Until we make the Internet secure, cyber criminals will continue to pull off high-value, low-risk offenses For cyber criminals, the idiom “crime doesn’t pay” is laughable. Internet crime is worse than ever, and the reasons are clear: It’s highly lucrative and far less risky than, say, an old-fashioned bank heist. Until we take the necessary steps to increase the risk and lower the value of cyber crimes, we won’t be able to stop them.To fully appreciate the risks and rewards of cyber crimes versus traditional crimes, consider the following statistics from the FBI: In 2010, bank robbers pulled off 5,628 heists and ran off with $43 million. (These numbers held steady in the first and second quarters of 2011.) The average robbery netted $7,643.[ Learn why Roger A. Grimes deemed 2011 as the year of the cyber criminal. | Stay up to date on the latest security developments with InfoWorld’s Security Central newsletter. ]Further, the loot was recovered in 22 percent of cases. Often, the thieves wielded guns, so when caught, they faced long mandatory jail times. Injuries, death, and hostage situations occurred, though they constitute the minority of cases. I’m not an expert on how well U.S. bank robbers do as compared to non-U.S. counterparts, but let’s assume roughly the same stats apply. Overall, physical bank robberies are high risk. Except in rare cases, you won’t strike it rich as a criminal, and you have a strong chance of getting caught and sentenced to jail.Let’s compare that to Internet crime statistics. Per an FBI 2011 report, 300,000 people were victimized over the Internet to the tune of $1.1 billion. Although that averages out to only $3,666 per victim, the typical Internet hacker commits thousands to hundreds of thousands of these crimes and almost never gets caught. Those who get nabbed are unlikely to spend any time in jail, and when they do, they’ll probably serve, at most, a few years in a low-security facility. In contrast, identity thieves almost never get caught. For instance, from 2003 to 2006 (the years for which I can find trend data), the FBI was able to arrest between only 1,200 and 1,600 identity thieves, and about a third of those cases resulted in convictions, much less jail time. To put this in further perspective, these crimes affected 8.3 million victims, nearly 4 percent of the entire U.S. adult population. This means that one identity thief was convicted for every 20,750 victims.The conviction rate in 2010 was even worse. According to FBI’s 2010 Internet Crime Report, from 303,809 complaints, 1,420 prepared criminal cases resulted in a mere six convictions. That’s one jailed cyber criminal for every 50,635 victims, and these are just the cases significant enough to be reported to the FBI.To sum up: Rob a bank and face a one-in-four or one-in-five chance of doing hard time. Steal someone’s identity and your odds of being caught are almost infinitesimal. Consider, too, that identity theft comprises only 9.8 percent of all Internet crime, not including the likes of intellectual property theft. Factor in all Internet crime, and the numbers are likely to be far, far worse — which is saying a lot.I don’t blame the FBI nor any other law enforcement agency. Discovering and prosecuting cyber crimes is possibly harder than any other area of law enforcement. Rules of evidence requirements, as well as cross-national boundaries, make Internet crime especially difficult to track and prosecute.As I’ve preached time and again in this blog, we can fight Internet crime by making the Internet significantly safer. We have the protocols and the tools to make it harder for online crime to exist. We just have to decide to deploy them.This story, “Why Internet crime goes unpunished,” was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes’s Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter. Related content analysis The 5 types of cyber attack you're most likely to face Don't be distracted by the exploit of the week. Invest your time and money defending against the threats you're apt to confront By Roger Grimes Aug 21, 2017 7 mins Phishing Malware Social Engineering analysis 'Jump boxes' and SAWs improve security, if you set them up right Organizations consistently and reliably using one or both of these approaches have far less risk than those that do not. By Roger Grimes Jul 26, 2017 13 mins Authentication Access Control Data and Information Security analysis Attention, 'red team' hackers: Stay on target You hire elite hackers to break your defenses and expose vulnerabilities -- not to be distracted by the pursuit of obscure flaws By Roger Grimes Dec 08, 2015 4 mins Hacking Data and Information Security Network Security analysis 4 do's and don'ts for safer holiday computing It's the season for scams, hacks, and malware attacks. But contrary to what you've heard, you can avoid being a victim pretty easily By Roger Grimes Dec 01, 2015 4 mins Phishing Malware Patch Management Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe