precaution: An Empirical Analysis of Lojack," The Quarterly Journal of Economics, President and Fellows of Harvard College, vol. 113(1), pages 43-77.
    9. Sasha Romanosky & Rahul Telang & Alessandro Acquisti, 2011. "Do data breach disclosure laws reduce identity theft?," Journal of Policy Analysis and Management, John Wiley & Sons, Ltd., vol. 30(2), pages 256-286, March.
    10. Aaron Chalfin & Justin McCrary, 2017. "Criminal Deterrence: A Review of the Literature," Journal of Economic Literature, American Economic Association, vol. 55(1), pages 5-48, March.
    11. Justin M. Rao & David H. Reiley, 2012. "The Economics of Spam," Journal of Economic Perspectives, American Economic Association, vol. 26(3), pages 87-110, Summer.
    12. Kunreuther, Howard & Heal, Geoffrey, 2003. "Interdependent Security," Journal of Risk and Uncertainty, Springer, vol. 26(2-3), pages 231-249, March-May.
    13. Sabyasachi Mitra & Sam Ransbotham, 2015. "Information Disclosure and the Diffusion of Information Security Attacks," Information Systems Research, INFORMS, vol. 26(3), pages 565-584, September.
    14. Isaac Ehrlich, 1996. "Crime, Punishment, and the Market for Offenses," Journal of Economic Perspectives, American Economic Association, vol. 10(1), pages 43-67, Winter.
    15. George A. Akerlof, 1970. "The Market for "Lemons": Quality Uncertainty and the Market Mechanism," The Quarterly Journal of Economics, President and Fellows of Harvard College, vol. 84(3), pages 488-500.
    16. A. Mitchell Polinsky & Steven Shavell (ed.), 2007. "Handbook of Law and Economics," Handbook of Law and Economics, Elsevier, edition 1, volume 1, number 1.
    17. Freeman, Richard B., 1999. "The economics of crime," Handbook of Labor Economics, in: O. Ashenfelter & D. Card (ed.), Handbook of Labor Economics, edition 1, volume 3, chapter 52, pages 3529-3571, Elsevier.
    18. Tridib Bandyopadhyay & Vijay Mookerjee, 2019. "A model to analyze the challenge of using cyber insurance," Information Systems Frontiers, Springer, vol. 21(2), pages 301-325, April.
    19. Ashish Arora & Anand Nandkumar & Rahul Telang, 2006. "Does information security attack frequency increase with vulnerability disclosure? An empirical analysis," Information Systems Frontiers, Springer, vol. 8(5), pages 350-362, December.
    20. repec:eee:labchp:v:3:y:1999:i:pc:p:3529-3571 is not listed on IDEAS
    21. Amalia R. Miller & Catherine E. Tucker, 2011. "Encryption and the loss of patient data," Journal of Policy Analysis and Management, John Wiley & Sons, Ltd., vol. 30(3), pages 534-556, June.
    22. George J. Stigler, 1974. "The Optimum Enforcement of Laws," NBER Chapters, in: Essays in the Economics of Crime and Punishment, pages 55-67, National Bureau of Economic Research, Inc.
    23. Tridib Bandyopadhyay & Vijay Mookerjee, 0. "A model to analyze the challenge of using cyber insurance," Information Systems Frontiers, Springer, vol. 0, pages 1-25.
    24. Tyler Moore & Richard Clayton & Ross Anderson, 2009. "The Economics of Online Crime," Journal of Economic Perspectives, American Economic Association, vol. 23(3), pages 3-20, Summer.
    25. Sam Ransbotham & Sabyasachi Mitra, 2009. "Choice and Chance: A Conceptual Model of Paths to Information Security Compromise," Information Systems Research, INFORMS, vol. 20(1), pages 121-139, March.
    26. Philip J. Cook & John MacDonald, 2011. "Public Safety through Private Action: an Economic Assessment of BIDS," Economic Journal, Royal Economic Society, vol. 121(552), pages 445-462, May.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Buechel, Berno & Feess, Eberhard & Muehlheusser, Gerd, 2020. "Optimal law enforcement with sophisticated and naïve offenders," Journal of Economic Behavior & Organization, Elsevier, vol. 177(C), pages 836-857.
    2. Galiani, Sebastian & Jaitman, Laura & Weinschelbaum, Federico, 2020. "Crime and durable goods," Journal of Economic Behavior & Organization, Elsevier, vol. 173(C), pages 146-163.
    3. Buehler, Stefan & Nicolas Eschenbaum, 2018. "Explaining Escalating Fines and Prices: The Curse of Positive Selection," Economics Working Paper Series 1807, University of St. Gallen, School of Economics and Political Science.
    4. Mark Koyama, 2012. "Prosecution Associations in Industrial Revolution England: Private Providers of Public Goods?," The Journal of Legal Studies, University of Chicago Press, vol. 41(1), pages 95-130.
    5. Tim Friehe & Thomas J. Miceli, 2017. "On Punishment Severity and Crime Rates," American Law and Economics Review, American Law and Economics Association, vol. 19(2), pages 464-485.
    6. Nicolas Vaillant & François-Charles Wolff, 2010. "Does punishment of minor sexual offences deter rapes? Longitudinal evidence from France," European Journal of Law and Economics, Springer, vol. 30(1), pages 59-71, August.
    7. Mongrain, Steeve & Roberts, Joanne, 2009. "Plea bargaining with budgetary constraints," International Review of Law and Economics, Elsevier, vol. 29(1), pages 8-12, March.
    8. Roee Sarel, 2022. "Crime and punishment in times of pandemics," European Journal of Law and Economics, Springer, vol. 54(2), pages 155-186, October.
    9. Kjetil Telle, 2012. "Monitoring and enforcement of environmental regulations. Lessons from a natural field experiment in Norway," Discussion Papers 680, Statistics Norway, Research Department.
    10. Thomas J. Miceli, 2009. "Deterrence and Incapacitation Models of Criminal Punishment: Can the Twain Meet?," Working papers 2009-25, University of Connecticut, Department of Economics.
    11. Mungan, Murat C., 2017. "Reducing crime through expungements," Journal of Economic Behavior & Organization, Elsevier, vol. 137(C), pages 398-409.
    12. Telle, Kjetil, 2013. "Monitoring and enforcement of environmental regulations," Journal of Public Economics, Elsevier, vol. 99(C), pages 24-34.
    13. Aoki, Yu & Koutmeridis, Theodore, 2019. "Shaking Criminal Incentives," IZA Discussion Papers 12781, Institute of Labor Economics (IZA).
    14. Thomas J. Miceli & Murat C. Mungan, 2021. "The limit of law: factors influencing the decision to make harmful acts illegal," Economics of Governance, Springer, vol. 22(3), pages 293-307, September.
    15. Yu Aoki & Theodore Koutmeridis, 2019. "Shaking Criminal Incentives," Working Papers 2019-13, Business School - Economics, University of Glasgow.
    16. Isaac Ehrlich, 2010. "The Market Model of Crime: A Short Review and New Directions," Chapters, in: Bruce L. Benson & Paul R. Zimmerman (ed.), Handbook on the Economics of Crime, chapter 1, Edward Elgar Publishing.
    17. Thomas J. Miceli, 2021. "Should Offenders’ Gains Be Counted? On Efficient Crimes and Unjust Laws," Working papers 2021-02, University of Connecticut, Department of Economics.
    18. A. Mitchell Polinsky & Steven Shavell, 2009. "Public Enforcement of Law," Chapters, in: Nuno Garoupa (ed.), Criminal Law and Economics, chapter 1, Edward Elgar Publishing.
    19. Benjamin Monnery & Saïd Souam & Anna Montagutelli, 2021. "Economie du travail en prison : enjeux, résultats et recommandations," EconomiX Working Papers 2021-26, University of Paris Nanterre, EconomiX.
    20. Milo Bianchi & Paolo Buonanno & Paolo Pinotti, 2012. "Do Immigrants Cause Crime?," Journal of the European Economic Association, European Economic Association, vol. 10(6), pages 1318-1347, December.

    More about this item

    Keywords

    hacker; hacking; cybercrime; supply; demand; law enforcement;
    All these keywords.

    JEL classification:

    • K42 - Law and Economics - - Legal Procedure, the Legal System, and Illegal Behavior - - - Illegal Behavior and the Enforcement of Law

    NEP fields

    This paper has been announced in the following NEP Reports:

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:pra:mprapa:102706. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Joachim Winter (email available below). General contact details of provider: https://edirc.repec.org/data/vfmunde.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.