The Impact of Cryptocurrency on Cybersecurity

Cryptocurrencies have prompted a shift away from classic security attacks toward ransomware-based extortion. To better understand the impact of cryptocurrencies on the cybersecurity landscape, we conduct a comparative analysis of cybersecurity metrics prior to and after the adoption of cryptocurrency using a series of connected software-use models in the presence of security externalities. In this framework, we endogenize the actions of both heterogeneous consumers and attackers, with entry of the latter being driven by both the size of the unpatched consumer population and, as a subset of it, the size of the ransom-paying consumer population. We first examine users’ adoption and patching behavior under both security scenarios. We explore how changes in attacker entry costs impact outcomes under both conventional and post-crypto ransomware threat landscapes. We show that ransomware scenarios may be more desirable than conventional ones when attacker entry costs are low, provided that the gains from entering with standard attacks under the ransomware scenario are not too high. However, under such scenarios, social welfare can increase under the same conditions that lead to larger ransoms being demanded and a higher expected total ransom being paid, which presents a conundrum to policymakers. We also examine the impact of market parameters associated with security losses from conventional attacks and residual losses when victims pay in ransomware attacks. This paper was accepted by Kay Giesecke, finance. Funding: This work was partially supported by Insung Research Grant of KUBS, the LG Yonam Foundation (of Korea), and an award from the Georgia Institute of Technology Center of International Business Education and Research as part of its funded research program. Supplemental Material: The online appendices are available at https://doi.org/10.1287/mnsc.2023.00969 .