"European broadband providers are bearing massive cost burdens in order to minimise the impact of worm attacks on residential subscribers, according to new research from Sandvine Incorporated... Working from metrics derived from European customers and selected industry sources, Sandvine has calculated that worm attacks - small and large - will cost the European service provider sector more than EUR 123 million in 2004 and EUR 159 in 2005. Metrics include the cost of specialised tactical response teams, swamping of customer support resources, inflated transit costs and [increases in] customer churn... On any given day, between 5 and 12 per cent of all Internet traffic moving across European ISP networks is malicious... For more on the study, download Sandvine's just-released white paper 'Worms gobbling ISP profits: The financial impact of attack traffic on European service provider networks'..."
UPDATE: An essay by Steven E. Landsburg, posted on MSN's Slate yesterday, carries this argument to a logical extreme: "If we execute murderers, why don't we execute the people who write computer worms? It would probably be a better investment. Let's do the math. What do we get out of executing a murderer? Deterrence. A high-end estimate is that each execution deters about 10 murders... That's 10 lives saved, with a value—again a high-end estimate—of about $10 million apiece.... Compare that to the benefit of executing the author of a computer worm, virus, or Trojan. There seems to be no good name for such people, so I'll make one up—at least until some reader sends in a better suggestion, I'll call them vermiscripters..." [etc.]