Publication

This paper discusses how to accurately measure trends in cyberspace security, arguing that the methods used in media accounts and many of the reports put out by IT security firms lead to misleading descriptions of such trends. The author contends that these accounts and reports often suggest that security in cyberspace is poor and getting worse, but that a reason for this is because they just focus on either the number of attacks or the year-on-year percentage increases in attacks. He suggests that to get an accurate picture of the state of cybersecurity, cybercrime statistics need to take into consideration the growing size of the Internet. He then tests this proposition and finds that such an approach indeed demonstrates that the security of cyberspace is in far better shape than commonly reported. Finally, he identifies the policy implications of his findings and offers policy recommendations on how to continue to improve IT security.