Skip to main content

Eric Jardine is a CIGI research fellow, contributing to the Global Security & Politics program's work on Internet governance. Follow him on Twitter @ehljardine.

Another day, another hack. It seems like every time we read the news, we hear of another mega breach compromising the records of millions of people. In 2013, Target was hacked, resulting in the theft of private information on 110 million shoppers. In early 2014, it was eBay that was targeted, leading to the compromise of all 145 million active account holders. In 2015, it was the U.S. Office of Personnel Management, with initial estimates placing the number of compromised records at more than four million and later estimates indicating that upwards of 18 to 21.5 million current and former federal government employees could have been affected. The list is seemingly endless.

Cyberspace seems to be a dangerous place indeed, and seems to be getting far worse by the day. This notion is reaffirmed each year by cybersecurity reports from IT security firms like Norton Symantec or Kaspersky Labs. Meanwhile, the media readily piles on; sensationalizing the occurrence of cybercrime and parroting the numbers produced by IT security experts.

Story continues below advertisement

Yet, in reality, we have only a partial – and at that a fairly poor – picture of how secure cyberspace truly is. The problem with our perceptions is that while cybercrime is certainly going up, cyberspace itself is getting bigger. And, just as we would expect more crime in a large city compared to a small village, we would expect more crime in a large and active cyberspace than in a small and inactive online environment.

Let's unpack the problem a bit. Right now, how the numbers on cybercrime are typically presented is misleading. Sometimes, the numbers get expressed in absolute terms, something like there were 1,000 cyberattacks in 2013 and there were 1,500 attacks in 2014. Other times, these same numbers are expressed as a year-over-year percentage change, where there was, for example, 50 per cent more attacks in 2014 than in 2013. In both cases, the security of cyberspace seems to be getting worse.

These numbers are not wrong, but they are misleading. Picture a small town of 1,000 people, where there are 100 crimes a year. Now imagine a city of 100,000 with 1,000 crimes per year. In which would you rather live?

With ten times the amount of crime as the town, the city seems pretty dangerous. But, let's be real for a moment. What most of us care about in the first instance is not necessary how much crime there is overall, but how likely it is that we will be personally affected by a burglary, assault, murder or what have you. Framed in these terms, the city is actually ten times safer than the town. The same principle applies in cyberspace.

Only when we take the numbers on the occurrence of cybercrime and normalize them around the growing size of the online environment do we obtain a reasonable picture of the actual security of cyberspace. In a recently published paper entitled, "Global Cyberspace is Safer than You Think: Real Trends in Cybercrime," I gathered data on the vectors of cyberattacks, the volume of cybercrime and the cost of data breaches. I also collected data on the size of cyberspace, including the number of Internet users and websites, the volume of web traffic (both mobile and otherwise) and estimates for the Internet's contribution to global GDP.

What I found was that the absolute numbers consistently paint a far worse picture of the security of cyberspace when compared to the normalized figures. More than 30 comparisons of the two trends point to three ways that the absolute numbers are misleading.

The bottom line is that when the growing size of cyberspace is factored into the equation, security in the ether of cyberspace is actually better than is commonly reported in IT security reports and in the media.

Story continues below advertisement

I would certainly not recommend throwing caution to the wind. Internet users should continue to exercise good digital hygiene (changing passwords regularly, avoiding suspicious attachments and links). But society needs to avoid overreacting to false impressions about how bad cyberspace has become.

That cyberspace is more secure than is commonly thought is crucially important for public policy. "In politics," wrote Samuel Taylor Coleridge, "what begins in fear usually ends in folly." Let us avoid harsh and short-sighted policies, driven by fear, which could inadvertently break the Internet, and more clearly recognize the situation for what it is.

Report an error
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

Cannabis pro newsletter