- Browse/Search the Program
Search
Browse By Day
Browse By Time
Browse By Person
Browse By Policy Area
Browse By Session Type
Browse By Keyword
Program Calendar
- Navigation and Settings Menu
Personal Schedule
Sign In
- Information Menu
Search Tips
Did the Budapest Convention Deter Cybercrime? An Event Study Using a Panel of Countries.
Thursday, November 13, 1:45 to 3:15pm, Property: Hyatt Regency Seattle, Floor: 7th Floor, Room: 708 - Sol DucAbstract
This study reassesses the deterrent effect of the Budapest Convention on Cybercrime, the primary international treaty governing cybercrime enforcement and cooperation. Using a staggered event-study design with country-level panel data, we estimate the causal impact of treaty ratification on national exposure to cyberattacks. In this updated version of the paper, we introduce a new data source: victim-level metadata on randomly spoofed denial-of-service (RSDoS) attacks from the Center for Applied Internet Data Analysis (CAIDA). This dataset captures unsolicited traffic targeting unused IP space and provides a rare empirical window into attack behavior that is typically invisible in self-reported or secondary sources.
Across four datasets, spanning state-sponsored attacks, dyadic cyber incidents, ransomware campaigns, and unsolicited backscatter traffic, we find no evidence that ratification of the Budapest Convention produces a deterrent effect. In several specifications, the estimated impact is slightly positive, suggesting a possible signaling or strategic adaptation effect. We test several mechanisms to explain the absence of deterrence and find strong evidence pointing to structural constraints: limited investment in cybersecurity infrastructure, coordination failures across agencies and borders, and a persistent shortage of trained cybersecurity professionals. The findings highlight the limits of international law when unaccompanied by state capacity. In short, treaties alone are unlikely to shift the cost-benefit calculus of cybercriminals. Policymakers should prioritize capacity-building, institutional cooperation, and talent development as foundational components of cybercrime deterrence.
Keywords: Cybersecurity, Cybercrime, the Budapest Convention on Cybercrime, Event Study