China's digital shadows: unveiling the economic toll of cybercrime

In the digital age, China, a leader in technology and the digital economy, faces significant challenges from cybercrime, which impacts its economic stability and growth. Our study examines the complex effects of cybercrime on China's economic growth, focusing on the interplay between digital progress and vulnerability to cyber threats. As China's economy benefits from rapid digitalization, it also faces risks from cyber threats that compromise business functionality, consumer trust, and overall economic performance. With the largest internet user base globally, China is a prime target for cybercriminals, heightening the economic risks associated with cyber threats. Prior research highlights that cybercrime leads to financial losses, disrupts supply chains, and diminishes consumer trust, all of which adversely affect economic growth. Conversely, investments in cybersecurity can mitigate these negative impacts and drive innovation. As a result, this study investigates how cybercrime affects economic growth across China's provinces from 2005 to 2022. By employing a comprehensive empirical model integrating provincial and annual fixed effects, we aim to quantify the negative impact of cybercrime on economic growth and explore regional disparities in these effects. The study enhances understanding by applying generalized method of moments (GMM) to address dynamic panel issues and potential endogeneity, incorporating province- and year-fixed effects to capture regional heterogeneity. An exploratory heterogeneity test reveals distinct regional impacts, underscoring the need for region-specific cybersecurity policies. The analysis spans 2005–2022, adding a temporal perspective to evolving cybercrime trends. The paper proceeds with a literature review, a theoretical model and methodology, results and discussion, and concludes with implications and future research directions.

The literature largely finds that cybercrime negatively affects economic growth, though mechanisms differ. Studies show cybercrime erodes resources by reducing consumer confidence and corporate investment, and mitigation costs divert funds from productive uses. Some work suggests cybersecurity spending can stimulate the information security sector, creating a paradox where affected sectors suffer while cybersecurity industries benefit; however, opportunity costs and potential misallocation temper overly optimistic views. Empirical studies report negative impacts on GDP growth, while theoretical contributions argue cybercrime undermines the digital economy and stifles innovation. Societal and institutional responses—regulation, public awareness, and public–private collaboration—can bolster trust and resilience. Beyond cybercrime, growth is shaped by labor and capital inputs, technological innovation, education, and internet penetration. Labor and capital interact synergistically to raise productivity; technological innovation amplifies the productivity of both, potentially driving rapid growth; education improves labor quality and human capital; and internet penetration facilitates information exchange and reduces transaction costs, though its benefits can be uneven due to digital divides. Synthesizing these strands indicates that comprehensive policy frameworks should enhance productivity, innovation, education, and equitable digital access while countering cybercrime. This study integrates these perspectives, highlighting the dual nature of cybersecurity investments, the interactions among key growth drivers, and the role of societal engagement and public–private partnerships in mitigating cybercrime’s impacts.

The study builds on an augmented Cobb–Douglas production framework to embed cybercrime as a detractive factor in the production process. Starting from a production function with labor and capital inputs and total factor productivity (A), cybercrime enters as a factor that diminishes efficiency. Under constant returns to scale, the model is log-linearized to yield a panel regression of the form: growth_it = α + γ·crime_it + a·labor_it + β·capital_it + δ·innovation_it + θ·education_it + ξ·internet_it + μ_i + η_t + ε_it, where growth is provincial real GDP (log), crime is the number of cybercrime cases (log), labor is the employment-to-population ratio, capital is gross capital formation (log), innovation is patent applications (log), education is education expenditure (log), internet is internet penetration rate, μ_i are province fixed effects, and η_t are year fixed effects. The key coefficient of interest is γ: γ < 0 indicates a detrimental effect of cybercrime on growth. Data cover 28 Chinese provinces from 2005 to 2022, sourced from National Bureau of Statistics Data Center, Provincial Statistical Yearbooks, China Procuratorial Yearbook, China Legal Yearbook, China Communications Yearbook, China Population and Employment Statistics Yearbook, China Internet Development Status Statistical Report, and annual reports from provincial People’s Procuratorates. Variable definitions are standardized across sources; core variables are expressed in logs where appropriate. Estimation proceeds in several steps: (1) Descriptive and correlation analysis to assess pairwise relationships among variables. (2) Baseline fixed-effects panel regressions with province and year fixed effects. A Hausman test (χ² = 26.953) supports fixed-effects over random-effects specifications. (3) Robustness via dynamic panel system-GMM to address potential endogeneity (reverse causality and omitted time-varying factors) and measurement error. The approach uses lagged levels and differences as internal instruments, assumes no second-order serial correlation in idiosyncratic errors, and tests instrument validity with Hansen J and difference-in-Hansen tests. To avoid instrument proliferation, the instrument set is collapsed and limited lags are used (Roodman, 2009). (4) Regional heterogeneity analysis by estimating separate fixed-effects models for eastern, central, and western regions to capture differential impacts of cybercrime by development and digitalization levels. Inference relies on robust t-statistics; model fit and specification are assessed via F-tests, AR(1)/AR(2) tests (for GMM), and Hansen tests.

• Correlation analysis indicates cybercrime is negatively associated with economic growth, while growth is positively correlated with labor, capital, innovation, education, and internet penetration. Notable pairwise correlations include: crime–growth = −0.332 (significant), labor–growth = 0.586 (1%), capital–growth = 0.529 (1%), innovation–growth = 0.446 (1%). • Baseline fixed-effects results (Model 3) show a statistically significant negative impact of cybercrime on growth: a 1% increase in cybercrime is associated with a 0.019% decline in economic growth (t ≈ −2.174). Key controls are positive and significant: labor (0.575%), capital (0.377%), innovation (0.169%), education (0.202%), and internet penetration (0.082%) elasticities per 1% increase in each variable. The Hausman test supports the FE model (χ² = 26.953). • Robustness via system-GMM confirms the main result: lagged growth is positive (growth_{t−1} = 0.216, 1%), cybercrime remains negative and significant (−0.016, 1%–5%). Diagnostic tests support validity: AR(2) is non-significant, Hansen J is non-significant, and the difference-in-Hansen test indicates instrument orthogonality; instrument count is controlled via collapsing. • Regional heterogeneity: the negative effect of cybercrime is strongest in the eastern region (−0.034, 5%), followed by the central region (−0.017, 5%), and weakest in the western region (−0.011, 10%). This gradient aligns with higher digitalization and exposure in the east. • Overall, findings validate Hypothesis 1 (cybercrime harms economic growth) and Hypothesis 2 (significant regional variation), while reaffirming the positive roles of labor, capital, innovation, education, and internet penetration in China’s provincial growth.

The results directly address the research question by quantifying the macroeconomic cost of cybercrime across Chinese provinces and demonstrating that cybercrime significantly depresses economic growth even after controlling for labor, capital, innovation, education, and internet penetration, and after addressing endogeneity via system-GMM. Mechanistically, the findings are consistent with channels documented in prior work: direct financial losses, diversion of resources to cybersecurity, supply chain disruptions, and erosion of consumer trust. The positive contributions of labor and capital reflect China’s established growth drivers, while innovation, education, and internet penetration enhance productivity and market efficiency, though their benefits can vary across sectors and regions. The pronounced regional gradient—east > central > west—suggests exposure and dependence on digital infrastructure intensify vulnerability to cybercrime’s economic effects. The eastern region’s advanced digital economy, concentration of tech and finance, and higher internet penetration likely enlarge attack surfaces and amplify losses, while the western region’s lower digital intensity reduces immediate exposure but underscores the need for proactive capacity building as digitalization deepens. Robustness checks confirm that results are not driven by model specification or endogeneity concerns, reinforcing the credibility of the causal interpretation. Collectively, the evidence underscores the importance of tailoring cybersecurity policy to regional economic and digital contexts, coordinating public–private responses, and complementing cyber defenses with investments in human capital and institutional trust to mitigate growth headwinds from cybercrime.

Analyzing 28 Chinese provinces from 2005 to 2022, the study finds that cybercrime significantly hinders economic growth. Fixed-effects estimates indicate that increases in cybercrime reduce growth, and system-GMM robustness checks corroborate the negative effect after accounting for dynamics and endogeneity. Positive associations of labor, capital, innovation, education, and internet penetration with growth are confirmed. Regional heterogeneity reveals the largest adverse effect in the eastern region, then central, then western, motivating differentiated policy responses. Policy recommendations include: region-specific cybersecurity strategies aligned with local digital infrastructures; strengthened government–industry collaboration to develop and deploy cybersecurity solutions; enhanced public and business cyber awareness and training tailored to regional needs; and adaptive legal and regulatory frameworks with stronger domestic and international enforcement cooperation. These steps can mitigate cybercrime’s economic toll and support resilient digital growth. Future research should pursue finer-grained analyses within regions, track the evolving effectiveness of cybersecurity initiatives over time, improve measurement of cyber incidents beyond reported cases, and incorporate socio-economic and cultural determinants to refine policy design.

• Aggregation at the regional and provincial levels may mask intra-regional and local heterogeneity in cyber risk exposure, cybersecurity practices, and digital infrastructure maturity. • The study does not dynamically track the evolution and effectiveness of specific cybersecurity measures over time, potentially omitting time-varying defensive responses. • Reliance on reported cybercrime cases may introduce detection and reporting biases that vary across provinces and over time. • Potential socio-economic and cultural factors influencing both cybercrime prevalence and its economic impact are not explicitly modeled, limiting contextual nuance. • While system-GMM addresses endogeneity concerns, results remain contingent on instrument validity and standard assumptions (no second-order serial correlation, weak exogeneity of controls).