IDEAS home Printed from https://ideas.repec.org/p/pra/mprapa/102706.html
   My bibliography  Save this paper

The Economics of Hacking

Author

Listed:
  • Hui, Kai-Lung
  • Zhou, Jiali

Abstract

Hacking is becoming more common and dangerous. The challenge of dealing with hacking often comes from the fact that much of our wisdom about conventional crime cannot be directly applied to understand hacking behavior. Against this backdrop, this essay reviews hacking studies, with a focus on discussing the new features of cybercrime and how they affect the application of classical economic theory of crime in the cyberspace. Most findings of hacking studies can be interpreted with a parsimonious demand and supply framework. Hackers decide whether and how much to “supply” hacking by calculating the return on hacking over other opportunities. Defenders optimally tolerate some level of hacking risks because defense is costly. This tolerance can be interpreted as an indirect “demand” for hacking. Variations in law enforcement, hacking benefits, hacking costs, legal alternatives, private defense, and the dual use problem can variously affect the supply or demand for hacking, and in turn the equilibrium observation of hacking in the market. Overall, this essay suggests that the classical economic theory of crime remains a powerful framework to explain hacking behaviors. However, the application of this theory calls for considerations of different assumptions and driving forces, such as psychological motives and economies of scale in offenses, that are often less prevalent in conventional (offline) criminal behaviors, but that tend to underscore hacking in the cyberspace.

Suggested Citation

  • Hui, Kai-Lung & Zhou, Jiali, 2020. "The Economics of Hacking," MPRA Paper 102706, University Library of Munich, Germany.
  • Handle: RePEc:pra:mprapa:102706
    as

    Download full text from publisher

    File URL: https://mpra.ub.uni-muenchen.de/102706/1/MPRA_paper_102706.pdf
    File Function: original version
    Download Restriction: no

    File URL: https://mpra.ub.uni-muenchen.de/103047/1/MPRA_paper_103047.pdf
    File Function: revised version
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Raphael, Steven & Winter-Ember, Rudolf, 2001. "Identifying the Effect of Unemployment on Crime," Journal of Law and Economics, University of Chicago Press, vol. 44(1), pages 259-283, April.
    2. Arunabha Mukhopadhyay & Samir Chatterjee & Kallol K. Bagchi & Peteer J. Kirs & Girja K. Shukla, 2019. "Cyber Risk Assessment and Mitigation (CRAM) Framework Using Logit and Probit Models for Cyber Insurance," Information Systems Frontiers, Springer, vol. 21(5), pages 997-1018, October.
    3. Kai-Lung Hui & Ping Fan Ke & Yuxi Yao & Wei T. Yue, 2019. "Bilateral Liability-Based Contracts in Information Security Outsourcing," Information Systems Research, INFORMS, vol. 30(2), pages 411-429, June.
    4. Ashish Arora & Anand Nandkumar & Rahul Telang, 2006. "Does information security attack frequency increase with vulnerability disclosure? An empirical analysis," Information Systems Frontiers, Springer, vol. 8(5), pages 350-362, December.
    5. repec:eee:labchp:v:3:y:1999:i:pc:p:3529-3571 is not listed on IDEAS
    6. Amalia R. Miller & Catherine E. Tucker, 2011. "Encryption and the loss of patient data," Journal of Policy Analysis and Management, John Wiley & Sons, Ltd., vol. 30(3), pages 534-556, June.
    7. Polinsky, A. Mitchell & Shavell, Steven, 2007. "The Theory of Public Enforcement of Law," Handbook of Law and Economics, in: A. Mitchell Polinsky & Steven Shavell (ed.), Handbook of Law and Economics, edition 1, volume 1, chapter 6, pages 403-454, Elsevier.
    8. Chul Ho Lee & Xianjun Geng & Srinivasan Raghunathan, 2013. "Contracting Information Security in the Presence of Double Moral Hazard," Information Systems Research, INFORMS, vol. 24(2), pages 295-311, June.
    9. Ian Ayres & Steven D. Levitt, 1998. "Measuring Positive Externalities from Unobservable Victim Precaution: An Empirical Analysis of Lojack," The Quarterly Journal of Economics, Oxford University Press, vol. 113(1), pages 43-77.
    10. George J. Stigler, 1974. "The Optimum Enforcement of Laws," NBER Chapters, in: Essays in the Economics of Crime and Punishment, pages 55-67, National Bureau of Economic Research, Inc.
    11. Sasha Romanosky & Rahul Telang & Alessandro Acquisti, 2011. "Do data breach disclosure laws reduce identity theft?," Journal of Policy Analysis and Management, John Wiley & Sons, Ltd., vol. 30(2), pages 256-286, March.
    12. Justin M. Rao & David H. Reiley, 2012. "The Economics of Spam," Journal of Economic Perspectives, American Economic Association, vol. 26(3), pages 87-110, Summer.
    13. Kunreuther, Howard & Heal, Geoffrey, 2003. "Interdependent Security," Journal of Risk and Uncertainty, Springer, vol. 26(2-3), pages 231-249, March-May.
    14. Tyler Moore & Richard Clayton & Ross Anderson, 2009. "The Economics of Online Crime," Journal of Economic Perspectives, American Economic Association, vol. 23(3), pages 3-20, Summer.
    15. Sam Ransbotham & Sabyasachi Mitra, 2009. "Choice and Chance: A Conceptual Model of Paths to Information Security Compromise," Information Systems Research, INFORMS, vol. 20(1), pages 121-139, March.
    16. Sabyasachi Mitra & Sam Ransbotham, 2015. "Information Disclosure and the Diffusion of Information Security Attacks," Information Systems Research, INFORMS, vol. 26(3), pages 565-584, September.
    17. Isaac Ehrlich, 1996. "Crime, Punishment, and the Market for Offenses," Journal of Economic Perspectives, American Economic Association, vol. 10(1), pages 43-67, Winter.
    18. George A. Akerlof, 1970. "The Market for "Lemons": Quality Uncertainty and the Market Mechanism," The Quarterly Journal of Economics, Oxford University Press, vol. 84(3), pages 488-500.
    19. Freeman, Richard B., 1999. "The economics of crime," Handbook of Labor Economics, in: O. Ashenfelter & D. Card (ed.), Handbook of Labor Economics, edition 1, volume 3, chapter 52, pages 3529-3571, Elsevier.
    20. Philip J. Cook & John MacDonald, 2011. "Public Safety through Private Action: an Economic Assessment of BIDS," Economic Journal, Royal Economic Society, vol. 121(552), pages 445-462, May.
    21. Tridib Bandyopadhyay & Vijay Mookerjee, 2019. "A model to analyze the challenge of using cyber insurance," Information Systems Frontiers, Springer, vol. 21(2), pages 301-325, April.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Isaac Ehrlich, 2010. "The Market Model of Crime: A Short Review and New Directions," Chapters, in: Bruce L. Benson & Paul R. Zimmerman (ed.), Handbook on the Economics of Crime, chapter 1, Edward Elgar Publishing.
    2. Qian Tang & Andrew B. Whinston, 2020. "Do Reputational Sanctions Deter Negligence in Information Security Management? A Field Quasi‐Experiment," Production and Operations Management, Production and Operations Management Society, vol. 29(2), pages 410-427, February.
    3. Milo Bianchi & Paolo Buonanno & Paolo Pinotti, 2012. "Do Immigrants Cause Crime?," Journal of the European Economic Association, European Economic Association, vol. 10(6), pages 1318-1347, December.
    4. Kjell Hausken, 2017. "Security Investment, Hacking, and Information Sharing between Firms and between Hackers," Games, MDPI, Open Access Journal, vol. 8(2), pages 1-23, May.
    5. Piopiunik, Marc & Ruhose, Jens, 2017. "Immigration, regional conditions, and crime: Evidence from an allocation policy in Germany," European Economic Review, Elsevier, vol. 92(C), pages 258-282.
    6. Kjell Hausken, 2018. "Proactivity and Retroactivity of Firms and Information Sharing of Hackers," International Game Theory Review (IGTR), World Scientific Publishing Co. Pte. Ltd., vol. 20(01), pages 1-30, March.
    7. Mongrain, Steeve & Roberts, Joanne, 2009. "Plea bargaining with budgetary constraints," International Review of Law and Economics, Elsevier, vol. 29(1), pages 8-12, March.
    8. Denis Fougère & Francis Kramarz & Julien Pouget, 2009. "Youth Unemployment and Crime in France," Journal of the European Economic Association, MIT Press, vol. 7(5), pages 909-938, September.
    9. Paolo Buonanno, 2003. "The Socioeconomic Determinants of Crime. A Review of the Literature," Working Papers 63, University of Milano-Bicocca, Department of Economics, revised Nov 2003.
    10. Lam, Wing Man Wynne, 2014. "Ex Ante and Ex Post Investments in Cybersecurity," TSE Working Papers 14-519, Toulouse School of Economics (TSE).
    11. Salm, M. & Vollaard, B.A., 2014. "Individual Perceptions of Local Crime Risk," Other publications TiSEM 7d0519da-c827-4f5d-9b0a-5, Tilburg University, School of Economics and Management.
    12. Thomas A. Garrett & Lesli S. Ott, 2008. "City business cycles and crime," Working Papers 2008-026, Federal Reserve Bank of St. Louis.
    13. Ann Dryden Witte & Robert Witt, 2001. "What We Spend and What We Get: Public and Private Provision of Crime Prevention," NBER Working Papers 8204, National Bureau of Economic Research, Inc.
    14. Jens Ruhose, 2015. "Microeconometric Analyses on Economic Consequences of Selective Migration," ifo Beiträge zur Wirtschaftsforschung, ifo Institute - Leibniz Institute for Economic Research at the University of Munich, number 61, December.
    15. Bruno S. Frey, 2009. "Punishment - and beyond," CESifo Working Paper Series 2706, CESifo.
    16. Kjell Hausken, 2017. "Information Sharing Among Cyber Hackers in Successive Attacks," International Game Theory Review (IGTR), World Scientific Publishing Co. Pte. Ltd., vol. 19(02), pages 1-33, June.
    17. Bruno S. Frey, 2011. "Punishment – and Beyond," Contemporary Economics, University of Economics and Human Sciences in Warsaw., vol. 5(2), June.
    18. Aaron Chalfin & Benjamin Hansen & Jason Lerner & Lucie Parker, 2019. "Reducing Crime Through Environmental Design: Evidence from a Randomized Experiment of Street Lighting in New York City," NBER Working Papers 25798, National Bureau of Economic Research, Inc.
    19. GholamReza Keshavarz Haddad & Hamed Markazi Moghadam, 2011. "The socioeconomic and demographic determinants of crime in Iran (a regional panel study)," European Journal of Law and Economics, Springer, vol. 32(1), pages 99-114, August.
    20. Lam, W., 2015. "Attack-Deterring and Damage-Control Investments in Cybersecurity," LIDAM Discussion Papers CORE 2015023, Université catholique de Louvain, Center for Operations Research and Econometrics (CORE).

    More about this item

    Keywords

    hacker; hacking; cybercrime; supply; demand; law enforcement;
    All these keywords.

    JEL classification:

    • K42 - Law and Economics - - Legal Procedure, the Legal System, and Illegal Behavior - - - Illegal Behavior and the Enforcement of Law

    NEP fields

    This paper has been announced in the following NEP Reports:

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:pra:mprapa:102706. See general information about how to correct material in RePEc.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: (Joachim Winter). General contact details of provider: https://edirc.repec.org/data/vfmunde.html .

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service hosted by the Research Division of the Federal Reserve Bank of St. Louis . RePEc uses bibliographic data supplied by the respective publishers.